Spammers' ISP attacks 'all hype and bluster'

Security vendors have accused anti-spam experts at Spamhaus of hyping a trick that allows spammers to take advantage of internet service providers' mail servers.

Earlier this week Steve Linford, director of Spamhaus, warned that email infrastructures were on the verge of collapse because a new worm is forcing zombie computers to relay spam via ISPs' mail servers. This, Linford said, is a huge problem because including ISP domain names in spam blacklists would cause a huge proportion of legitimate mail to be blocked.

But vendors, who also claim to be able to solve the problem with their products, have attacked Linford over his comments.

François Bourdeau, director of marketing for Vircom, said: "I find this to be not very accurate. Although the zombie drone problem is very serious, there are solutions out there for ISPs that will minimise the effects of zombie PCs sending out tons of spam."

"There are technological solutions to the problem, but ISPs need to take responsibility and use solutions to prevent the problem from becoming overwhelming," Bourdeau added.

Managed email filtering firm Postini also released a statement criticising Linford. "Postini believes that SpamHaus is badly overreacting to the recent news that some spam zombies now relay spam through ISP email gateways rather then sending the spam directly to receiving mail servers. The notion that this makes spam undetectable is completely unfounded."

Spamhaus is a non-profit organisation that tracks spam gangs on the internet. It works closely with police forces and is involved in various governmental anti-spam projects around the world. Linford said on Friday that many ISPs had contacted him about the problem asking for advice, and reiterated his concerns.

"This has already done damage," said Linford. "Large email companies can't tell you they are under pressure. They can't say anything to the press because people would question the resources to handle email. We don't see this as hype.

"There are certainly ways to prevent this. We're just saying to do it quickly. The ISPs have said this is something they know about. Most vendors would say 'yes, yes, if you use our products, you can get rid of the problem'. But it's not effective just to buy products," Linford insisted.

Linford added that AOL was the first ISP to report an increase in spam, several months ago, caused by this trick. UK ISPs, such as BT and Thus, have declined to comment on the matter.

One email filtering firm, MessageLabs, confirmed to silicon.com last week that it is seeing this attack taking place already, but gave no indication of numbers.

Some of the largest US internet providers have acknowledged that the issue is a problem, although they insist that email was not at the point of meltdown. Many ISPs have blocked open relay ports, such as port 25, to shut out spammers from disseminating messages from home-operated servers. The block has helped some broadband ISPs limit the output of zombie spam, and some have noticed the new form of malware taking shape.

Earthlink, which runs both a dial-up and a broadband service, said it has noticed a gradual increase in spam volume coming from its legitimate mail servers since the beginning of 2004. The company claims it has implemented safeguards, such as authenticated SMTP servers and re-routing of legitimate email, to cut down the flow.

Trip Cox, Earthlink's chief technology officer, said: "Overall we've been able to greatly reduce the amount of spam from our network by routing activities and applying chokepoints." Cox added that the measures have reduced spam from 30 per cent of the ISP's total email volume to two per cent.

Dan Ilett writes for ZDNet UK. CNET News.com's Jim Hu contributed to this report.