washingtonpost.com  > Technology > Special Reports > Spam

Spammers' New Strategy

Unsolicited E-Mail Sent Using ISP Computers

By Jonathan Krim
Washington Post Staff Writer
Friday, February 4, 2005; Page E01

An advanced spamming technique could push the volume of unwanted e-mail to new heights in coming months, straining the integrity of the online communication system, according to several top experts who monitor the activity of spam gangs around the world.

Illegal bulk-mailers have been able to deploy massive blasts of spam by routing it through the computers of their Internet service providers, rather than sending it directly from individual machines, the experts said.

_____Spam In The News_____
E-Mail-Address Thief Pleads Guilty (The Washington Post, Feb 5, 2005)
Verizon's Spam Policy Criticized (The Washington Post, Jan 19, 2005)
A Year After Legislation, Spam Still Widespread (The Washington Post, Jan 4, 2005)
More Spam News

The result is that "blacklists" of known spamming computers -- which other network operators rely upon to block mail from those machines -- are no longer effective. To block spam coming directly from an ISP's computers, all mail from that ISP would be have to be blocked, which would cripple electronic communication.

"From what we've seen, the volumes of this type of spam are going up dramatically," said Steve Linford, who heads the Spamhaus Project, the world's leading anti-spam organization. "We're really looking at a bleak thing" if ISPs don't quickly employ countermeasures, he said.

Linford added that based on monitoring of spammers' online discussion forums, the new trick is rapidly being adopted by the world's most prolific spammers.

Carl Hutzler, director of anti-spam operations at America Online, said he began seeing increases in spam traffic coming directly from other ISP mail servers in the fall of 2003. Now, he said, 95 percent of all spam aimed at AOL's 29 million worldwide members is coming directly from ISP computers.

Hutzler said he has been warning industry counterparts about the problem and has made AOL's technical solutions available online. Most critically, Linford and Hutzler said, ISPs must be more aggressive in monitoring and limiting how much mail is being sent from individual machines on their networks, since that is where the spam originates.

"We're trying to get the word out," Hutzler said, "but we're not sure that people have taken us that seriously."

The new method of attack reflects the evolving sophistication and efficiency of top spamming groups, a community of people who support each other by trading intelligence, products and services.

Spammers long ago stopped using their own machines to send spam. Instead, they rely on malicious code placed on consumers' machines via viruses or spyware that turn them into unwitting "zombies" remotely controlled by spammers.

CONTINUED    1 2    Next >

© 2005 The Washington Post Company