That and other tactics have allowed spammers to circumvent many technical measures taken by network operators to thwart them, and they have all but ignored federal and state laws that prohibit their activities.
Mark Sunner, chief technology officer of MessageLabs Inc., an anti-spam software company, said that the use of multiple zombies on the networks of large Internet service providers allows spammers to spread out the amount of mail sent by any one computer, helping them to fly under the radar of ISP limits.
Some ISPs have been able to make dents in the amount of spam reaching the inboxes of computer users, but spam traffic over the Internet continues to rise and to exact steep costs on network operators, businesses and consumers.
In a study released yesterday, market research firm Rockbridge Associates Inc. and the Center for Excellence in Service at the University of Maryland Robert H. Smith School of Business estimated that deleting spam alone costs nearly $22 billion a year in lost productivity. The study, based on a survey of 1,000 adults, said the 78 percent who said they receive spam spend an average of three minutes deleting it each day they check their e-mail.
What alarms Linford and others about the latest spam offensive is that it strikes at the heart of the blacklist system, a baseline of defense for virtually all network operators. E-mail filters help to segregate good e-mail from bad, but blacklists that identify the Internet addresses of spamming machines keep large amounts of spam off networks and force spammers to find new launchpads.
Linford said that in addition to imposing more aggressive limits on mail sent from individual machines, ISPs should do more to authenticate the mail they pass on through their own computers.
He said many U.S. ISPs have not improved their anti-spam enforcement.
For example, he said, the spammers' latest trick is contained in software called Send-Safe.
According to Internet registration records, the site is registered to a Florida company and is hosted on the Web by UUNet Technologies, a division of MCI Inc.
Linford said his group has repeatedly asked MCI to remove the Send-Safe site, arguing that the software is a prime spamming tool, developed by a notorious spammer.
Timothy Vogel, who heads MCI's legal team for technology issues, said that UUNet does not host the site but instead leases the Internet address to a company that in turn hosts Send-Safe's Web site.
More important, he said, MCI does not want to censor Internet content. If MCI had evidence that the Send-Safe company was spamming, that would violate MCI policy.
But merely advertising its product is a form of speech that should not be censored, Vogel said.