The following article appears as one in
a series of articles on spam included in this and upcoming issues of Information Executive.
Due Diligence in
Selecting an Internet Service Provider for your Company
By Charles Oriez
The company name referred to in the
following article has been replaced with [company] to
protect the integrity of its employees.
|
Subject: Re:
Emails blocked because [company] hosts my sites From:
darkstar@shell1.iglou.com (Keenan Clay Wilkie) Newsgroups:
news.admin.net-abuse.email reelfish@vyanet.com
(Reel Fish) writes: >My business
emails are blocked because [company] (on the [company] >network) hosts
my Web sites. Is there anything I can do besides moving >my sites? I have 7 sites. I DO NOT send any spam. I hate spam. It >wastes my time
and now dealing with this is wasting more.
I don't >even have an
opt in/out mailing list because I hate to be on them >myself. The problem is
that [company] has made it very, very clear that they are openly tolerant of
criminal activity amongst their customers -- and that they may even encourage
criminal behavior. Rather than go to
the trouble of sorting out just who at [company] is and is not a criminal
customer, most people find it much easier to just block all of
[company]. This is useful because it
prevents [company] from moving around their criminals to non-blocked IP
addresses and it encourages legitimate businesses, such as yours, to move to
more respectable companies and thus deprive [company] of further income. You should get
away from [company]. Far, far away
from [company]. They've proven that
they don't care that their customers break the law, and you don't want that
taint upon you. |
Has this happened to
you? You go with the cut-rate ISP for
your connectivity, and you find out that the reason they are so inexpensive is
that their tolerance of spammers on their network has caused them to be blocked
by half the world. Yes, your email is
cheap, but it is also undeliverable in many cases. That translates into lost customers, lost
orders, and lost revenues.
This is not idle
speculation about something that has seldom happened before. Mile High AITP email via Yahoo Groups
regularly fails to reach one chapter activist because her company has decided
that there is too much spam coming from Yahoo Groups. An AITP leader in
Don't expect that you'll
have legal recourse against the blacklist operators. They have as much right to express their
opinion that a particular ISP is not responsive to complaints as Consumer
Reports has a right to criticize the repair record on a given car, or Roger
Ebert has to say that a particular movie lacks plot, characters, or artistic
merit. If that bad review causes an ISP
to refuse your mail or causes you to skip the particular movie, that's the
penalty for bad reviews.
There is also
another reason to perform due diligence before choosing an ISP. I have discussed spam-related litigation
elsewhere in this series of articles.
Some employees have begun to sue employers for sexual harassment when
the employers fail to make reasonable efforts to block porn spam from reaching
their desktops. ISPs that harbor
spammers also tend, in my experience, to have a poor track record at anti-spam
filtering. Ask your attorneys about your
potential liability if employees complain about the porn spam showing up on
their desktops and you are unable or unwilling to take reasonable steps to
block it.
You can avoid or at
least limit the problem if you perform your due diligence a little better
before signing the connectivity contract.
Performing that due diligence really isn't as hard as it seems since
there are a lot of people out there willing to let you know whether the ISP
that you are about to do business with wears a white hat or a black hat.
First, identify who
your proposed ISP gets their backbone connectivity from. You may not personally be signing a contract
with the backbone provider, but you may be signing a contract with someone
downstream of that provider. When they
get blocked, their downstreams get blocked and you get blocked.
The next step is to
visit spamhaus.org, a
Another good source
of information is the Spam Prevention Early Warning System, or SPEWS. SPEWS runs a series of spam traps (addresses
designed solely to attract spam and never used for legitimate
communications). Spam comes in. Complaints go out. If the ISP fails to cancel the spammer's
connectivity, the ISP gets listed in SPEWS.
First, the specific mail server is listed, then larger and larger parts
of the ISP's net space get listed.
Eventually, the listing gets broad enough that the ISP decides to start
paying attention to spam complaints. A
visit to spews.org can quickly show you whether your prospective ISP is on that
list, and why.
There are global
query engines which check all or most of the 400 or so free anti-spam databases
to see which, if any, contain the IP address or range that you are interested
in. The best are moensted.dk in
All of the global anti-spam lists use the IP Address, not the domain name, to
block traffic from spammers. This is
because domain names in from addresses are trivially easy to forge, while IP
Addresses in received headers generally are not.
Just because your
potential IP address is on blacklists doesn't mean that you should absolutely
avoid that ISP. You need to evaluate the
number of lists that this IPA is on, and how widely used those lists are. If your proposed IPA appears for instance on
SPEWS, Spamhaus, and Fiveten already, not only should you avoid that ISP, but
you should probably have security frisk their sales rep on his way out your
door to make sure he hasn't stolen office supplies. If your IPA only appears on the XBL and
NERD-US, you can probably ignore the listing.
In fact, any IPA in the
When in doubt, there
is one final step to take. Ask what the
ISP's track record is. Note that this is
not what the ISP's published policies say, but how they actually perform on
their policies. Do they in fact cancel
spammers when the complaints come in, or do they wait six months until their
checks start bouncing? The place to
raise that question is the Usenet news group news.admin.net-abuse.email, or nanae.
If you are not familiar with Usenet, this is an area that contains well
over 50,000 different discussion forums on virtually every conceivable
topic. Spam is the designated topic in
nanae. If you don't know how to access
it using a news server, the best Web based portal is groups.google.com. Post a question there and you'll get a
strongly opinionated response from a fair number of people. Most of the people on that forum will
generally provide hard, accurate facts to back up their opinions. Many of them run mail servers for a living. I offer one piece of advice though, when you
post there, use a throwaway or nonexistent email address. Usenet is a favorite place for spammers to
harvest addresses and any address posted on Usenet, particularly on nanae, will
become overwhelmed by spam in short order.
I use an old address that no longer has a mail server behind it although
the domain still exists. You can also
use a non-existent address, provided the domain in the address does not really
exist either and has little or no likelihood of existing in the future. But don't use a fake address in a real
domain, because that domain's owner may soon become flooded with the spam.
Follow these steps,
and the likelihood that your domain will become collateral damage in the spam
wars is greatly reduced. You'll also be
doing your part in reducing spam, because you won’t be providing revenue to a
spam friendly ISP. There should only be
one fate for ISPs who harbor spammers, and that's bankruptcy.
Charles Oriez has an MS-CIS from the
Looking for more information on Spam? Check out the
next two articles in this series, “Spam Legislation” and “Technology Options
for Fighting Spam,” published in the September/October 2003 issue of Information Executive.
Information Executive Jul/Aug 2003
Copyright ©2003 Association of
Information Technology Professionals