MSN Home   |   My MSN   |   Hotmail   |   Search   |   Shopping   |   Money   |   People & Chat 
MSN.comMSNBC Scarborough Country
Home page

Spam-blocking lists under siege
Cyberattackers disabling services that cull unwanted e-mail
By Mike Brunker
Aug. 29 — Internet gangsters with a grudge against anti-spam “block lists” used to stave off unwanted e-mail have unleashed a plague of data packets against some of the leading providers of the services. The onslaughts have intermittently blocked access to several of the spam fighters’ Internet sites in recent weeks and have succeeded in shutting down the oft-maligned SPEWS list.

E-mail This    Print ThisComplete Story
Advertising on MSNBC

Click Here!
Click Here!


       THE CYBERATTACKS, which began in midsummer and have increased steadily in the intervening weeks, forced Joe Jared, who had been hosting the Spam Prevention Early Warning System, also known as SPEWS, at his Web site, to suddenly pull the plug Tuesday on the popular but controversial block list.
       “I had to shut it down to protect my livelihood,” said Jared, who also runs a small business selling shoe inserts on the Web site. “I was getting hammered with up to 1,000 megabytes (of data) per second.”
       Other block lists, which are used by Internet service providers and businesses to filter out the majority of incoming spam before it reaches the end users, have come under siege from distributed denial of service (DDOS) attacks this summer. The bombardment of massive amounts of data has intermittently prevented subscribers or users from gaining access to lists at Web sites of,, and the Spam & Open Relay Blocking System.
       DDOS attacks have been used against anti-spam sites before, but this summer’s onslaught appears to be more systematic and intense than anything seen before.

How spammers and foes do battle
•  Profiles of the prolific: The Top 10 spammers

       “There’s not much doubt in my mind that the various attacks are the work of the same person or organization,” said Julian Haight, president of Seattle-based, which has been under attack since mid-July.
       While it’s not clear who is behind the campaign, suspicion has focused on renegade spammers, who have an obvious motive.
       “These block lists have become more and more effective as they’ve become focused, so they’ve started to hit home,” said Jesse Dougherty, director of development with software solution provider ActiveState.
       The block lists have alienated some in the Internet community by blocking users who have nothing to do with spam, either accidentally or, in the case of SPEWS, as a deliberate tactic aimed at pressuring Internet service providers to crack down on spammers on their networks. But because the attacks are targeting multiple sites rather than just one or two, most experts say spammers are more likely culprits.
       “It has been suggested to me that the person (behind the attacks) could be a site that I’ve erroneously blamed for spam, but given the amount of resources being put into it I’d certainly vote for the spammer,” said Haight.
       There is widespread suspicion that they have the wherewithal to conduct such campaigns.
       Some security experts, and many in the anti-spam community, believe that spammers have been behind recent viruses that have placed malicious “Trojan horse” programs on vulnerable computers, creating a network of “zombies” that can be remotely ordered to launch such attacks.
AdvertisementNewsweek World Update

Add local news and weather to the MSNBC home page.

       And while there is no hard evidence, some believe that the “sobig” family of viruses may be recruiting for the zombie army.
       Ron Guilmette, who operates a free block list at, said the electronic bombardment of his site began “at 11:27 p.m. Pacific Time on Aug. 19, which coincidentally or not was the same day that sobig.f started to make the rounds.”
       Guilmette said Friday that the attack by “at least 3,000 computers” has increased in volume to the point where he may have to shut down his blocklist of unsecured proxy servers, which are commonly used by spammers to disguise the source of bulk e-mail.
       “If it was just impacting me and my Web site and my list, that would be one thing, but under attack now is everybody that’s associated with my site and service, including my ISP, my upstream and their upstream,” said Guilmette, a software engineer who also uses the site to advertise his business and connect with clients.
       Even if it comes to that, users of Guilmette’s service will have more warning than those who had configured their mail servers to run the SPEWS list hosted on Jared’s site. On Tuesday morning, they awoke to discover that Jared reprogrammed the database to “blacklist the world,” or return all queries as positives, which apparently caused an untold number of e-mails to be falsely blocked as spam.
       Jared, who drew considerable heat from network administrators who had to scramble to reconfigure their mail servers, said he would have liked to give users of his free service a heads up, but wasn’t able to under the circumstances.
•  Is the spam dam <br>about to burst?
•  In the trenches<Br> of the 'spam wars'
•  Who profits<Br> from spam? Surprise
•  How spammers<br> do their work
•  How lawmakers<br> want to can spam
Is the spam dam
about to burst?
In the trenches
of the 'spam wars'
Who profits
from spam? Surprise
How spammers
do their work
How lawmakers
want to can spam

       “I tried to provide as smooth a shutdown as possible, but I came to the realization that I can’t lose my business over this,” he said.
       There was no disputing that Jared’s tactic was effective.
       “That was probably the fastest way to get admins paged, get bosses yelling … and get it changed,” said Stephen Gielda, president of Internet privacy service provider
       While small operations like those of Guilmette and Jared are particularly susceptible to DDOS attacks, the bigger commercial sites aren’t beyond range of the cyberspace saboteurs.
       Haight, who said that SpamCop was knocked offline periodically in the early days of the attack in mid-July, said it will cost about $30,000 this year to pay for a content distribution network capable of withstanding such assaults.
       Britain’s also has been able to withstand steady attacks that began more than 2� months ago, chief executive Steve Linford told the Boston Globe this week.
       “We’re usually under attack from 5,000 to 10,000 servers at once,” Linford was quoted as saying in Thursday’s editions. “They’re extremely large attacks that would bring down just about anything.”
       But given the increasing scale of the attacks, Guilmette of warns that even resilient services like Spamhaus and SpamCop are in the cyberspace equivalent of a nuclear arms race.

 fact file 
What is spam?

What is spam?                
While most e-mail users think they know spam when they see it, it has proven surprisingly difficult to define. Some of the most-common definitions being bandied about in connection with plans to regulate spam are: unsolicited commercial e-mail (UCE), which excludes unsolicited political messages and possibly outright fraudulent ones; unsolicited bulk e-mail (UBE); unsolicited commercial bulk e-mail (UCBE); and unsolicited electronic mail solicitations (UEMS), which would include even single unsolicited e-mails. Many e-mail marketers prefer a definition that would require unsolicited messages to be fraudulent, deceptive or objectionable before they would be considered spam.

Who sends it?
The spammers who flood your inbox on a daily basis are most likely members of a relatively small, shadowy group of pros capable of generating hundreds of millions of e-mails each day and using high-tech evasive tactics to avoid detection. Together, these big operators send the vast majority of unwanted e-mail. But they don’t work for free, and a wide variety of small-time crooks, inventors and even major U.S. companies may ultimately be behind the campaigns.

What does it cost?
Each year spam costs each U.S. end user between $30 and $50 and companies $730 in lost productivity for every employee with e-mail, according to the Anti Spam Research Group.

Legal landscape
Check the law in your state and the status of efforts to pass federal legislation at

1. Protect your address
Most spammers build e-mail lists by harvesting from Web pages and Usenet postings. So avoid putting your e-mail address on your Web page. If you feel you must, one helpful trick is to encode your e-mail address using HTML characters rather than simple text.

2. Diversify
Use multiple e-mail addresses, and save one for filling out Web forms and submitting to companies. That will keep spam out of your primary e-mail.

3. Read carefully
Read online forms and software registrations carefully. Be sure to "opt-out" at every chance, letting companies know you don't want them sharing your e-mail.

4. Complain
Not enough individuals go to the trouble of figuring out who's really behind the spam. Reading e-mail headers isn't as hard as it sounds -- click here for a good primer.

Generally, once you learn the actual sender's domain name, an e-mail to [email protected] will do the trick. If it doesn't, here's a link to a site with more details on finding the right e-mail address for complaints:

Printable version

       “The practical reality is that if you have thousands of machines, many of them with cable modems, DSL or T-1 lines, it doesn’t matter who you are or how well (the network) is distributed. If they took down eBay and Yahoo, they can take anybody down,” he said, referring to massive DDOS attacks in 2000 that knocked the Internet retailers offline.
       While the escalating attacks have the anti-spam community up in arms, there is no indication that law enforcement yet considers them to be serious.
       “DDOS attacks against any organization are criminal acts,” said ActiveState’s Dougherty. “When they were executed against Microsoft and Yahoo and others several years ago, there was very quick action (by law enforcement). But when the target is a (spam block list), it seems there is very little, if any, interest.”
       And SpamCop’s Haight said he has filed several reports with the FBI but had no follow-up contact from the bureau.
       “I’m getting bombed off the face of the Earth and no one cares,” he lamented.
InfocenterWrite UsNewstoolsHelpSearchMSNBC News
Shopping on MSN
AntiVirus SMB V8.1 Workstations & Network …
AntiVirus SMB V8.1 Workstations & Network …
Protects workstations and serversBest-selling virus protectionFast and reliable protectionEasy to use management
Free Shipping on All Orders


Would you recommend this story to other readers?
not at all   1    -   2  -   3  -   4  -   5  -   6  -   7   highly

  Download MSN Explorer!
  MSNBC is optimized for
Microsoft Internet Explorer
Windows Media Player
MSNBC Terms,
  Conditions and Privacy � 2003
Cover | News | Business | Sports | Local News | Health | Technology & Science | Entertainment
Travel | TV News | Opinions | Weather | Comics
InfoCenter | Newsletters | Search | Help | News Tools | Jobs | Write Us | Terms & Conditions | Privacy
  MSN - More Useful Everyday
  MSN Home   |   My MSN   |   Hotmail   |   Search   |   Shopping   |   Money   |   People & Chat
  ï¿½2003 Microsoft Corporation. All rights reserved. Terms of Use  Advertise  Truste Approved Privacy Statement  GetNetWise
Symantec Norton Antivirus 2003 5-Pack Full
Symantec Norton Antivirus 2003 5-Pack Full
HP - SMB Online Store