Spam fighters Osirusoft pushed off the net

On the one hand spamsters are being hit with lawsuits and large damages awards. Earthlink has just started a new suit against 25 spammers. They don't know who these people are, but they do know that they have sent 250 million people pieces of spam and cost Earthlink $5 million. And if you think suing people whose identity you don't know is a losing strategy then think again: Earthlink recently secured a $16.4 million judgement against Howard Carmack, the "Buffalo Spammer", an identity they also didn't know when it started that suit.

On the other hand, it isn't risk-free to be a crusading anti-spam activist either. Recently, Osirusoft, providers of shoe inlays(!) and spam blocking data to the net were forced by massive illegal network data attacks to drop distributing the spam tracking data. It's alleged that Joe Jared, proprietor of Osirusoft, decided to 'go out with a bang'. At any rate, his servers have started declaring all email in the entire net to be spam. While that's a good approximation of the situation these days it wasn't too popular with those who had perhaps placed a little too much trust in his service and suddenly found they couldn't receive mail at all. The popular tool, SpamAssassin, used the data as a gentle hint to their spam classification software, and here's their guide to removing Osirusoft's data from their software.

But what exactly was it that Osirusoft were providing, and why was someone so anxious to push them out of Cyberspace?

Let's say you identify the origin of a piece of spam, say by using our spam mail tracker software. If you are a mail administrator (the person who people complain to when they are having trouble with their email) you consider adding that particular origin to your list of origins you don't want mail from. After that you report the spammer to whoever sold Internet access to the slimeball and what happens next? Well, if the Internet provider is at all reputable, they'll cut off the spammer in mid-bit and he'll wander forever in the analogue wastelands of lost net connectivity. We wish. What actually happens is that the spammer gets himself a new connection and starts right up again.

It hasn't escaped the notice of mail administrators everywhere that the spammers have favoured entry points to the net. Some Internet providers, or ISPs are easier to use for spam than others. Naturally the temptation is to just block mail from those entire ISPs, stop spams before they happen and have more time for the other problems that plague a mail administrator's day, like trying to get your Outlook users to stop clicking on virus-infested attachments. The blacklist, is born, a list of ISPs and other parts of the net (whole countries) from which you'd rather not receive mail.

After a while, the mail administrators get tired of maintaining their own blacklists, and, in the tradition of the Internet, cooperate about a shared blacklist. One of the more agressive blacklists is SPEWS, the Spam Prevention Early Warning System. (Don't bother trying to check out the web site, it's being blocked by its enemies.) Since working against spam on the net is likely to get you some unwelcome attention from M'learned friends and others, the guys behind SPEWS choose to remain anonymous. No one knows who they are. Really. No one at all. But the regulars in Nanae do seem to have a raaather good idea what SPEWS is thinking.

Of course, using SPEWS hurts non-spammers who happen to be attached to the net using an ISP that is also used by spammers. They get upset when they get their mail back with an error message saying that their words of wisdom have been rejected for the simple reason that they come from an unsavoury part of the net. This is called "collateral damage" by SPEWS, and it's not entirely inadvertent. The idea is that the innocent victim, (being a customer of the same ISP as the spammer) is able to put pressure on the ISP to take more effective measures against the spammers. The free market in action. Perhaps.

But while it's feasible for SPEWS to collect information about spammers without revealing their identity (the spammers, after all, come to them with the evidence in the form of spam) it's rather more difficult to redistribute that information to the net at large without people knowing who you are. Osirusoft redistributed the SPEWS blacklists and, well, now they don't. That doesn't mean you can't get at the SPEWS data any more. It's out there in various secret and not so secret places. For example these guys have a copy of the SPEWS data that they distribute under the name spews.bl.reynolds.net.au to people who follow their rules on registration.

Sticking your head up in this information war is inevitably going to attract the attention of DDOSers, people who control vast armies of hijacked machines on the net and use them to bury their enemies in mounds of useless data, effectively cutting them off from the real data on the net. So what will happen when reynolds.net.au throw in the towel like so many anti-spam services before them?

SPEWS will likely continue to exist, but they may not share their data with the rest of the world any more. So mail administrators will maintain their own blacklists, perhaps joining together in small low-profile groups to ease the workload while remaining under the radar of the pro-spam net outlaws. The net effect will be the balkanisation of the net with 100s of blacklists. Getting off a blacklist when you've cleaned up your act spamwise has always been a hassle, but if we are talking about 100s of semi-secret blacklists it's going to be well-nigh impossible.

Or maybe we'll all just learn to love spam. After all, haven't you always secretly wanted a slightly larger one? µ