Antispam 'blacklist' providers hit by online attacks

FRAMINGHAM (09/26/2003) - After fighting unsolicited commercial e-mail for several years by compiling and distributing Internet "blacklists" used by Internet service providers to block e-mail from known spammers, two online businesses have given up their efforts after their Web sites were crippled by distributed denial-of-service (DDoS) attacks they believe were launched by spammers.

And another company has ended its blacklist participation due to fears of potential attacks from spammers apparently going on the offensive against antispam activists.

Ron Guilmette, a Roseville, Calif.-based proprietor of a small, independent software company, Monkeys.com, and Joe Jared, owner of Osirusoft.com, a foot orthopedics design business in Orange, Calif., shut down their antispam blacklists recently, declaring that spammers had forced them to do so with DDoS and other attacks.

The third blacklist provider, Compu-Net Enterprises in Paris, Tenn., also ended public distribution of its blacklist because of fears that it could be the next target for a attack by spammers trying to cripple its business. Bill Larson, the network administrator at Compu-Net, said Friday that the preventive measure will affect some 1,500 Internet service provider servers that regularly used his company's blacklist to filter e-mail for spam.

Guilmette halted distribution of his antispam blacklist and removed a Web page filled with antispam reference materials on Sept. 22 after his site was attacked and shut down for 10 days in August and again last weekend. His e-mail address was also recently spoofed and used to send pornographic images and sex-related messages to about 1 million e-mail accounts, prompting angry responses from recipients and making his business look like a spam machine, he said.

Guilmette had ramped up antispam efforts in recent months by working with ISPs around the world to construct an "open proxy honeypot network" that used automated logging software to see where spammers were hijacking access on insecure servers to send out spam, he said. The honeypot, essentially a trap that allowed ISPs to collect the IP addresses of the spammers, helped get "more than 100 of the Internet's largest spammers disconnected" by their own ISPs, he said.

That's why Guilmette believes spammers may have targeted him. "I came front and center to the attention of the worst of the spammers," he said.

After the last attack, he'd had enough. "I'm done fighting spam. I didn't decide this. The spammers have done this for me" by cutting off his business lifeline, he said. "I can't do this work if I can't connect to the Internet."

In a posting on an e-mail abuse online bulletin board aimed at letting the spammers know he has ended his fight against them, Guilmette announced his "unconditional surrender."

"I am deeply sorry that I have to withdraw from this fight, but at this point I clearly have no choice," he wrote. "I will simply not be allowed to continue fighting spam. I don't have either the bandwidth or the level of interest among either big network providers or law enforcement authorities that is clearly necessary in order to fight this kind of concentrated onslaught from thousands of separate zombie machines at a time. I would be the first to say that it is a damn shame that the bad guys have won yet another round, but their really isn't a damn thing that I can do about it."

Jared, who's maintained his blacklist since 2000, believes he was targeted by spammers because his list is used to block spam by a large number of Internet service providers. "So [spammers] take the most popular sites down and go ahead and continue to spam," he said. "I'm just pretty much disappointed in the whole thing."

His Web site was "pounded" by a DDoS attack for four weeks in July and August before he shut down the blacklist on Aug. 29. "It was affecting my business," he said.

Compu-Net's Larson said he has maintained the public distribution of his own blacklist since 1998, but now will use it only internally to protect his company's customers. He added that he fears that if spammers retaliate, he'll be knocked out of business by DDoS attacks.

His company has had recent problems with spoofed e-mails sent using a corporate e-mail address, he said, and that was enough. "It has an economic effect there," Larson said. "I had to look at it as I do not want to be next."

Guilmette and Jared said they reported the DDoS attacks to local police and to the FBI, but the response from law enforcement agencies was lukewarm. "I'm disappointed in the legal system at this point," Jared said.

Calls to the FBI for comment weren't returned Friday.

Seth Schoen, a staff technologist for the nonprofit Electronic Frontier Foundation in San Francisco, said the incidents "indicate that spammers are pretty aggressive in getting their spam through."

Although the EFF is skeptical of blacklists because of concerns about inaccuracies and past track records, that doesn't give spammers a reason to shut the lists down, he said. "I really wish that law enforcement would take it seriously," Schoen said.

A related Internet group, the Open Relay Database, which tracks open server relays that spammers use to send their spam across the Internet, noted the closing of the Osirusoft list on its Web site, calling "their demise a massive blow to the movement."

Join the newsletter!

Error: Please check your email address.

More about EFFFBI

Show Comments
[]