It's been quite a few weeks recently on the spam front, and it looks like the good guys are losing big time.
A few hundred thousand new spam relay hosts might have been established around the world, the US Federal Trade Commission (FTC) seems to be giving up fighting spam at least according to the press, and a primary source of anti-spam information is under heavy attack.
For a while things weren't looking too bad. Congress finally seemed to get the message that folks in the real world were fed up and wanted legislators to do something. Congress even seemed to have gotten that message loud enough that it was starting to be heard above the roar of donations from those who want to keep filling your mailbox.
Even the Direct Marketing Association — the folks suing the US government to stop the national anti-telemarketing do-not-call list (even though 41 million registrations on that list should be a hint to the DMA that it's on the wrong side) - has offered to work with the FBI to "identify and prosecute spammers."
But then the chair of the FTC reportedly went into wet-blanket mode and pooh-poohed all of the current congressional proposals. Although the actual speech is far better than the reports would have indicated (even if he seems to like "the flow of useful information to consumers" more than I do — by a few orders of magnitude).
But now all hell has broken loose. The latest generation in the evolution of the SoBig virus (or worm, depending on your definition) struck on August 19. I didn't get my first SoBig message until early that morning, but in the following week and a half I've received 7917 to my own mailbox.
I cannot begin to imagine how many went to the central mail servers at the university. Press guesses (I'd call them reports but that implies more precision than is the case) have between 100,000 and 500,000 machines compromised. In the past few days there has been a lot of speculation that one of the aims of SoBig, other than the propagation of the species, was to set machines up to be used in the future for relaying spam.
A recent Boston Globe report said distributed denial-of-service attacks have hit anti-spam blacklist services hard.
These services maintain spam relay address lists so ISPs and companies can block all incoming mail from them. These services, while controversial, have been quite effective in reducing the amount of spam that gets through to the places using them.
Between SoBig and the blacklist attacks, the bad guys are in full counterattack.
Some people are trying to fight back. EarthLink and Amazon.com filed suits against spammers or online marketers within a few days of each other.
But that is a long row to hoe.
The FTC chair mostly seemed to be hoping for a technical solution to the spam problem — don't hold your breath. Meanwhile maybe Congress can make it easier for the FTC and others to attack the attackers and the FTC can be less despondent.
Disclaimer: At Harvard, guesses are called "research." The above is my "research."
Bradner is a consultant with Harvard University's University Information Systems. He can be reached at email@example.com.