Slashdot Mirror
IronPort Arms Both Sides In Spam War
securitas writes "We all know about IronPort's recent acquisition of SpamCop. What may not be common knowledge is that IronPort's Senderbase has 'the reputation as the fastest way to send millions of junk e-mail messages' and is popular with spam factories. Founded by two former Microsoft executives - Hotmail's Scott Weiss and ListBot founder Scott Banister - IronPort claims its customers are not spammers but legitimate marketers. Critics say that this is a clear conflict of interest. Playing spam from both sides might be likened to a pharmaceutical company enabling the spread of a disease in order to sell the cure. SpamCop founder Julian Haight - who had to sell the company in order to remain solvent - is quoted as saying of IronPort's anti-spam measures: "I am not sure all its standards are tough enough." The story was originally reported by the New York Times' Saul Hansell. Abbreviated mirror at IHT."
SpamCop founder Julian Haight - who had to sell the company in order to remain solvent - is quoted as saying of IronPort's anti-spam measures: "I am not sure all its standards are tough enough."
And IronPort's response? "Obviously his business sense was not strong enough, or he wouldn't have solvency issues."
Yes, I know a lot of what I write makes it sound like my tinfoil hat is loose but hear me out:
IronPort buys SpamCop
Worms hammer anti-spam sites
Because IronPort is now "spammer friendly", SpamCop doesn't suffer these DDoS attacks.
SpamCop's for-fee competition and free lists are ran off the net by IronPort supporters.
Not suprisingly, IronPort's products don't block mail from their customers.
IronPort and it's spammer customers profit.
Trolling is a art,
IronPort, which is private and backed by venture capital, expects to turn its first profit next year on revenue of more than $10 million. It was founded by Mr. Weiss, who worked at Hotmail, the free e-mail provider, and Scott Banister, who founded ListBot, a service that lets companies manage e-mail lists. Both companies were acquired by Microsoft.
Actually the article leads me to believe that these guys are not MS-bred.
Playing spam from both sides might be likened to a pharmaceutical company enabling the spread of a disease in order to sell the cure.
Or it could be compared to Chaplin's film The Kid :
The Tramp rescues a baby abandoned by its despairing mother, brings it up to become his partner in a window-repair business - although it is the Kid's business to break the windows first
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
It's kind of like the diet industry. You try the newest hottest spam killer that will guarantee getting rid of all the spam, like trying the newest hottest diet that will guarantee getting rid of all the kilos. You lose the spam like you lose the kilos, and then, after a few months, it all comes back twofold. So you try the next newest hottest spam killer, the next newest hottest diet, blah blah, it comes back threefold. Then you try the next...(ad nauseum)
When life hands you lemons, grab the salt and pass the tequilla...
Despicable is right.
IMHO, spam is spam whether it's from a legitimate marketer or not - unless I have indicated that I wish to receive information (special offers, order status, terms of service updates) from the sender, whether they're selling books, parts, or e-transaction services.
I also concede that there is a minor loophole, inasmuch as companies with whom I hold an account (e.g. eBay UK, PayPal, Amazon.co.uk) should be free to send certain important mails relating to things like my membership status, or any important and major changes to their ToS.
However, since they're not the sort of companies I'd expect to go through spam houses, I'd understand that if they did contact me without my consent, they'd have a pretty darn good reason.
How long til some IronPort customer dies from popping bootleg Viagra, or is fleeced out of his savings by a bunch of Nigerians pulling a 419? Some of those people will be clueless, and will think that because it's come through the spam filter, it must be legitimate...
Jailarity ensu-- no, wait, that would be for a Fark story :-P
"It is dark. You are likely to be eaten by a grue." -- Zork
The analogy needs to be furthered a bit: this would be like a pharmaceutical company not only spreading that which they themselves sell the cure for, but above it all, that cure being phony, so that the market for the cure is maintained. Think, do you think IronPort's spam protection measures will stop their own supported spam? This reminds me of a bond-type plot where evil villains pay an evil company to let them continue ravaging the world. Even though this obviously would only last so long in the pharmaceutical industry, I'd call it a feasible, profitable, and despicable practice for the e-mail industry, with all the sources of spam floating around.
What about the companies that are exclusively anti-spam? Maybe they don't even have to have a spamming component.
What if they DO perform the high and mighty task of eliminating spam in one fell swoop? Then what? Their market is gone as that product becomes assimilated. There goes the cashflow.
This is analagous to CURING a disease rather than selling many more pills to TREAT a disease.
The point is that whether or not a company does the "right" thing is the important thing, not whether it offers x product.
I use Squirrelmail, and one of the options is to use Spamcop (report as spam)
/dev/null'ing everything.
In he last few days, when you process your spamcop response, I have noticed that instead of sending the notices to the usual "abuse@comcast.net" it is simply
I was wondering about this.
Has anyone else noticed funny things going on in SpamCop?
* Carthago Delenda Est *
You mean kind of like Verizon selling my phone number to telemarketers, and then trying to sell me anti-telemarketing services for a premium price?
Actually, pharmaceutical companies do create'diseases' to sell more of their products.
Isn't corporate capitalism wonderful?
Humorous signatures are over-rated.
This is a human-based review system of millions of junk messages... without the users, there is no Spamcop, and Ironport bought nothing.
They didn't buy nothing, they bought the death of Spamcop. If IronPort really is dependent upon spammers, then such a buyout makes a lot of sense from a business standpoint.
If this turns out to be the case, you can thank Julian again, for selling out the constant vigilance of many users to the highest bidder.
I've been a Spamcop user for years (see above unobfuscated email) and participated in or have read the associated newsgroups (where the fun really is) for as long. The system just doesn't work unless the 'users' are reporting Spam regularly and in a timely manner (hours, not days). These people are rabid anti-spam and would scream bloody murder if there was a site under IronPort that was spamming and it wasn't being handled.
My optimisim comes from the absence of those screams since June when the deal went down. They aren't doing anything that bad (selling specialized server hardware?)
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
I don't know, isn't it a "traditional" mail sender/relay? Most spam these days comes via open proxies etc. A spammer operating with his own mail server like SenderBase would be blocked by all anti-spam lists fast and would not be effective for long.
And lets not forget proper uses for the box. I sure would like an appliance box for handling the daily newsletters and etc. Sure it's fun to sit and tweak Postfix on a Linux box but if you were to setup a new system it might not be cheaper to build an entire system yourself, with the tuning, tweaking and scriptwriting, and the following maintainance like updates fixes etc.
Despite the fact that we now often see certain anti-spam products being promoted in, of all things, spam, I'd like to believe that most anti-spam offerings are honestly interested in reducing spam for their customers.
We offer an anti-spam service which has been very, very successful and received very positive feedback from our satisfied customers. It's rewarding to receive that feedback. But a few weeks ago we received an email that I knew someone would send someday: They said it was unethical and suspicious of us to be selling an anti-spam service. Don't we benefit from spam by offering the anti-spam service for a fee? Maybe we are guilty of generating spam to drive people to our service?
Well, ignoring the minimal gains we've earned from the service (far outweighed by bandwidth and development costs), I feel TRUE anti-spam services are no more unethical than doctors. Are doctors unethical because they pay their bills curing others? They are unethical if they make people sick so they can charge to cure them, but if they truly are just curing people then that seems like a valuable service and not at all unethical (as long as they aren't ripping people off).
Fact is, there's so much spam that no company needs to create more of it to justify anti-spam remedies. That said, I don't think it is appropriate for any company to provide anti-spam and mass-mailing services or products at the same time. That just sounds wrong and definitely looks like a conflict of interest even if it might not be.
The real question is: If a company truly had the ability to end spam but it would end their cashflow, would they do it? I can't speak for other companies, but I know we would. We developed the service because WE were sick of spam. If we could make spam disappear tomorrow, we would do so and just find something else to do business-wise. We were solvent before spam appeared and we will be solvent after spam goes away (and I'm convinced it will, someday. Whether it is attacked with new mail protocols, filters, legislation, or all of the above, I don't think we'll be dealing with spam 5-10 years from now).
I don't know if they still do, but for years, Cincinnati Microwave made both radar guns and radar detectors. They generated a technology war with better and better radar guns and more sensitive detectors. They seemed to have been very successful with this strategy.
Hi, this is Julian, the long-time owner of SpamCop.net. I must say I was a bit dissapointed in the NYT coverage of this.
;)
7 1.207.query.bondedsender.org has address 127.0.0.10l .spamcop.net has address 127.0.0.2
.. and here I was coming to slashdot to read the news and relax. Little did I know I'd be spending the next half hour writing this rebuttal ..
First of all, I was not *forced* to sell SpamCop to remain solvent. I am proud of the fact that I have been profitable since 1999. If anything, this deal makes SpamCop a charity case within Ironport. I still get paid of course
The NYT article quotes me as saying (referring back to my dead-tree version): "After a while, I found that this had become a job, and I had to find a way to make money from it". That quote was taken out of context - I was referring to my 1999 decision to take SpamCop commercial, not my 2003 decision to sell the *profitable* company to ironport.
It is true that the akamai bill is not cheap. But I think I would have survived the same way I have always done without selling the business. And that leads to my next point - I'm not cashing out. I will be with the company for the forseeable future, doing what I have always done - fighting spam! I sold it to ironport because I felt they would support my goals. They offered me a nice lump of cash, help with the non-spam-fighting part of the job (sysadmin, administrivia, lawyering, DDoS protection, etc.) and most important, a credible promise to let me keep it on-track.
The very fact that I am here talking about this, and expressing my doubts about bonded sender to the NYT should indicate that I'm not just rolling over here.
I don't control the bonded sender program and likewise the people who control it won't be calling the shots where SpamCop is concerned.
Oh, and BTW, I know ironport boxes are good for spamming. They're also good for sending (and also receiving) tons of legitimate mail. Noone with ironport has ever claimed that "our customers aren't spammers". Some might claim our *bonded sender members* aren't spammers, but that's a whole other kettle of fish.
Are we arming both sides? Sure! But as with all arms dealers, the real point is that we make the best weapons on the market! Don't like spam from ironport customers? Use the spamcop blacklist! If this were really some big conspiracy, would spamazon's IP be in both the spamcop blacklist and the ironport whitelist?
$ host 207.171.188.101
101.188.171.207.in-addr.arpa domain name pointer mm-outgoing-101.amazon.com.
$ host 101.188.171.207.query.bondedsender.org
101.188.1
$ host 101.188.171.207.bl.spamcop.net
101.188.171.207.b
(Note, the blacklist changes quickly over time, it was listed when I wrote this)
-=Julian "10 hot comments" Haight=-