Savvis Grudgingly Get Savvy About Spam

ElvenMonkey writes "The BBC is reporting that Savvis has finally promised to ditch those accounts that are using its network to send spam, in an effort to reduce the damage already done against its reputation; the CEO promises that all such accounts will be closed within 10 days (working days?) Amongst these accounts are believed to be the majority of the top 150 worst spammers worldwide."

Question

Why do they still have any link to the network? Other ISPs should cut them off if they refuse to cut off spammers.

Re:Question

[ackthpt]

Why do they still have any link to the network? Other ISPs should cut them off if they refuse to cut off spammers.

Their major pipe provider could probably care less what they do, same as Savvis did, as long as customers paid their bills. The only people bright enough to figure out who they are are geeks who use traceroute.

Re:Question

[robslimo]

Ask the North American Operator's Group They are just starting to comment on this item but, other than participating in blacklists like SPEWS, they don't seem to have as much clout as one would expect (or at least hope). Hmmm, maybe is story is evidence that it may be changing?

Interesting, looks like maybe Paul Vixie reads slashdot too (or maybe he surfs the BBC all day?).

Re:Question

[arivanov]

There is a good saying - if you steal one penny you are a thief. If you steal one billion you are a banker.

Similarly, what is unacceptable for a mom and pop garage shop ISP is perfectly acceptable for a Tier 1 or a larger Tier 2 ISP. If they decide to make a business from hosting SPAMmers (and some do) there are very few means to fight them.

Re:Question

[rf0]

Its all about the bottom line. If they are paying you you have to decided where morallity begins and the bank balance ends

Rus

Re:Question

[Havokmon]

Why do they still have any link to the network? Other ISPs should cut them off if they refuse to cut off spammers.

Savvis is an awesome provider. I run a free email service, and I can tell you when I was on Savvis (sharing a connection with another business), they were great. They told me when they got abuse complaints, and I took care of it. They also assign your subnet to you within Arin, so my guess is that they don't hear 90% of 'Arin complaints'.

Now I'm on RoadRunner (only access available where I am). The idiots in RR abuse will not forward me complaints, they just threaten to cut my access. They will not make an Arin change, and actually told me to buy 8 (yes, EIGHT) ips from ARIN so I wouldn't be associated with RR. Apparently the routing nightmare that would be created by assigning 8 IP's at a time is completely lost to RoadRunner tech support.

It looks to me though, that the assetts and C&W just haven't been brought into the fold as well as they should have (include the Abuse arm). I personally have complete confidence in Savvis.

Re:Question

[the+chao+goes+mu]

Not true. I worked for a very large web hosting company, and they were very firmly anti-spam...

Of course, they fully supported the "marketers" who bought space from them. But they were against spam.

Re:Question

[Dimensio]

Yep, Savvis is an awesome provider -- if you're a spammer.

Savvis is being forced to terminate their spamming customers because they can no longer deny that they know about the spamming activity. Savvis has openly supported clients who have engaged in network abuse and even criminal activity.

Re:Question

[SilkBD]

I can't say I blame them. As a business, your goal is to legally make money. You only act to cut off your clients when it effects your bottom line.

There's two ways of thinking of this... from the comsumer point of you (the reciever of spam) and the business point of view (Savvis). I'd do the same thing if I was running their company.

Re:Question

[Karzz1]

You obviously are a spammer and that's why you love them so. Why else would you even be receiving complains from RR?

You must be some kind of anti-business zealot to make that statement.There are tons of legitimate emails that get complained about because the receiver didn't remember signing up for a newsletter, didn't recognize a receipt for his purchase etc.... I have seen spam complaints (mostly coming from spamcop.net) for *hundreds* of legitimate emails. You need to step off your high horse and realize that there are thousands (millions?) of idiots out there that blanketly complain about everything that comes into their inbox. In fact, Yahoo and AOL make it so easy to complain that even those people can figure it out.

Re:Question

[Dimensio]

Great Spews policy again. This is why nobody should use Spews. They arbitrarily block whole blocks of IP addresses with no regard to who is getting stomped on.

SPEWS blocks IP ranges only AFTER an ISP fails to kick off spammers for an extended period of time. This is because many spam-friendly ISPs just don't care if the spammers are blocked -- they'll often move the spammers to new IPs (which they can't do now because places like SPEWS will just block the old AND the new IPs) and move legitimate people into the blocked ones as human shields. SPEWS only lists non-spammer IPs because Savvis didn't take action against spammers in the first place -- specifically, SPEWS is listing the spam-friendly ISP's IP ranges, the "innocent parties" just happen to be renting IP space from known spam-supporting outfits. Savvis brought it upon themselves by making their IP space a cesspit from which no one wants traffic. That's their fault, stop blaming SPEWS for Savvis's bad decisions.

And SPEWS doesn't block anyone. That's a common spammer lie.

There's more to both sides.. I just don't have time to enlighten the masses on what a Good company does for it's customers vs what overzealous spam outfits can do to a Good companies customers.

Any ISP that openly supports spammers on their network is not a "Good company".

Re:Question

[mwood]

RR *can't* forward complaints to you, 'cos they just send them back with a form saying, "you should have included [N items, every one of which I included]."

I doubt RR has seen any complaints in years. I no longer bother trying to get their attention.

Re:Question

[Havokmon]

And SPEWS doesn't block anyone. That's a common spammer lie.

LOL. Spews is just as much a pain in the ass as the spammers themselves.

Re:Question

[Havokmon]

You know, you are just too clueless to be allowed to run a server.

Oh that's rich...

Since when is it permissable to pass abuse reports to the spammer? How is RoadRunner supposed to know you aren't a spammer?

So ..what... I'm using my own server as an authenticated relay using various hacked PCs around the world to originate the email?

Hello? McFly? And I would need the relay and the hassles because..?

And I'm clueless one.. *sigh*.. I'd tell you how to view your headers, but I don't use Outlook.

Re:Question

[XSforMe]

SPEWS will block entire countries, without any consideration to the spam to ham ratio. Their blacklist is poorly maintained, their policies regarding entry and removal from it is a joke and prone to verbal abuse. Even they advise upone their usage as experimental and not reliable enough for production.

Good luck filtering any serious mail servers with these bozos.

Re:Question

[misleb]

I can't say I blame them. As a business, your goal is to legally make money. You only act to cut off your clients when it effects your bottom line.

See, that is exactly what is wrong with Corporate America... almost no sense of social responsibility. I'm sure most spammers have a very similar excuse. "I gotta make money and I'm not breaking any laws..."

*sigh*

-matthew

Re:Question

[Dimensio]

LOL. Spews is just as much a pain in the ass as the spammers themselves.

I notice that you didn't actually refute my statement that SPEWS blocks no one.

And I agree, SPEWS is a major pain in the ass. It's a big pain in the ass to scummy ISP management who would like to be able to host criminals without worrying that it will impact their ability to do business, and it is a pain in the ass to spammers who find themselves booted when their previously spam-friendly ISP finds themselves in SPEWS list. Boo-fucking-hoo.

Re:Question

[Dimensio]

SPEWS will block entire countries,

Let's see, I already point out that SPEWS does not block anything, and now you claim that SPEWS will block "entire countries".

That would make you a liar.

without any consideration to the spam to ham ratio.

SPEWS lists IP ranges based upon the presence of a spammer and the amount of time that the spammer has remained connected on that IP address and continued to spam. Please give an example of SPEWS "blocking an entire country" (hint: you can't, because SPEWS doesn't block anything).

Their blacklist is poorly maintained, their policies regarding entry and removal from it is a joke and prone to verbal abuse. Even they advise upone their usage as experimental and not reliable enough for production.

A reference would be nice, though I'm not surprised that you didn't support this claim with evidence. After all, you already established earlier that you are a liar.

Re:Question

[AsbestosRush]

See, that is exactly what is wrong with Corporate America... almost no sense of social responsibility. I'm sure most spammers have a very similar excuse. "I gotta make money and I'm not breaking any laws..."

Duh. Businesses are amoral entities. They are driven by investors, which demand a healthy return on their investment.

You're like this too... you do something for someone in return for $$$. This is just supply/demand at work.

Do I like it? Hell no. Do I see the reasoning. Definatly.

Re:Question

[XSforMe]

That would make you a liar.
It seems to be you are a bit of a fanboy and SPEWS zealot. It's ok, you are free to use whatever you want to filter your mail. Hell, man, as far as I am concerned, you might as well redirect everything to /dev/null.

A reference would be nice, though I'm not surprised that you didn't support this claim with evidence. After all, you already established earlier that you are a liar.
I just googled for SPEWS, must of the stuff that came up were real jewels exposing the facts I mentioned above, but if you really insist on having them plastered on your face, let me help you out:

• SPEWS will block entire countries
• without any consideration to the spam to ham ratio.
• Their blacklist is poorly maintained
• their policies regarding entry and removal from it is a joke and prone to verbal abuse
• Even they advise upone their usage as experimental and not reliable enough for production.

If you have any more requests, please make sure to accompany them with baseless and trollish accusations. I will be more than happy to reply to you.

Re:Question

[Dimensio]

It seems to be you are a bit of a fanboy and SPEWS zealot. It's ok, you are free to use whatever you want to filter your mail. Hell, man, as far as I am concerned, you might as well redirect everything to /dev/null.

So I'm a SPEWS zealot because I correctly point out that they do not, in fact, block any mail whatsoever? I take it that only SPEWS zealots speak the truth about SPEWS, and that it's expected that all non-zealots lie?

I just googled for SPEWS, must of the stuff that came up were real jewels exposing the facts I mentioned above, but if you really insist on having them plastered on your face, let me help you out:

Your somethingawful.com link was a link to the news article where SA whined and bitched and moaned about SPEWS rather than focusing on the fact that their ISP is a crime-supporting cesspit from whom no one wants traffic, and it even it does not support your claim that SPEWS will block entire countries. In fact, none of the links have direct relevance to the bullet points that you mentioned.

I was right. You are nothing but a shameless liar. Not that I'm surprised. The most common attacks on SPEWS are based on outright lies.

Re:Question

[misleb]

Duh. Businesses are amoral entities.

Only as amoral as those who run them.

They are driven by investors, which demand a healthy return on their investment.

Well, not all of them. There are many small businesses that are wholely privately owned with only that bank as an "investor."

You're like this too... you do something for someone in return for $$$. This is just supply/demand at work.

No, i'm not "like this." All my employment decisions are backed by careful consideration of social responsibility. I won't work for just anyone if I have a reasonable choice.

-matthew

Re:Question

[AsbestosRush]

Duh. Businesses are amoral entities.

Only as amoral as those who run them.

Once you're to the "stock investor" class of business, it doesn't really matter who runs them. The investors want a return on their investment. If you think any differently, you're just lying to yourself.

Business is designed to do one thing: Make money for those who work for/invest in it, and therefore, amoral.

Re:Question

[Havokmon]

I notice that you didn't actually refute my statement that SPEWS blocks no one.

Technically, they don't. IMHO, most SPEWS users don't realize how many legitimate people they're blocking, because those people can't contact them!

And I agree, SPEWS is a major pain in the ass. It's a big pain in the ass to scummy ISP management who would like to be able to host criminals without worrying that it will impact their ability to do business, and it is a pain in the ass to spammers who find themselves booted when their previously spam-friendly ISP finds themselves in SPEWS list. Boo-fucking-hoo.

Yep. SPEWS has a long list of complainers who've been fucked over by them, because SPEWS generally doesn't give a shit as to who they're blacklisting.

Re:Question

[XSforMe]

So I'm a SPEWS zealot because I correctly point out that they do not, in fact, block any mail whatsoever?
Ahh! the oystrich approach. This argument has already been rebuttled in this same thread, but keep true to the SPEWS spirit and do not take any accountability for your actions.

I take it that only SPEWS zealots speak the truth about SPEWS, and that it's expected that all non-zealots lie?
Oh no, only us, liars and crime supporting ISP users.

and it even it does not support your claim that SPEWS will block entire countries.
1st Paragraph, 2nd sentence: "Their blocklist includes entire states...". Gosh man, please tell me honestly, did you even read beyond the title?

In fact, none of the links have direct relevance to the bullet points that you mentioned.
Yep body, you keep telling yourself that.

I was right. You are nothing but a shameless liar.
don't forget a crime supporting ISP user there!

Re:Question

[misleb]

Once you're to the "stock investor" class of business, it doesn't really matter who runs them. The investors want a return on their investment. If you think any differently, you're just lying to yourself.

Or maybe you just underestimate the varied personal motives of individuals.

Business is designed to do one thing: Make money for those who work for/invest in it, and therefore, amoral.

So how about businesses that are set up to produce a particular product in a particular way, such as an organic farm? Believe it or not, there are investors and business owners who are motivated by moral and/or socially responsible practices. When I invest in a company, I try to make sure it isn't totally amoral. Just because 90% of American businesses are amoral doesn't mean that is the nature of business as a rule. Again, businesses are only as amoral as those who run them. I refuse to let the corporations continue to be a moral shield for people. People need to be held accountable (even if only in words) for the actions of a corporation. I'm sick and tired of people hiding behind the ol' motto, "It's just business..." It isn't "just" business. It is one of the foundations of our society. If businesses are amoral, then the society is amoral.

-matthew

Re:Question

[mink]

I thouhgt I was the only one getting that kind of treatment.

For over a year I was being hammered by machines in the RR business class domain name range and even with my firewall logs I got nothing but those rejections.

Re:Question

[AsbestosRush]

If businesses are amoral, then the society is amoral.

This is a true statement. Like it or not, humans (as a general rule) suck. I am included in this statement. Every religon on the face of the planet acknowledges this, and tries to do something to fix it. Most laws are created because... say it with me... people suck. If society wasn't amoral, there would be no need for lawyers. Some *individuals contained in a society* may not be amoral, but as a whole, society is amoral.

Please note that I didn't disagree with you on the fact that "business as usual" sucks. I agree with that to a certain extent, however it remains true: If you don't make money as a business, you won't be in business for long.

This is my last comment on this subject, as I believe that I've already made my case, and it's wandering down the "off topic" path, as we're getting into philosophical and societological argeuments now. :)

Re:Question

[Dimensio]

Ahh! the oystrich approach. This argument has already been rebuttled [slashdot.org] in this same thread, but keep true to the SPEWS spirit and do not take any accountability for your actions.

No, that wasn't a rebuttal. That was an attempt to assert that a gun store owner who sells a gun to a thirteen year old kid is guilty of murder. He might be guilty of a crime, but he's not the one who pulled the trigger and thus he's not the murderer. Moreover, comparing voluntary filtering of mail to a privately owned mailserver to murder is asinine.

Oh no, only us, liars and crime supporting ISP users.

Okay, thanks for the clarification.

1st Paragraph, 2nd sentence: "Their blocklist includes entire states...". Gosh man, please tell me honestly, did you even read beyond the title?

Yes. "state" != "country". Moreover, somethingawful.com was venting and whining and throwing a massive temper tantrum because they didn't want to accept the fact that their ISP was the one at fault for the fact that no one wanted their mail. I take what they offer on that page with 1-pound grain of salt.

Re:Question

[JuggleGeek]

I'd do the same thing if I was running their company. Thus proving that you are a slimeball.

Re:Question

[JuggleGeek]

You're like this too... you do something for someone in return for $$$. This is just supply/demand at work.

There is a demand for people who are willing to kill other people, for dishonest politicians, for businessmen who will make investors money even if they screw the rest of the world, and for people who will supply IP addresses and bandwidth to spammers.

The is a major difference between honest people, and people that can be bought because morals and ethics mean nothing to them.

You believe that everyone is like you. I know that you are wrong, because I'm not like you. I hope (despite the evidence) that there are more of the honest people than the "I can make a buck at it so screw everyone else" people.

Re:Question

[JuggleGeek]

Similarly, what is unacceptable for a mom and pop garage shop ISP is perfectly acceptable for a Tier 1 or a larger Tier 2 ISP.

That is *exactly* what Agis thought, when they decided to host Spamford and every other spammer they could find. Didn't do them much good, either, because when your tech's quit working for you, and everyone else starts to blacklist your IP's, you find that the legitimate business you lose will more than make up for the spammers cash you took. Short term, maybe it works - long term, you end up dead, because no computers outside of your own system are willing to talk to you or carry your traffic.

Re:Question

[JuggleGeek]

SPEWS has a long list of complainers who've been fucked over by them, because SPEWS generally doesn't give a shit as to who they're blacklisting. That's exactly right. If you are coming from IP range of a know spam supporter, then it doesn't matter who you are, you get blocked. And the good guys go elsewhere, and the bad guys go to the sites that SPEWS adds to their list, and we are all better off for it.

You can live in a good neighborhood, or a bad one. Your choice. SPEWS just makes it clear which group you are in.

Re:Question

[JuggleGeek]

If you have any more requests, please make sure to accompany them with baseless and trollish accusations. I will be more than happy to reply to you. So far, you haven't backed your claim the first time.

You found five web pages with complaints about spews. They've added thousands of IP's to their list, at one point or another, due to the spam. They've added others because the people that own the netblocks won't deal with the problem, so they escalate. (Just as they say they will.)

They have never blocked entire countries as you claim.

You did add a link to "SPEWS will block entire countries". That link, on Something Awful, never gives any evidence of that. And lets take a look at how honest they are. From that page:

FACT NUMBER FOUR: Network admins who use the SPEWS.ORG blocklist are thirty eight times more likely to attempt to hot glue a realistic latex vagina to a skateboard and call it by their mother's first name while having intercourse with it than those who either use no blocklist or one of many less draconian SPEWS alternatives.

In the meantime, you continue to claim that SPEWS blocks this and that and the other, while ignoring the fact that SPEWS blocks nothing. The only ones that block anything are the admins running the system that does the blocking. If they choose to use SPEWS, they do it knowing how SPEWS works. They aren't forced into it. SPEWS doesn't make them.

I don't use SPEWS to block, filter, or guess about spam. I don't use them at all. But unlike you, I am not opposed to free speech. You don't want SPEWS to have the right to say "We think you should consider not accepting traffic from these IP's." I think SPEWS has every right to say that.

Re:Question

[JuggleGeek]

1st Paragraph, 2nd sentence: "Their blocklist includes entire states...". Gosh man, please tell me honestly, did you even read beyond the title? Yes. Did you read the rest of the article? Can you actually believe that the crap there is true?

It's obviously a bunch of crap.

Here's another of the "facts" that are backing up your story.

FACT NUMBER SEVEN: Proponents of SPEWS to a man worship dark powers and perform occult rituals in the privacy of the basement apartments they are renting from their parents. SPEWS supporters have also participated in no less than 800 leprechaun abductions over the past decade and it is suspected that they can astral project.

Yes, I'm convinced, this is serious, in depth journalism.

Re:Question

[JuggleGeek]

SPEWS and others provide a list that is used by a great majority of ISPS etc. to BLOCK emails.
SPEWS and others are providing the data for who to block.

That would be free speech. Consumer Reports will tell you "We think these guys have a good product" and "We think this product is no good" and similar. The BBB will tell you "Business in good standing, no complaints" or "They have a list of complaints as long as your arm".

Neither decide who you do business with - they just tell you what to expect, and let you decide. Just like SPEWS does.

Re:Question

[mrmeval]

"Bottom line" is a culmination of several risk factors which come under 'risk management'.
Business practices which include ethics fall under risk management and can do more harm to the 'bottom line' than most other risks. I would suspect that Savvis was losing their legitimate customers because of this.

Great

[Nos.]

now how am I going to know:

• If I am preapproved for a mortgage
• Where to get cheap drugs
• Where I can buy software for 1/10 of the normal price
• etc

Re:Great

[mageos]

How am i going to to that there are attractive women who want to meet me.

Re:Great

[ricotest]

• You aren't, stay at your parents' house for now
• Ask your son
• Suprnova
• It's a UNIX options directory.

Re:Great

[rf0]

I'm sure you get plenty of normal junk mail. Apparently I've won a holiday in barbados today. I just have to send the claim fee

Rus

Re:Great

[antifoidulus]

You forgot the most important part, how are you now going to know when a very obscure but very weatlhy relative of yours who was living in Africa dies? What kind of monsters would take that news away from me?

But the money was so tasty

They're just upset to get rid of those tasty, money making, high-bandwidth using spam accounts.

Capitalism In Full Flower

[ackthpt]

the CEO promises that all such accounts will be closed within 10 days (working days?) Amongst these accounts are believed to be the majority of the top 150 worst spammers worldwide."

In related news the CEO said, "To make up for the lost revenue, we'll host pr0n. We'll be actively competing with GoatSex Guy."

Re:Capitalism In Full Flower

[gstoddart]

in related news the CEO said, "To make up for the lost revenue, we'll host pr0n. We'll be actively competing with GoatSex Guy."

I refuse to belive that guy could possibly be generating revenue from that site.

If anything, I'm sure he's paying through his ass for bandwidth. (Oh, sorry, couldn't resist.)

=)

Re:Capitalism In Full Flower

[Mateito]

We'll be actively competing with GoatSex Guy

Please explain (without diagrams!) the GoatSex guy's business model.

Re:Capitalism In Full Flower

Start to? Porn is how SAVVIS got its start. I worked for them for the worst few months of my career. Everything at savvis.info is true and more. The SEC would be interested in some of the scuttlebutt I heard, and things I saw are very actionable for breach of contract. Funny thing about the hosting/managed services business though, breaching your contract does so much damage to the customer company that they're usually forced closer to bankruptcy than to suing you.

Re:Capitalism In Full Flower

[shadowcabbit]

YOU SON OF A BITCH. I very nearly snorted a candy bar out my nose at that. WARN PEOPLE NEXT TIME!

(seriously, that was great, man.)

Re:Capitalism In Full Flower

[Snowdog668]

My first thought on this was, well, there's people out there that will pay to see just about anything.

My second thought was, what was the first /. user that actually found that site actually looking for? Maybe I just haven't been around long enough but was the first link to the site a bit of self-promotion on the part of the webmaster or did one of our own actually stumble across it? If someone found it I'd hate to see the Google search that brought up that result. :)

Re:Capitalism In Full Flower

[ricotest]

You underestimate the number of desperate guys* out there who ready their credit card at the slightest mention of 'Paris Hilton', 'anal' or 'Ron Jeremy' (okay I was joking about Paris Hilton, the video sucks)

*'desperate guys', of course, does not include geeks like myself who get their sexual satisfaction from other sources. By which I mean P2P, just to pre-empt anyone mentioning goats, love dolls, or goat love dolls.

Damn it!

[cbrocious]

Right on the day my emails for spam-blocking software were going out. Foiled again...

Truth about Savvis

You can go to Savvis.net for the official spiel or try http://www.savvis.info/ for the truth.

Re:Truth about Savvis

WARNING: Parent post goes to a web page that uses the blink tag.

Re:Truth about Savvis

There's not a whole flipping lot of "truth" there, except claims that this company 1) overworks its employees, and 2) is nepotistic.

Even if true, that's about my baseline expectation these days. Although it amused me greatly to see (yet again) an emotional outburst webpage with "facts coming soon!" claims.

Re:Truth about Savvis

[IncohereD]

Probably standards compliance. Even if the standard is stupid.

how terrible

[RevKa]

I was just starting to enjoy my corrspondence to that poor cancer ridden Zimbabwean, who happens to be trapped in space!

Re:how terrible

[mr_z_beeblebrox]

I was just starting to enjoy my corrspondence to that poor cancer ridden Zimbabwean, who happens to be trapped in space!

Too bad you didn't talk longer. You would have found out that due to an invasion his government was anihilated and he was the only survivor. He doesn't have a bank account and I am helping out with a VERY large transaction. Savvy?

Savvis to later announce..........

[ARRRLovin]

......a 75% decrease in network traffic.

If it makes money...

[ElForesto]

... the spam will keep flowing. I guess the spammers themselves aren't the only ones raking in the green. I would imagine that the prospect of losing so much face to their largest clients is probably the only thing that got them to consider fixing the problem. If I happened to operate a large company, I wouldn't want to be associated with a company that's a spam factory.

Re:If it makes money...

[RealProgrammer]

The answer to spam is to find a way to detect its origin and then to respond to it ruthlessly.

The current SenderID/SPF and other DNSy proposals are a start, but they don't really do the right job. The trouble is they are trying to win too much of the war with one battle. If we fix SMTP such that a recipient knows, with certainty, that the address of the immediate sender is actually correct, then most of the spam problem can be dealt with more effectively by other methods.

We shouldn't then worry about whether a machine is spamming because Grandma has a virus or because it's owned by a spammer. Just DOS the thing, or the network it's on. Spam should be self-defeating: you send it, and you (and your ISP, if necessary) get warned, then blacklisted, then isolated, then deluged, then DOS'd.

The time is past for coddling ourselves. Let's deal with the problem and defeat it.

Re:If it makes money...

[ElForesto]

Most spam uses bad return addresses anyway. You could simply have it setup so that your e-mail system could initiate a reply in a fashion similar to the way bounces are generated. If it gets any message other than OK, it rejects the message before delivery.

Spammers would naturally move to using real addresses they culled from other sources, but it's a good first step that I believe would eliminate the vast majority of current spam.

Re:If it makes money...

[Zork+the+Almighty]

We need a new protocol, better than SPF, which will allow us to send debilitating electric shocks to spammers' genitals over the internet. Of course, they'd find a way to charge people for the pleasure.

Re:If it makes money...

[JuggleGeek]

You obviously don't understand the problem.

Why 10 days?

[garcia]

They obviously know who the 148 people are so why will it take them 10 days to remove their accounts?

Are they going to send them a greeting card or something that says, "oh, even though you are great customers we are being told we can no longer host your illegal activities so you have 10 days to vacate?"

Re:Why 10 days?

[mageos]

10 days gives them time to switch to a new network, with no downtime.

Re:Why 10 days?

[gclef]

Obviously, this will be conjecture, but my guess would be that 10 days is "reasonable", by their definition in the contract. The idea is if they get sued by any of the kicked spammers, they can point to the termination clause that includes "reasonable notification" and claim that 10 days is "reasonable", so they were within the terms of the contract.

Re:Why 10 days?

[SkjeggApe]

Because that's how long it would take savvis to set up savvis2.net, or spamfriendlyisp.net, or something similar, move some servers around, send a "Don't use savvis.net/login anymore, use savvis2.net/login" email to all their "premium" customers, and LOUDLY proclaim that savvis.net has taken extreme measures in the battle against spam, and is the greatest thing since sliced bread.

Re:Why 10 days?

[qbwiz]

That would make it even easier to block spammers, with less worry about collateral damage.

Re:Why 10 days?

[JuggleGeek]

10 days gives them time to switch to a new network, with no downtime.

It's probably 5-7 days for Savvis to find someone who will purchase all the spammers as a joint deal, so Savvis can make some more money off of them, and 3-5 days for the spammers to switch without downtime.

None of this happened without Savvis knowing. They bought C&W, which was *nothing* but a spamhouse, and surely they knew the reputation. This is all business for them. They don't give a shit about anyone else.

Re:Why 10 days?

[gurps_npc]

This would be a good thing. It would allow us to blacklist savvis2.net without affecting the legitamate people who use savvis.net

Shortchanged?

Who's gonna remind me that I might have been shortchanged by nature?

About bloody time

[dacarr]

It'll help for now, but it won't end spam.

But it makes me wonder if this was more of a move of desperation for Savvis. On the surface, sure - they were threatened with what amounts to a permanent blacklist. But even then.

slashdotting

[shfted!]

With how slow their site is responding, I wonder if they're responsible for sending out that much spam in reality -- or maybe their connections are just flooded with the stuff.

Right after they were threatened with a netblock

[Animats]

This only happened after Savvis was told that their entire network was about to be e-mail blocked.

Re:Right after they were threatened with a netbloc

[Dimensio]

This only happened after Savvis was told that their entire network was about to be e-mail blocked.

Which confuses me greatly. There are ISPs in the world that haven't already blocked all of Savvis at the router level?

Dropped for now

[sbackholm]

Savvis may be finally ready to drop these spammers, but how long before another ISP is willing to pick-up the $2 million dollar cash flow?

Re:Dropped for now

[Mateito]

$2 million dollar cash flow

Immoral, illegal, whatever. If they are really pulling in that amount of money, I'd consider doing it.

However, I have grave doubts that believing that the money is that good. You can buy a good wad of "regulators" with that cash.

Re:Dropped for now

[gcaseye6677]

The objective should be to force spammers to migrate to smaller and smaller ISPs, that way the small ISPs which host spammers and few other clients can be completely firewalled with minimal collateral damage. As the ISPs lose customers, which are sick of being blocked, they will be left with only spammers and eventually they'll die out completely. Only then will spamming become too difficult to be profitable.

Re:Dropped for now

[Mateito]

There are levels of "immoral"

Personally, although I hate Spam, its not in the same box as Sex-slave trading.

Drug trafficking may be more on a par though.

IP blocks

[sp00]

How long will it take for others to unblock their IP ranges so they can recieve legit e-mails from them?

Re:IP blocks

[kmmatthews]

unblock their IP ranges

On my personal network? Approximately...

Nope, still never. 10 days to take action against their spammers, when it should take 15 minutes to disable all those accounts?

In short, I won't believe it until I see it.

Re:IP blocks

[Dimensio]

Depends on who runs the blocks. On "professional" blocklists, like SPEWS, the listings should disappear as soon as it is confirmed that the spammers are gone (though -- despite the lies of a number of SPEWS-haters -- SPEWS itself does not block mail, the "blocks" would then disappear from the lists of those who filter with the lists provided by SPEWS). Other, more hard-line network admins might hold off a little while, perhaps waiting until a little after the heat death of the universe before removing Savvis IP entries.

Re:IP blocks

[JuggleGeek]

How long will it take for others to unblock their IP ranges so they can recieve legit e-mails from them?

I'd be willing to bet that many AGIS IP addresses are still in blocklists today...

Which rule was it?

[taustin]

[Rob McCormick] disputed the figure of $2 million a month revenue from the spammers, and said the actual figure is only a tenth of that amount.

Which is to say, they bill $2 million, but spammers, being spammers, only pay 1/10th.

Can't help but how much that has to do with botting the lying thieves, and how much is the threat to block their entire network.

Re:Which rule was it?

[ElvenMonkey]

I hasten to point out... that 1/10th of $2m a month is still $200,000 a month, not the kind of revenue they're going to be ecstatic about losing.

Re:Which rule was it?

[taustin]

It's less than it costs to give them service, if they're only collecting 1/10th.

ePorn is very profitable

[winkydink]

I worked at a major competitor (big company) of these guys for a while. Almost 50% of hosting revenue came from Porn. They were great customers. Seldom complained. More often than not, paid full price for bandwidth, and always paid their bills on time.

Re:ePorn is very profitable

[rf0]

If a Porn site is down then the money they lose is huge. They are happy to pay to keep it up

Rus

Re:ePorn is very profitable

[gordyf]

They are happy to pay to keep it up

*cough*.

Re:ePorn is very profitable

[anticypher]

Many ADSL providers here in Europe have transit and peering contracts which require an almost symetric level of traffic. Pull too much traffic, and you'll eventually find yourself in a breach of contract negotiations with the main carriers *cough*uunet*cough*L3*cough*opensewer*cough*

When your entire business is based on ASYMETRIC connections, you have to provide web hosting to balance the load. There is only one type of web service which can counteract all those thousands of home users downloading pr0n. Pr0n servers!

Many of the ADSL providers I work with have a few racks of pr0n servers to balance things out. The cautious ones get the money up front from the pr0nmeisters, because there are quite a few who serve up pr0n for a month or two, then disappear. There are many semi-legitimate pr0nsters who have no problem putting up a few thousand euros in bandwidth fees in advance, because they already are turning over huge amounts of cash from existing servers.

Hosting fees for pr0n servers are often slightly lower because the traffic patterns are to the ISPs advantage. Spammers, however, will get pulled in minutes, or at a maximum of a day later.

the AC

Re:ePorn is very profitable

[winkydink]

When you are a one of the big boys with a large, global network, the perring game is much more complex than symetric bandwidth.

Re:ePorn is very profitable

[bairy]

*cough*

and drop?

Re:Right after they were threatened with a netbloc

[garcia]

Oh come on, of course they weren't going to do anything if no real threat emerged. They were making somewhere between 200,000 and 2,000,000 a month from the spammers. As a business in today's market would you give up that kind of cash flow w/o any repercussions coming your way?

If you say anything other than "no" you're lying.

Was the title copied from The Register

[drgonzo59]

The alliteration gave it away ;-)

Re:Was the title copied from The Register

[jejones]

The use of a plural verb form with a corporation also points to an English origin for the title.

Savvis closes spammer accounts

Thank god! I run a webhosting buisiness and I frequently get huge amount of spam from Savvis ip ranges. The spammers 'poked the eye of the sleeping dragon' so to speak and now that it is 'awake' the dragon is finally taking out the spammers who plauge our inboxes day in and day out. I run spam assassin and its still not killing all the spam I receive so this is a step in the right direction. Though I fear spammers may just move to other companys or another account on Savvis. Hopefully it does not come to that but it just may in the looming months.

Re:Right after they were threatened with a netbloc

[Theatetus]

There are ISPs in the world that haven't already blocked all of Savvis at the router level?

Well, given that Savvis's customers (both their own and the ones they got from c&w) include people like Lycos and a few Federal agencies, that might not be such a good idea.

Who?

[shadowspar]

At first I saw the name `Savvis', and I'm thinking, never heard of them before, who's that? Then I saw the mention of C&W in the article and the light went on -- "Oh, Clueless and Witless! It all makes sense now!"

Re:Who?

[gujo-odori]

Savvis is the Artist Formerly Known as Exodus.

When things started getting tight around there as the dot-com pyramid scheme imploded, one of the first departments to go was Abuse, as far as I could tell. At least my then-employer, an Exodus subsidiary, could e-mail them without response. This happened about the same time that spam coming out of Exodus IP space (which had previously been pretty clean) started increasing exponentially. Coincidence? I think not.

I also remember one day when the former CEO of Exodus publicly stated that Exodus did not host porn. On the day that statement was made, I knew for a fact that it was false. We were not only hosting pr0n, some of those sites were spamming, which is how they crossed my radar in the first place. I'll give her the benefit of the doubt and assume that she just didn't know the kind of people the sales department was bringing in when the going got tough; I don't think she lied. However, it wasn't a good thing to say without checking it's veracity first. Obviously, no sysadmin or network engineer was asked; any of us could have told her that Exodus was hosting porn by then.

Re:Who?

[gujo-odori]

P.S. Things actually got *way* better around there after C&W bought Exodus. C&W is a company I would work for again.

Re:Right after they were threatened with a netbloc

[beavis88]

If 99.99% of their business comes from other sources (as TFA says), then giving up that piddly amount of revenue in order not to be associated with 148 of the most worthless humans on earth should be a slam dunk. Well, at least if they're looking past their next quarter's projections, which admittedly may be a stretch.

Finally

[rf0]

Now I can finally start getting some of our servers out of blacklists after DC's put in Savvis and route across them

Rus

If they were serious.

[www.sorehands.com]

If they were serious about spam (not just because it is starting to cost them), they could do more.

When they cancel a spammer, make the information on the spammer public so that the spammer can be tracked and sued.

Re:If they were serious.

[Chatmag]

Why not turn spammers information over to the Florida AG office. They're itching to try out our new spam law, and besides, with all the damage from the hurricane outbreak here, the state could use the money.

My girlfriend and I had just bought 28 acres to open a nursery next spring, and found a large oak across the only building on the property. It was an old frame structure, and not worth much, but now we have to buy something for an office. Too bad I couldn't get some of the spammers fines to buy a new building.

Re:If they were serious.

[Suidae]

My girlfriend and I had just bought 28 acres to open a nursery next spring

Wow, 28 acres for a nursery? These new fertility drugs are getting redicilious!

Serious though, I'm curious if you plan on building more structures that the next storms will blow over, or will the permanent structures actually be designed with the climate in mind?

Re:If they were serious.

[Chatmag]

We're opening it as a retail outlet for a local wholesale nursery. Their site is 132 acres, so I figured one fifth for us. I've been doing some research, and found that the lower third is considered wetland, although available for commercial use. Prior to learning that, I was working on a recycling system for watering. I'm going to put pond liner strips of 8' X 50' down over pine straw mulch, forming a center channel for water, and place the plants on the liner strips. And we'll put catch basins at the lower ends, transferring the water to several holding tanks, which will then be used to water. It's a bit more complicated than that, but thats the quick overview. I knew that I had to come up with a recycling plan to help prevent polluting the ground water with nitrate rich runoff.

Re:If they were serious.

[foniksonik]

Personal note... look into a federal or state facilities grant or loan... the loan is a 504 and is good for up to 3 million at very good interest rates and has available bridge loans to pay for the down... you should also qualify for a rural area special facilities loan, etc. there's a lot of money available with really good terms... you just have to help the government employees find it for you ;-p they don't get paid enough to do the work themselves but the money is there waiting for you and you get a clean slate on it every year so apply now and apply again in January... get your money... OPM (Other Peoples Money) can do wonders.. BTW it's your tax dollars at work too.

Re:If they were serious.

[Chatmag]

Thanks for that information :)

Re:If they were serious.

[JuggleGeek]

Why not turn spammers information over to the Florida AG office. They're itching to try out our new spam law

Yeah, that's why there are no spammers in Boca Raton, and no con-men in Ft Lauderdale - it's because the Florida AG cracks down so hard on that kind of scum...

Burn Savvis 'crops', Salt Their Fields!

[World_Leader]

They should be driven out of business and their assets seized for compensation for the damage they've caused. I've got a call out to my lawyer, Savvis is the Enron/Worldcom of the Internet! Please post their network ranges. What they are doing isn't good enough, they need to be destroyed before they kill again.

Re:Burn Savvis 'crops', Salt Their Fields!

[Smallpond]

blackholes has ranges for some ISPs, but not Savvis. There is one for
c&w

You can use some of their lists to block a lot of spam. If you don't know anyone in China or Korea, you can block those segments.

Re:Burn Savvis 'crops', Salt Their Fields!

Savvis is the Enron/Worldcom of the Internet!

Since Worldcom owns MCI & UUNet, wouldn't Worldcom be the Worldcom of the Internet?

Re:Burn Savvis 'crops', Salt Their Fields!

[the+chao+goes+mu]

Wasn't Worldcom the "worldcom of the internet"?

Re:Right after they were threatened with a netbloc

[Jon+Chatow]

AIUI, the "99.99%" is of the number of customers, not revenue or profits, BICBW.

Should't be too long..

That they find another unethical ISP that doesn't mind taking money from thieves(I doubt that they "earned" most of their money legally, they use viruses in order to spread their crap, they use open proxies on compromised machines to hide themselves, etc), will turn a blind eye to illegal activities(i.e. ThePlanet.com ignores reports of fake bank and phishing sites), and the ISP is ok with having their IP range blacklisted to hell.

Contracts Perhaps?

[nurb432]

If they are doing legal spam, and not violating the AUP, then I'm sure they have to be given notice or they could counter sue for breach of contract..

Considering how scummy spammers are, id not put it past them to do something like that.

Disclaimer: I've *not* seen the contract/aup nor do i know the legal status of the spam they are sending.. I'm just guessing here..

I thought all Spam was from evil non-Americans?

[mark2003]

Every time a story gets raised on Slashdot about spam, hundreds of Slashdot posters blame it on those commies in China, Korea, Russia etc and then call for blocks of all emails from these countries...

Now we have some proof that 148 of the world's worst spammers are hosted by a US company will these same people call for a complete block on US emails or is that now a crazy approach?

Re:I thought all Spam was from evil non-Americans?

[lessthan0]

Savvis is NOT a US company. They are a UK company.

I don't know about C&W. I also don't know whether most of the spammers came from C&W or were already Savvis customers.

I manage a group of servers hosted at the Savvis LA1 NOC and they seem like a competent company. This year, I got a couple of compaints forwarded to me, which were resolved quickly (no spamming from my servers).

Still, I am glad they are going to be proactive in combating abusers.

Re:I thought all Spam was from evil non-Americans?

[InvisiBill]

I thought it was common knowledge that most spam comes from the US. http://www.spamhaus.org/rokso/

As the others said, it's a matter of baby vs. bathwater. People (usually) don't just block all of China because there are some spammers there, they block all of China because there are some spammers there and they don't expect to receive any valid email from China. While there may be a huge amount of spam coming from the US, most of their valid email is probably coming from the US also. It simply wouldn't make sense to block the entire US. It would be the equivalent of an email filter that deletes all of your mail, because most incoming messages are spam.

There are some admins/RBLs that do block huge sections of the internet for any spam. These people take the collateral damage approach. Their plan is to interfere with the ISP's legitimate emails enough that the ISP decides it's in their best interest to terminate the spammer. For example, blocking any mail from any AOL server, because one AOL user sent some spam. In my experience, these tend to be the angsty types who are doing it more as revenge than as an actual anti-spam tool. There isn't much effort put into validating the blacklist info or keeping it updated.

Re:I thought all Spam was from evil non-Americans?

[some1somewhere]

Hear hear! All countries versus the USA... uh... wait... how is that different from RL (real life)?

Re:I thought all Spam was from evil non-Americans?

[EuroMike]

In Capitalist America, spammers block YOU!

Re:I thought all Spam was from evil non-Americans?

[Technician]

Now we have some proof that 148 of the world's worst spammers are hosted by a US company will these same people call for a complete block on US emails or is that now a crazy approach?

Like most Americans, I don't have any overseas connections. Blocking all overseas mailservers simply is a spam filter that is effective in stopping much of the flood of SPAM without a single false positive.

It also blocks the spammers who may be in America and are using overseas mail proxies to try to beat US anti-spam laws. Again, blocking these block 100% SPAM and have 0 false positives. I don't blame other countries for having spammers, I blame them for having open proxies and/or spammers that send me unwanted junk. That's why many Americans including myself block overseas mailservers.

Not quite

The actual saying is: if you steal one penny you are a thief. If you steal one billion you are in big trouble unless someone burns the building down.

Spammers will go elsewhere

[Random+BedHead+Ed]

Until there is a universal anti-spam framework in place across the internet, this move won't help anyone. It will help Savvis's reputation (at least, it will help them eventually; people will still block them for a while). But it won't help spam recipients, because the spammers will simply go elsewhere. Spammers, being the leeches that they are, adapt pretty damn fast.

Re:Spammers will go elsewhere

[robogun]

Spammers, being the leeches that they are, adapt pretty damn fast.

Spammers are persistent and work damn hard. Which brings to mind, if they only put half that effort in legit work, they would probably be halfway to CEO by now in a legit company.

However, legitimacy is not an option for the truly evil.

Re:Spammers will go elsewhere

[Random+BedHead+Ed]

Congratulations on your wise-ass comment, Anonymous Coward. Actually I didn't suggest that I have a final solution, nor that there can be one (we might be doomed). But if I find a brilliant idea I'll post it here.

They're just not worth it

[Trailer+Trash]

He disputed the figure of $2 million a month revenue from the spammers, and said the actual figure is only a tenth of that amount.

It's not worth $2m/month for the bad publicity, how much less then $200K/month. That doesn't make sense. If you're only making $200K/month, little over $1000/spammer/month, then dump them. Why is this even being discussed?

spam assassinated?

[antimatt]

With all the spam-blocking programs out there, and with most of the major web-based email providers offering their own spam protection, I wonder why there's still a tremendous uproar about spam. Myself, I haven't needed to delete a single spam message in probably six months, and I have three web-based accounts.

Is spam still truly the problem people say it is?

If this is ignorant, then I embrace it as an opportunity to learn.

Re:spam assassinated?

[mrbcs]

It's worse.

It's out of control and between spam and spyware it's driving people off the internet.

I saw an ad about a spam firewall, I want it stopped before it gets to my inbox.. not just labelled spam and sent to the trash.

I'm sick to death of this. Try having your own email on your domain for 5 years and see how much spam you can get!!

I'm seriously tempted to run my own mail server and block everything I can to stem the tide.

Re:spam assassinated?

[nnet]

...Is spam still truly the problem people say it is?...

Of course, just because a user doesn't SEE the spam, doesn't mean the spam isn't wasting bandwidth and system resources being sent and rejected/dropped.

Too little...

[A+well+known+coward]

.... Too late...

From TFA...

[jcr]

As rumours about Savvis and the spammers grew on the internet, executives discussed different ways of keeping the customers and whether they could hide them by changing their names or their computer IP addresses.

One memo, from a senior Savvis executive in charge of Information Security, warned fellow management that the company was in danger of losing its good reputation and a secure and honourable provider.

He warned that they could lose their ability to sell to upstanding customers.

Too late. The fact that the PHBs at Savvis actually considered keeping the scumbags as customers takes them off my acceptable vendors list.

May they burn in hell.

-jcr

Re:Right after they were threatened with a netbloc

[Dimensio]

Well, given that Savvis's customers (both their own and the ones they got from c&w) include people like Lycos and a few Federal agencies, that might not be such a good idea.

Why not? If I run an ISP, I am perfectly within my rights to block all traffic from Savvis's networks regardless of who is renting bandwidth from them.

Quelle surprise

I personally have complete confidence in Savvis

Spammer likes spam-friendly ISP. Hardly earth-shattering news.

yeah but...

[www.sorehands.com]

There are two problems with this: 1) AG's office can get the information is they ask, as most ISPs will help law enforcement; 2) An AG's (or most government agencies) office usually will negotiate some slap on the wrist. But, if you have 50 different people filing lawsuits against a spammer, it will hurt much more.

Re:yeah but...

[Chatmag]

Florida has for a long time been the haven of spammers, so the State knows all eyes are on the AG's office to see how they enforce the new law. You can read more about the law, and there is a provision to report spam, on the MyFlorida web site. The only downside to their reporting procedure is that you have to fill out a form, rather than just forward the spam email, but that may change in the future.

Re:Right after they were threatened with a netbloc

[Theatetus]

If I run an ISP, I am perfectly within my rights...

Maybe, but when our customers can't access legitimate sites, they head to another ISP. We can't even use spamhaus because it blocks too many networks with real users on them.

Savvis AUP prohibits Spam

[mhollis]

(From the "this is news?" department):

Found on their website

The following general actions are considered "abuse" and are strictly prohibited:

1. Any conduct which is inconsistent with generally accepted norms and expectations of the Internet community (whether or not detailed in this AUP). SAVVIS reserves the right, in its sole discretion, to make a determination whether any particular conduct violates such norms and expectations.
2. 
   Using SAVVIS networks to transmit material that SAVVIS believes to be illegal, obscene, or inappropriate.
   Forging of message headers or identity information, or taking any action with the intent of bypassing restrictions or limits on access to a specific service or site. This prohibition does not restrict the legitimate non-commercial use of pseudonymous or anonymous services.
   Falsifying identity or contact information (whether given to SAVVIS, to the InterNIC, or other parties).

And found elsewhere on the same page, specifics against "spam e-mailing." That pretty much covers the actions of those who are using the system to send out unsolicited commercial e-mail.

I believe that Savvis ought to be made to completely reveal to the authorities and the Internet Community the identities, home and work addresses and telephones of those persons identified with the sending of UCEs. That might take 10 days, though it should not.

Of course that means I'll get less pr0n in my in-box....

Re:I don't follow

[Chatmag]

Property insurance in Florida is a joke. The only reason people have to buy it is to satisfy the conditions of a mortgage. In general, insurance companies here are offering about 30 cents on the Dollar for hurricane related damage. As to your other question, that was just wishful thinking.

Re:Spammers will go elsewhere-try my solution...

[iamcf13]

Until there is a universal anti-spam framework in place across the internet, this move won't help anyone.

My software addresses this issue by:

1) Making it 'almost impossible' to spam.
2) Any spam that 'gets into the system' is clearly marked as such on the email message subject line.
3) Emails sent to recipient accounts serviced by my software containing user-unwanted content are automatically 'deleted' and never appear in their inboxes.
4) Any emails containing any 'hostile' content whatsoever is rendered inert and safe to handle and scan for malware.

Full details here.

Wide usage of my software will put into place the 'universal anti-spam framework' that you seek.

They are a huge connector.

[khasim]

If your ISP cut off connections to them, you'd probably complain when you couldn't access a LEGITIMATE site.

Which is the problem. They're so big that they have lots of legitimate customers and a few spammers.

The only way to go after them is through their reputation and their customers. Which is what happened. They don't want to be known as a spammer's network so they have to change.

Everyone boycott saavis

[avida]

Don't buy their services! I will not be satisfied until their entire company goes down the tube.

it's all outsourced...

[bani]

...don't ya know?

Users' worm-infected boxes?

[necro2607]

I wonder if it's occured to anyone that a decent percentage of those "spammers"' machines are actually those of unaware home users with worms or back-door type software installed on them...

Re:Users' worm-infected boxes?

[way2trivial]

just from reading the list of names in the link provided near the top (link to link) I don't think so, they sound like names of marketing firms...

permanently block them..

[zogger]

...as in forever. Let it serve as an abject lesson to other hosters that if they take up the soon to be alleged spam gap, they too will get permanently blocked.

Re:permanently block them..

[secolactico]

...as in forever. Let it serve as an abject lesson to other hosters that if they take up the soon to be alleged spam gap, they too will get permanently blocked.

What happens when the ISP goes belly-up and the IP space gets reassigned to somebody else?

The problem with permanent blocking is that eventually, most of the internet will be blocked.

Re:permanently block them..

[zogger]

All that is going to happen now is that they will move to another hosting provider. As in big deal, non story, no lessening of spam. If these people know not much will ever happen to them, and the hosting providers know they can make a bundle, the problem continues and gets worse. Block a few biggees in a row, just *maybe* a new and different message will get out to spammers and the goofs who host them knwingly. The message now is "naughty naughty, don't do that or we'll stamp our feet". OOh wow, that's got to be scary. Not. I say block 'em. I sincerely doubt it would ever get to "the entire internet" before spam was almost completely curtailed.

Oh well, who cares really....if people wanted to really eliminate spam from their inboxes they would do a default blacklist on all email and only allow whitelist entries in, and use webforms for first contacts. Instead they want to fool with rube goldberg voodoo AI attempts that barely work.

If we treated email addresses like we treated physical phone numbers and street addresses, there would be a lot less spam. spam exists because it's incredibly easy and extremely cheap to create millions of addys. If it would cost 10$ a year (whatever) per email addy, email would be treated more seriously. Everyone wants free email anarchy, so you get what you see. You can't have it both ways, either email needs some regulation like DNS entries, or you'll get spam and relayed viruses and whatnot. Phooie. A few years ago I about 100% gave up on email, I maybe do a few a week now, that's it. I just stopped using it because of all the crap associated with it, and I dread using it now. I would *gladly* pay 10 a year for secure and verifiable email service where only honest people had access to it, at least verifiable ways to see who was honest or not. The way it is now will never be fixable. Never.

Re:permanently block them..

[Skapare]

I believe in forgiveness. I'm willing to unblock Savvis. But only after Rob McCormick calls me up and asks for forgiveness. Then I'll wait 10 days before unblocking them.

Spammis

[DSP_Geek]

Savvis, isn't that the new pronunciation of "Agis"?

(Agis hosted Sanford Wallace for about a year while loudly proclaiming they weren't doing anything wrong. LOTS of people found out how to block IP ranges. Agis later repented, booted Wallace et al, but it was too late. Nobody who cared about their online reputation would choose them as a host, and Agis went belly-up not too long thereafter.)

If they have a reputation...

[mwood]

...why had I never heard of them before? (Maybe they don't do anything that *is* worth mentioning?)

I have proof they know.

[khasim]

Via spam I've been submitting through www.spamcop.net. They've received soooooo many complaints that they don't wan't to receive any more. Here's the output:

Tracking link: http://www.sheck-buy.com
[report history]
ISP does not wish to receive report regarding http://www.sheck-buy.com
Resolves to 216.39.69.238
Routing details for 216.39.69.238
[refresh/show] Cached whois for 216.39.69.238 : abuse@savvis.net
Using abuse net on abuse@savvis.net
abuse net savvis.net = abuse@savvis.net
Using best contacts abuse@savvis.net
ISP does not wish to receive reports regarding http://www.sheck-buy.com - no date available
http://www.sheck-buy.com has been appealed previously.

Spam will die when it becomes un-profitable.

[khasim]

This is just ONE step in ratchetting up the cost of spamming.

As you can see in the article, the spammers paid LOTS of money to savvis for the bandwidth.

Now they'll have to find another ISP which will, probably, charge them even MORE money to put up with the crap that savvis is unwilling to deal with any more.

This isn't the war, but it is a victory.

Agis is an acronym

[NoSuchGuy]

Agis = All You Get Is Spam

No...No...No...

[www.sorehands.com]

There will be hosts in Russia, China, Korea, and Brazil.

We need to track down the spammers, take them to court, and take away some of there money.

One lawsuit is not going to put a dent in their business, but when they have to defend 50 lawsuits and pay $10,000 in attorney fees to defend each one and then pay a $5,000 judgment, then it will hurt them.

Re:No...No...No...

[gcaseye6677]

I absolutely agree with this approach; it would definitely put a dent in spam profitability. But when it starts happening, they will move to foreign servers anyway to make prosecution a lot more difficult. But when U.S. internet providers threaten to cut off connections to all of the aforementioned countries, which they could do without a problem, then those countries will start taking the anti-spam fight seriously.

Another method of financially hurting spammers, which the government could start doing anytime they wanted to, is the Al Capone style of prosecution. Get them for tax evasion. I highly doubt that spammers report all of their income to the government. There's probably a bunch of general business laws they are violating, in addition to the fact that a lot of what they advertise for is blatantly illegal. The government doesn't need new laws to crack down on spammers, they need to enforce the ones we already have. When word gets around that spammers are being hauled into court, the others will stop soon.

SPEWS really DOESN'T block anyone

[billstewart]

Several replies to the parent article have disagreed and said that SPEWS does block people. But it doesn't, and the parent article is correct that that's a spammer lie (as well as a common misperception by some non-spammers who don't RTFM.)

What SPEWS and similar services do is blacklist people, and users of the blacklists can decide whether to use the blacklist to block incoming messages, or whether to use it as weighting in systems like SpamAssassin. I fairly commonly see SpamAssassin ratings that say "X points because it's in blacklist1, Y points because it's in Blacklist2, Z points because it's matches the Nigerian_3 pattern, N points because it's ALL YELLING", etc.

SPEWS does have a reputation for being overzealous, and blacklists that are way overzealous get ignored by users, or given a low SpamAssassin weighting or whatever, as opposed to more conservative and responsible blacklists. But that's a choice you can make.

Re:SPEWS really DOESN'T block anyone

[studog-slashdot]

SPEWS, SpamCop, et al don't block anything. They are merely a blacklist as the parent pointed out.

What I can't figure out is this: their service is *identical* to credit reports. They take reports from third parties, produce lists of reported activities, and let others make their own decisions from the list.

Why isn't the credit reporting agency analogy more often used? Regular people should understand that right away.

...Stu

Re:SPEWS really DOESN'T block anyone

[welsh+git]

> Why isn't the credit reporting agency analogy more often used? Regular people should understand that right away.

Regular people ??? Slashdot ???

You're new here, right ?

I didn't send in the response card for the holiday

[billstewart]

...and the annoying spammers had a machine call me on the phone and say that I might have accidentally mistaken their ad for junk mail. (It might have been different spammers, and no, I correctly identified their ad as junk mail :-)

Why 10 Days

[Nom+du+Keyboard]

You'd think if they knew who the 148 spammers were, just give them the list had have them gone today.

Re:Why 10 Days

[Skapare]

You forget ... these are managers and corporate executives we're dealing with ... very clueless about internet stuff (even the ones that run internet companies).

The solution should start with THE LAW.

[Spy+der+Mann]

1) Make it illegal for ISPs to allow customers to send SPAM.

2) Make it illegal for particulars to send SPAM (directly or thru a 3rd party) using either local or foreign ISPs. Consider SPAM (even from third party) in favor or particular's webpage as a solid proof of their approval.

3) Endorse this law across different countries.

This way, spammers will be forced to leave the nation, and will have nowhere to hide. After they install themselves on other countries, it's just a matter of blocking their IP's.

What govt people don't realize, is that all this money that spammers got, comes from the AVERAGE USERS. If they cut the spammers, they're not cutting the income. The users ARE STILL THERE. THE MONEY IS STILL THERE.

They don't lose by banning SPAM. They win!

I'm just finding this out now?

[bigtallmofo]

I can't believe that I haven't heard of Savvis' reputation until they're now trying to reform it. I'm a decision maker at a fairly large company and decided to be a customer of Savvis' for several years until we consolidated all of our communications lines with two other companies. Had I known they were a spam haven, I never would've chosen to do business with them. There certainly are enough providers in the world to allow you to stand by your principles when choosing one. Companies that are a haven for spammers (especially seemingly legitimate ones like Savvis) should be labeled as such in every possible avenue.

Re:I'm just finding this out now?

[Skapare]

If you haven't heard about it, then you must not be very much in touch with what is going on in network administration and mail server administration. But then, over 2/3 of administrators are out of touch, so we could hardly expect managers to have a clue. You'd have known they were a spam haven if you had checked up on them. Did you? You know their sales people are certainly not going to tell you that in their sales pitch (unless, perhaps, you are a spammer, which I don't presume you are). To their benefit, Savvis isn't the worst out there, and most of what they are dealing with now is the result of the C&W acquisition. Probably the worst right now is MCI/UUnet (in the USA).

So, just how many "decision makers in large companies" would know about this stuff if you didn't? What can be done to inform them (without spamming them, of course)?

Re:I'm a Savvis customer

[Skapare]

He's had plenty of time to know who the spammers are and what services are provided. Why not shut them down today? Why is he waiting 10 days? I'd like to see Savvis clean up, but this 10 day wait tells me that Rob McCormack still doesn't get it. Of course this is better than keeping the spammers, but it just isn't good enough for me to lift the blocks at this time because I do not see an anti-spam attitude from Savvis, yet. When I see that attitude, or when they are no longer listed in any major spam list for at least 3 months, then I will unblock them.

Why should ever company have problems just because they are large? If they are 10 times as large, they should have 10 times as many good people handling things. Unfortunately, the reality is, larger companies tend to have way fewer people, and as a result, poorer service.

I've talked to real people at many companies before. But they are usually people who still don't have the authority to fix the problem. How many of these real people at Savvis that you talked to could fix the spam problem and get your IP addresses out of the blacklists? Answers are nothing. Actions count. Maybe we'll start seeing some actions after the spammers get 10 days of spam runs?

As a stockholder, have you read Savvis' SEC filings, and in particular, read the disclosure of the financial risk they face due to their practice of harboring spammers? Did they even disclose that fact at all?

BTW, you didn't help with this problem. But if you, and many more other people, had canceled service and dumped stock sooner, then the problem would have been fixed sooner.

The same Savvis?

[belowtheroot]

Stupid question, but is this the same SAVVIS that I remember hearing was co-founded by Timothy Roberts of Infinium Labs? If true, what I think is more interesting than the news regarding spammers on their netork is that a company he once belonged to is actually still alive and kicking.

Re:Spamhaus, not SPEWS

[Skapare]

I haven't seen very many false positives in SPEWS. I recall one earlier this year, but it was deleted very quickly. When I saw the posting I checked for myself and it was gone. And I verified in my archives of SPEWS data that it in fact was there the day before.

Perhaps what you mistakenly believe to be false positives and collateral damage is the listings of spammer harboring ISPs. Those listings are entirely intentional, and have been useful in getting many ISPs turned back away from the dark side. It takes the threat of losing their customers in too many cases to get them to deal with it.

If you have a particular listing in mind you think is a false positive, let me know and I'll check on it for you.

AUPs mean nothing at all

[Skapare]

AUPs mean nothing at all. Actions mean something. And maybe eventually Savvis will start taking action. We'll see.

What would be of value is not an AUP that prohibits spam, but rather, a covenant that commits the provider to each customer that the network will stay spam-free. I'll believe a Savvis turnaround if they do that.

Re:AUPs mean nothing at all

[mhollis]

With respect, I would strongly suggest that AUPs are very meaningful in the sense that they constitute a contract that may be enforced in a court of law.

For example, were you to have a contract with me for a year of Internet service and you started to use my system to spam others, were I to summarily shut you down, you would have a cause of action to sue me for non-fulfillment of our contract.

An AUP adds those clauses to any contract in effect and prevents an ISP from being sued by a spammer for sending out spam through that ISP. The spammer sues the ISP, the ISP points to the language of the AUP and the judge tells everyone to go home.

I do agree with you that Savvis does need to take action, but their action needs to be based on the statements in their AUP, not some action that may cause them to wind up needing to defend in court.

Re:AUPs mean nothing at all

[Skapare]

With respect, I would strongly suggest that AUPs are very meaningful in the sense that they constitute a contract that may be enforced in a court of law.

The point is, as you say, that they may be enforced. But that does not mean that they will be enforced. Since I am not a spammer, the fact that they may enforce those anti-spam terms means nothing to me; I won't be violating them. The point is, these terms do not tell me if it is OK to choose this provider or not. The terms that I want are that the provider will enforce those terms against any and every customer, whatsoever, that spams.

I understand what you are talking about where the AUP terms protect the ISP in court in case the spammer tries to sue them for termination. But this just isn't good enough. There needs to be a covenant from the provider to all customers that they will keep the network clean of all spammers. Then they can add that AUP for their own CYA purposes.

Re:AUPs mean nothing at all

[mhollis]

I suppose you would then want to get your service from companies like Earthlink that actively target, sue and defend their users against spammers. I appreciate that -- I have as little love for spam e-mail as you seem to.

But you must agree that a first step for an ISP is to have an AUP that lays the framework for such action against spammers. And that was my point, as earlier in the discussion one comment indicated that the poster had not seen Savvis' AUP and did not know if they had one. I provided a link to such.

I have had an Internet account since 1985. I remember when, to kill a spammer, all one had to do was fire off an e-mail to the spammer's provider (usually a university). At that time the Internet, under the NSF grant that sustained it, had a prohibition on any commercial usage. There was a culture that controlled things. People would flame other people in Usenet Newsgroups but it was seen as all in good fun.

When things opened up, the Internet was offered as a wonderful tool to everyone, most of whom are good, honest people. Unfortunately, there were no safeguards built into the system to disallow spam and prevent software from "spoofing" headers, so the dregs of society have now required that we build in an assumption in the bandwidth we use to support the Internet for a very poor "signal" to "noise" ratio.

I did just had a thought though...

What if the first verified extra-terrestrial signal SETI found was a UCE?

Re:AUPs mean nothing at all

[Skapare]

Earthlink sues spammers that hit their service, and their customers, from outside. I suppose they may also sue a spammer that operates from within, but I've not heard of such cases. I have, and still continue to get, spam from Earthlink customers. It gets reported and I still get more spam than replies.

Sorry, I cannot agree that the first step is to have an AUP ... that is, written available terms that tell a customer what they can, or cannot, do with the service. Too many providers, including Savvis, have AUPs and do not enforce them. No, the first step is to have a "we will not support spammers" attitude. Whether that is spelled out to customers or not is secondary (presumably a few borderline customers may end up choosing not to spam based on that).

Well, it seems you beat me to the internet by a year. But even NSF's prohibition didn't technically apply to the first spam I got, which was a chain letter asking people to send a get well card to a sick kid in a hospital in the UK somewhere, which in all likelihood was not really there. Of course that wasn't spam in the sense of one entity sending millions to others.

In much the same way that a spammer can spoof the RFCx822 headers, as well as the information exchanged via SMTP, and even the PTR record in reverse DNS, provider can spoof the AUP. They can also selectively apply the AUP against small time customers that are not a significant revenue source (a home user with a dedicated ISDN access), while ignoring it for a customer with a pink contract operating several /24 LANs worth of servers at their colo center, who is not only a significant customer, but probably is also paying an extra premium for the provider to look the other way.

My idea of a covenant against spammers, which I would want to see there before any AUP, would give me (and other customers) the right to sue the ISP if they fail to keep their address space, and their services, clean of spammers. Think of it as an AUP in reverse ... instead of giving the ISP the right to sue the spammers, it gives the customers the right to sue the ISP. It should be part of the QoS terms, but spelled out as a legal covenant.

Now don't be giving any spammers any ideas ... oh wait ... what a wonderful way to get some publicity for my pills :-)

Re:AUPs mean nothing at all

[mhollis]

My idea of a covenant against spammers ... would give me (and other customers) the right to sue the ISP if they fail to keep their address space, and their services, clean of spammers.

I really like your idea and, of course, it could be done easily with a contract you have with any ISP. I think that, were the value of your business high, lots of ISPs would really go for that. Unfortunately, ISPs are in business and must turn a profit.

I would (and do) pay extra for a service that stops spam; it compells us to overengineer the Internet to be able to handle their traffic. And, while overengineering can be a good thing (like the overengineering that went on in the construction of the Brooklyn Bridge), we all have to pay for a service that may cost more than it would were there no spammers. Thus, the only way we can force our ISPs to go after spammers is to pay a premium or set a rate that disallows overbuilding. In our present situation, that must be the former, not the latter.

Thank you for your commentary. It's really insightful.

Re:10x decrease in spam

[Skapare]

More likely it was the DoS attack against your mail server.

You're under arrest

[tepples]

"Where I can buy software for 1/10 of the normal price" == Suprnova

If you don't change that to "SourceForge.net" or "OSDir.com", I guess I'll have to arrest you for inducing copyright infringement. You have the right to remain silent, so shut the **** up. You have the right to an attorney...

savvis-spewers.net

[tepples]

If Savvis were to segregate its UBE-sending customers into a separate block of IP addresses, many users of blacklists would find that a rather desirable outcome, as they could easily block savvis2.net's IPs.

Any link to August's FBI raids?

[swb]

It's been reported the government is acting almost serious about spam as a criminal enterprise lately (although not as serious as it is about other so-called crimes).

The government's misguided priorities aside, I wonder if the government hasn't finally woken up and begun to consider spam for what it really is, a criminal conspiracy, and rightly defining "criminal conspiracy" to include people knowingly and willingly providing services that furthered the conspiracy.

Rather than actually taking the time to file genuine RICO cases, perhaps they are threatening them (or at least laying out a pretty solid criminal conspiracy cases in the more obvious situations) and some of the people playing ball with spammers aren't going to get scared out of doing that.

Not everyone will get scared, but if enough did, it might just cut off enough of the air supply to spamming to tip the balance in the direction of making spam too expensive and not portable enough to work. It wouldn't go away 100%, but it would be back to the levels of the late 90s when it was far less pervasive.

Look who hosts slashdot!

[somebodyinthewww]

18 csr1-ve243.SantaClarasc8.savvis.net (66.35.194.50) 210.745 ms 211.044 ms 210.92 ms
19 66.35.212.174 (66.35.212.174) 213.524 ms 212.497 ms 212.599 ms
20 slashdot.org (66.35.250.150) 209.927 ms 210.262 ms 209.923 ms

Please mod Parent +1 Funny

[mvpll]

SPEWS a professional blacklist ....

I suppose you believe that NANAE is a "professional" newsgroup too, with no rabid anti-spammers .

Re:Right after they were threatened with a netbloc

[Technician]

This only happened after Savvis was told that their entire network was about to be e-mail blocked.

Or they were having to spend too much time fighting DDOS attacks against their border routers.

Re:I don't follow

[Harik]

Odd. My property insurance had a $500 deductable for the hurricane. I guess that's because I didn't just get the cheapest available. Hopefully this will teach some people a lesson: Cheap != Good.