Savvis Grudgingly Get Savvy About Spam

ElvenMonkey writes "The BBC is reporting that Savvis has finally promised to ditch those accounts that are using its network to send spam, in an effort to reduce the damage already done against its reputation; the CEO promises that all such accounts will be closed within 10 days (working days?) Amongst these accounts are believed to be the majority of the top 150 worst spammers worldwide."

Question

Why do they still have any link to the network? Other ISPs should cut them off if they refuse to cut off spammers.

Re:Question

[ackthpt]

Why do they still have any link to the network? Other ISPs should cut them off if they refuse to cut off spammers.

Their major pipe provider could probably care less what they do, same as Savvis did, as long as customers paid their bills. The only people bright enough to figure out who they are are geeks who use traceroute.

Re:Question

[robslimo]

Ask the North American Operator's Group They are just starting to comment on this item but, other than participating in blacklists like SPEWS, they don't seem to have as much clout as one would expect (or at least hope). Hmmm, maybe is story is evidence that it may be changing?

Interesting, looks like maybe Paul Vixie reads slashdot too (or maybe he surfs the BBC all day?).

Re:Question

[arivanov]

There is a good saying - if you steal one penny you are a thief. If you steal one billion you are a banker.

Similarly, what is unacceptable for a mom and pop garage shop ISP is perfectly acceptable for a Tier 1 or a larger Tier 2 ISP. If they decide to make a business from hosting SPAMmers (and some do) there are very few means to fight them.

Re:Question

[Havokmon]

Why do they still have any link to the network? Other ISPs should cut them off if they refuse to cut off spammers.

Savvis is an awesome provider. I run a free email service, and I can tell you when I was on Savvis (sharing a connection with another business), they were great. They told me when they got abuse complaints, and I took care of it. They also assign your subnet to you within Arin, so my guess is that they don't hear 90% of 'Arin complaints'.

Now I'm on RoadRunner (only access available where I am). The idiots in RR abuse will not forward me complaints, they just threaten to cut my access. They will not make an Arin change, and actually told me to buy 8 (yes, EIGHT) ips from ARIN so I wouldn't be associated with RR. Apparently the routing nightmare that would be created by assigning 8 IP's at a time is completely lost to RoadRunner tech support.

It looks to me though, that the assetts and C&W just haven't been brought into the fold as well as they should have (include the Abuse arm). I personally have complete confidence in Savvis.

Re:Question

[the+chao+goes+mu]

Not true. I worked for a very large web hosting company, and they were very firmly anti-spam...

Of course, they fully supported the "marketers" who bought space from them. But they were against spam.

Re:Question

[Dimensio]

Yep, Savvis is an awesome provider -- if you're a spammer.

Savvis is being forced to terminate their spamming customers because they can no longer deny that they know about the spamming activity. Savvis has openly supported clients who have engaged in network abuse and even criminal activity.

Re:Question

[SilkBD]

I can't say I blame them. As a business, your goal is to legally make money. You only act to cut off your clients when it effects your bottom line.

There's two ways of thinking of this... from the comsumer point of you (the reciever of spam) and the business point of view (Savvis). I'd do the same thing if I was running their company.

Re:Question

[Dimensio]

Great Spews policy again. This is why nobody should use Spews. They arbitrarily block whole blocks of IP addresses with no regard to who is getting stomped on.

SPEWS blocks IP ranges only AFTER an ISP fails to kick off spammers for an extended period of time. This is because many spam-friendly ISPs just don't care if the spammers are blocked -- they'll often move the spammers to new IPs (which they can't do now because places like SPEWS will just block the old AND the new IPs) and move legitimate people into the blocked ones as human shields. SPEWS only lists non-spammer IPs because Savvis didn't take action against spammers in the first place -- specifically, SPEWS is listing the spam-friendly ISP's IP ranges, the "innocent parties" just happen to be renting IP space from known spam-supporting outfits. Savvis brought it upon themselves by making their IP space a cesspit from which no one wants traffic. That's their fault, stop blaming SPEWS for Savvis's bad decisions.

And SPEWS doesn't block anyone. That's a common spammer lie.

There's more to both sides.. I just don't have time to enlighten the masses on what a Good company does for it's customers vs what overzealous spam outfits can do to a Good companies customers.

Any ISP that openly supports spammers on their network is not a "Good company".

Great

[Nos.]

now how am I going to know:

• If I am preapproved for a mortgage
• Where to get cheap drugs
• Where I can buy software for 1/10 of the normal price
• etc

Re:Great

[ricotest]

• You aren't, stay at your parents' house for now
• Ask your son
• Suprnova
• It's a UNIX options directory.

Re:Great

[antifoidulus]

You forgot the most important part, how are you now going to know when a very obscure but very weatlhy relative of yours who was living in Africa dies? What kind of monsters would take that news away from me?

But the money was so tasty

They're just upset to get rid of those tasty, money making, high-bandwidth using spam accounts.

Capitalism In Full Flower

[ackthpt]

the CEO promises that all such accounts will be closed within 10 days (working days?) Amongst these accounts are believed to be the majority of the top 150 worst spammers worldwide."

In related news the CEO said, "To make up for the lost revenue, we'll host pr0n. We'll be actively competing with GoatSex Guy."

Re:Capitalism In Full Flower

[gstoddart]

in related news the CEO said, "To make up for the lost revenue, we'll host pr0n. We'll be actively competing with GoatSex Guy."

I refuse to belive that guy could possibly be generating revenue from that site.

If anything, I'm sure he's paying through his ass for bandwidth. (Oh, sorry, couldn't resist.)

=)

Re:Capitalism In Full Flower

[Mateito]

We'll be actively competing with GoatSex Guy

Please explain (without diagrams!) the GoatSex guy's business model.

Re:Capitalism In Full Flower

Start to? Porn is how SAVVIS got its start. I worked for them for the worst few months of my career. Everything at savvis.info is true and more. The SEC would be interested in some of the scuttlebutt I heard, and things I saw are very actionable for breach of contract. Funny thing about the hosting/managed services business though, breaching your contract does so much damage to the customer company that they're usually forced closer to bankruptcy than to suing you.

Re:Capitalism In Full Flower

[Snowdog668]

My first thought on this was, well, there's people out there that will pay to see just about anything.

My second thought was, what was the first /. user that actually found that site actually looking for? Maybe I just haven't been around long enough but was the first link to the site a bit of self-promotion on the part of the webmaster or did one of our own actually stumble across it? If someone found it I'd hate to see the Google search that brought up that result. :)

Damn it!

[cbrocious]

Right on the day my emails for spam-blocking software were going out. Foiled again...

Truth about Savvis

You can go to Savvis.net for the official spiel or try http://www.savvis.info/ for the truth.

how terrible

[RevKa]

I was just starting to enjoy my corrspondence to that poor cancer ridden Zimbabwean, who happens to be trapped in space!

Savvis to later announce..........

[ARRRLovin]

......a 75% decrease in network traffic.

If it makes money...

[ElForesto]

... the spam will keep flowing. I guess the spammers themselves aren't the only ones raking in the green. I would imagine that the prospect of losing so much face to their largest clients is probably the only thing that got them to consider fixing the problem. If I happened to operate a large company, I wouldn't want to be associated with a company that's a spam factory.

Why 10 days?

[garcia]

They obviously know who the 148 people are so why will it take them 10 days to remove their accounts?

Are they going to send them a greeting card or something that says, "oh, even though you are great customers we are being told we can no longer host your illegal activities so you have 10 days to vacate?"

Re:Why 10 days?

[mageos]

10 days gives them time to switch to a new network, with no downtime.

Re:Why 10 days?

[gclef]

Obviously, this will be conjecture, but my guess would be that 10 days is "reasonable", by their definition in the contract. The idea is if they get sued by any of the kicked spammers, they can point to the termination clause that includes "reasonable notification" and claim that 10 days is "reasonable", so they were within the terms of the contract.

Re:Why 10 days?

[SkjeggApe]

Because that's how long it would take savvis to set up savvis2.net, or spamfriendlyisp.net, or something similar, move some servers around, send a "Don't use savvis.net/login anymore, use savvis2.net/login" email to all their "premium" customers, and LOUDLY proclaim that savvis.net has taken extreme measures in the battle against spam, and is the greatest thing since sliced bread.

About bloody time

[dacarr]

It'll help for now, but it won't end spam.

But it makes me wonder if this was more of a move of desperation for Savvis. On the surface, sure - they were threatened with what amounts to a permanent blacklist. But even then.

slashdotting

[shfted!]

With how slow their site is responding, I wonder if they're responsible for sending out that much spam in reality -- or maybe their connections are just flooded with the stuff.

Right after they were threatened with a netblock

[Animats]

This only happened after Savvis was told that their entire network was about to be e-mail blocked.

Dropped for now

[sbackholm]

Savvis may be finally ready to drop these spammers, but how long before another ISP is willing to pick-up the $2 million dollar cash flow?

Re:Dropped for now

[Mateito]

$2 million dollar cash flow

Immoral, illegal, whatever. If they are really pulling in that amount of money, I'd consider doing it.

However, I have grave doubts that believing that the money is that good. You can buy a good wad of "regulators" with that cash.

Re:Dropped for now

[gcaseye6677]

The objective should be to force spammers to migrate to smaller and smaller ISPs, that way the small ISPs which host spammers and few other clients can be completely firewalled with minimal collateral damage. As the ISPs lose customers, which are sick of being blocked, they will be left with only spammers and eventually they'll die out completely. Only then will spamming become too difficult to be profitable.

Which rule was it?

[taustin]

[Rob McCormick] disputed the figure of $2 million a month revenue from the spammers, and said the actual figure is only a tenth of that amount.

Which is to say, they bill $2 million, but spammers, being spammers, only pay 1/10th.

Can't help but how much that has to do with botting the lying thieves, and how much is the threat to block their entire network.

ePorn is very profitable

[winkydink]

I worked at a major competitor (big company) of these guys for a while. Almost 50% of hosting revenue came from Porn. They were great customers. Seldom complained. More often than not, paid full price for bandwidth, and always paid their bills on time.

Re:ePorn is very profitable

[rf0]

If a Porn site is down then the money they lose is huge. They are happy to pay to keep it up

Rus

Re:ePorn is very profitable

[gordyf]

They are happy to pay to keep it up

*cough*.

Re:Right after they were threatened with a netbloc

[Theatetus]

There are ISPs in the world that haven't already blocked all of Savvis at the router level?

Well, given that Savvis's customers (both their own and the ones they got from c&w) include people like Lycos and a few Federal agencies, that might not be such a good idea.

Who?

[shadowspar]

At first I saw the name `Savvis', and I'm thinking, never heard of them before, who's that? Then I saw the mention of C&W in the article and the light went on -- "Oh, Clueless and Witless! It all makes sense now!"

Re:Right after they were threatened with a netbloc

[beavis88]

If 99.99% of their business comes from other sources (as TFA says), then giving up that piddly amount of revenue in order not to be associated with 148 of the most worthless humans on earth should be a slam dunk. Well, at least if they're looking past their next quarter's projections, which admittedly may be a stretch.

If they were serious.

[www.sorehands.com]

If they were serious about spam (not just because it is starting to cost them), they could do more.

When they cancel a spammer, make the information on the spammer public so that the spammer can be tracked and sued.

Re:If they were serious.

[Chatmag]

Why not turn spammers information over to the Florida AG office. They're itching to try out our new spam law, and besides, with all the damage from the hurricane outbreak here, the state could use the money.

My girlfriend and I had just bought 28 acres to open a nursery next spring, and found a large oak across the only building on the property. It was an old frame structure, and not worth much, but now we have to buy something for an office. Too bad I couldn't get some of the spammers fines to buy a new building.

I thought all Spam was from evil non-Americans?

[mark2003]

Every time a story gets raised on Slashdot about spam, hundreds of Slashdot posters blame it on those commies in China, Korea, Russia etc and then call for blocks of all emails from these countries...

Now we have some proof that 148 of the world's worst spammers are hosted by a US company will these same people call for a complete block on US emails or is that now a crazy approach?

Re:I thought all Spam was from evil non-Americans?

[InvisiBill]

I thought it was common knowledge that most spam comes from the US. http://www.spamhaus.org/rokso/

As the others said, it's a matter of baby vs. bathwater. People (usually) don't just block all of China because there are some spammers there, they block all of China because there are some spammers there and they don't expect to receive any valid email from China. While there may be a huge amount of spam coming from the US, most of their valid email is probably coming from the US also. It simply wouldn't make sense to block the entire US. It would be the equivalent of an email filter that deletes all of your mail, because most incoming messages are spam.

There are some admins/RBLs that do block huge sections of the internet for any spam. These people take the collateral damage approach. Their plan is to interfere with the ISP's legitimate emails enough that the ISP decides it's in their best interest to terminate the spammer. For example, blocking any mail from any AOL server, because one AOL user sent some spam. In my experience, these tend to be the angsty types who are doing it more as revenge than as an actual anti-spam tool. There isn't much effort put into validating the blacklist info or keeping it updated.

Spammers will go elsewhere

[Random+BedHead+Ed]

Until there is a universal anti-spam framework in place across the internet, this move won't help anyone. It will help Savvis's reputation (at least, it will help them eventually; people will still block them for a while). But it won't help spam recipients, because the spammers will simply go elsewhere. Spammers, being the leeches that they are, adapt pretty damn fast.

They're just not worth it

[Trailer+Trash]

He disputed the figure of $2 million a month revenue from the spammers, and said the actual figure is only a tenth of that amount.

It's not worth $2m/month for the bad publicity, how much less then $200K/month. That doesn't make sense. If you're only making $200K/month, little over $1000/spammer/month, then dump them. Why is this even being discussed?

Re:Burn Savvis 'crops', Salt Their Fields!

[the+chao+goes+mu]

Wasn't Worldcom the "worldcom of the internet"?

From TFA...

[jcr]

As rumours about Savvis and the spammers grew on the internet, executives discussed different ways of keeping the customers and whether they could hide them by changing their names or their computer IP addresses.

One memo, from a senior Savvis executive in charge of Information Security, warned fellow management that the company was in danger of losing its good reputation and a secure and honourable provider.

He warned that they could lose their ability to sell to upstanding customers.

Too late. The fact that the PHBs at Savvis actually considered keeping the scumbags as customers takes them off my acceptable vendors list.

May they burn in hell.

-jcr

Re:IP blocks

[Dimensio]

Depends on who runs the blocks. On "professional" blocklists, like SPEWS, the listings should disappear as soon as it is confirmed that the spammers are gone (though -- despite the lies of a number of SPEWS-haters -- SPEWS itself does not block mail, the "blocks" would then disappear from the lists of those who filter with the lists provided by SPEWS). Other, more hard-line network admins might hold off a little while, perhaps waiting until a little after the heat death of the universe before removing Savvis IP entries.

Re:yeah but...

[Chatmag]

Florida has for a long time been the haven of spammers, so the State knows all eyes are on the AG's office to see how they enforce the new law. You can read more about the law, and there is a provision to report spam, on the MyFlorida web site. The only downside to their reporting procedure is that you have to fill out a form, rather than just forward the spam email, but that may change in the future.

Savvis AUP prohibits Spam

[mhollis]

(From the "this is news?" department):

Found on their website

The following general actions are considered "abuse" and are strictly prohibited:

1. Any conduct which is inconsistent with generally accepted norms and expectations of the Internet community (whether or not detailed in this AUP). SAVVIS reserves the right, in its sole discretion, to make a determination whether any particular conduct violates such norms and expectations.
2. 
   Using SAVVIS networks to transmit material that SAVVIS believes to be illegal, obscene, or inappropriate.
   Forging of message headers or identity information, or taking any action with the intent of bypassing restrictions or limits on access to a specific service or site. This prohibition does not restrict the legitimate non-commercial use of pseudonymous or anonymous services.
   Falsifying identity or contact information (whether given to SAVVIS, to the InterNIC, or other parties).

And found elsewhere on the same page, specifics against "spam e-mailing." That pretty much covers the actions of those who are using the system to send out unsolicited commercial e-mail.

I believe that Savvis ought to be made to completely reveal to the authorities and the Internet Community the identities, home and work addresses and telephones of those persons identified with the sending of UCEs. That might take 10 days, though it should not.

Of course that means I'll get less pr0n in my in-box....

They are a huge connector.

[khasim]

If your ISP cut off connections to them, you'd probably complain when you couldn't access a LEGITIMATE site.

Which is the problem. They're so big that they have lots of legitimate customers and a few spammers.

The only way to go after them is through their reputation and their customers. Which is what happened. They don't want to be known as a spammer's network so they have to change.

Users' worm-infected boxes?

[necro2607]

I wonder if it's occured to anyone that a decent percentage of those "spammers"' machines are actually those of unaware home users with worms or back-door type software installed on them...

Spammis

[DSP_Geek]

Savvis, isn't that the new pronunciation of "Agis"?

(Agis hosted Sanford Wallace for about a year while loudly proclaiming they weren't doing anything wrong. LOTS of people found out how to block IP ranges. Agis later repented, booted Wallace et al, but it was too late. Nobody who cared about their online reputation would choose them as a host, and Agis went belly-up not too long thereafter.)

Re:spam assassinated?

[nnet]

...Is spam still truly the problem people say it is?...

Of course, just because a user doesn't SEE the spam, doesn't mean the spam isn't wasting bandwidth and system resources being sent and rejected/dropped.

Agis is an acronym

[NoSuchGuy]

Agis = All You Get Is Spam

No...No...No...

[www.sorehands.com]

There will be hosts in Russia, China, Korea, and Brazil.

We need to track down the spammers, take them to court, and take away some of there money.

One lawsuit is not going to put a dent in their business, but when they have to defend 50 lawsuits and pay $10,000 in attorney fees to defend each one and then pay a $5,000 judgment, then it will hurt them.

Re:No...No...No...

[gcaseye6677]

I absolutely agree with this approach; it would definitely put a dent in spam profitability. But when it starts happening, they will move to foreign servers anyway to make prosecution a lot more difficult. But when U.S. internet providers threaten to cut off connections to all of the aforementioned countries, which they could do without a problem, then those countries will start taking the anti-spam fight seriously.

Another method of financially hurting spammers, which the government could start doing anytime they wanted to, is the Al Capone style of prosecution. Get them for tax evasion. I highly doubt that spammers report all of their income to the government. There's probably a bunch of general business laws they are violating, in addition to the fact that a lot of what they advertise for is blatantly illegal. The government doesn't need new laws to crack down on spammers, they need to enforce the ones we already have. When word gets around that spammers are being hauled into court, the others will stop soon.

SPEWS really DOESN'T block anyone

[billstewart]

Several replies to the parent article have disagreed and said that SPEWS does block people. But it doesn't, and the parent article is correct that that's a spammer lie (as well as a common misperception by some non-spammers who don't RTFM.)

What SPEWS and similar services do is blacklist people, and users of the blacklists can decide whether to use the blacklist to block incoming messages, or whether to use it as weighting in systems like SpamAssassin. I fairly commonly see SpamAssassin ratings that say "X points because it's in blacklist1, Y points because it's in Blacklist2, Z points because it's matches the Nigerian_3 pattern, N points because it's ALL YELLING", etc.

SPEWS does have a reputation for being overzealous, and blacklists that are way overzealous get ignored by users, or given a low SpamAssassin weighting or whatever, as opposed to more conservative and responsible blacklists. But that's a choice you can make.

Re:SPEWS really DOESN'T block anyone

[studog-slashdot]

SPEWS, SpamCop, et al don't block anything. They are merely a blacklist as the parent pointed out.

What I can't figure out is this: their service is *identical* to credit reports. They take reports from third parties, produce lists of reported activities, and let others make their own decisions from the list.

Why isn't the credit reporting agency analogy more often used? Regular people should understand that right away.

...Stu

Re:AUPs mean nothing at all

[mhollis]

With respect, I would strongly suggest that AUPs are very meaningful in the sense that they constitute a contract that may be enforced in a court of law.

For example, were you to have a contract with me for a year of Internet service and you started to use my system to spam others, were I to summarily shut you down, you would have a cause of action to sue me for non-fulfillment of our contract.

An AUP adds those clauses to any contract in effect and prevents an ISP from being sued by a spammer for sending out spam through that ISP. The spammer sues the ISP, the ISP points to the language of the AUP and the judge tells everyone to go home.

I do agree with you that Savvis does need to take action, but their action needs to be based on the statements in their AUP, not some action that may cause them to wind up needing to defend in court.

Re:AUPs mean nothing at all

[Skapare]

With respect, I would strongly suggest that AUPs are very meaningful in the sense that they constitute a contract that may be enforced in a court of law.

The point is, as you say, that they may be enforced. But that does not mean that they will be enforced. Since I am not a spammer, the fact that they may enforce those anti-spam terms means nothing to me; I won't be violating them. The point is, these terms do not tell me if it is OK to choose this provider or not. The terms that I want are that the provider will enforce those terms against any and every customer, whatsoever, that spams.

I understand what you are talking about where the AUP terms protect the ISP in court in case the spammer tries to sue them for termination. But this just isn't good enough. There needs to be a covenant from the provider to all customers that they will keep the network clean of all spammers. Then they can add that AUP for their own CYA purposes.

Look who hosts slashdot!

[somebodyinthewww]

18 csr1-ve243.SantaClarasc8.savvis.net (66.35.194.50) 210.745 ms 211.044 ms 210.92 ms
19 66.35.212.174 (66.35.212.174) 213.524 ms 212.497 ms 212.599 ms
20 slashdot.org (66.35.250.150) 209.927 ms 210.262 ms 209.923 ms