A Day with an ISP Spam Investigator

scumbucket writes "Network World Fusion has an interesting article about an abuse investigator for ISP Earthlink and his job of tracking down spammers. It's nice to see that major ISP's are making an effort to shut spammers down and kick them off of their networks."

Re:Abuse

[quelrods]

I think you have your %'s off a tad. I've consistantly seen stats that put spam of US origin at 70% or higher!

Re:Self interest (What is the Cost?)

[GolfBoy]

The 'cost of spam' is not the cost of spam filters, extra storage, etc. The cost of spam is the cost to the end user of having to figure out which mail is real and which is spam.

Let's assume it takes a user only 1 second to determine if a piece of mail is spam, and deal with it, and let's assume the average user's time is worth $20 per hour. A million spams then cost the users:

$5555 = 1 second * 1 million / 3600 seconds in an hour * $20

You're right, the ISPs scared of being blacklisted. But they also view (correctly) keeping spam volume down as part of the service they sell. I know I have given up on some ISPs because of spam volume.

Re:Passwords?

[Antique+Geekmeister]

At Earthlink, absolutely. Earthlink's commitment to user security is absolutely non-existent. It's easier for them to manage with un-encrypted passwords: it's much faster and cheaper in tech time to tell someone their old password on the phone, or give it to the nice FBI man who asks for it, than to have to deal with encrypted passwords and reset passwords for people and send them the *new* password safely. Earthlink will take ease of management over genuine security any day: that kind of behavior is built into the WISE management guidelines they follow, although after all the complaints about the Scientology management techniques they don't call them WISE anymore. If you think I'm kidding, look into the background of Sky Dayton and their original CTO, who jumped out of a building on L. Ron Hubbard's birthday when he went back to college.

Because T-1's cost more and require physical loc.

[khasim]

"I don't understand why all the focus on ISPs."

Because, unless you have a peering agreement, you are connecting to an ISP.

"You call the phone company (any phone company) and say you want a data T1 connection."

Okay. That's a chunk of money and it has a physical connection point that is recorded. It is completely different than a dial-up account.

"They give it to you and give you some IP addresses."

From their block. That means that they are your upstream provider. If someone complains about your behaviour, they will complain to your upstream provider who will then cut you off (or not).

"They do not process email for you, they do not give you web space and they do not respond to complaints about what you are doing with your T1."

They do respond to complaints about what you are doing.

"I expect this holds true for any sort of data connection from a telecommunications provider that is not providing any additional services, which means if you call SBC to get an OC48 they aren't going to ask you what you plan to do with it."

That is correct. They will not. But you ARE plugged into THEIR network.

One end of the line terminates at your location, the other end terminates at the phone company's location.

So, traffic coming from your line goes through the phone company's network. And people can see who licensed that IP range to you. They will complain to your upstream provider.