A Day with an ISP Spam Investigator
scumbucket writes "Network World Fusion has an interesting article about an abuse investigator for ISP Earthlink and his job of tracking down spammers. It's nice to see that major ISP's are making an effort to shut spammers down and kick them off of their networks."
Not that interesting really. No specifics, not much technique. He calls offenders, cancels accounts, etc. Phishing is another department. He doesn't take action on pedophiles and refers them to cops.
Where's the beef?
"...all the labours of the ages, all the devotion, all the inspiration, all the noonday brightness..." yada yada
Well they dont do it because they wont to help the world. But spam means extra bandwidth, so extra cost. And maybe customers blame the ISP, so that might mean less customers. So it is the ISP's best interest to do something about spam.
http://www.virtualconcepts.nl/
SCO.com uses Linux
Oh, and it's not censorship. He's not a government or publisher. The spammer can find other places to publish his work other than my mailbox. (Just like wannabe painters can't exhibit in my living room.)
One line blog. I hear that they're called Twitters now.
im no sysadmin or anything.
but if its 30 $ per day, its 10k per year.
further more you have to spend time and energy you have to spend sorting the mail. this is, ive heard, quite expensive in CPU time.
The best filters catch 99.9% of spam and only make 1 mistake in a thousand. ( i don't even think that they are that good).
1000 emplyoees gets 5 mails aday for a year thats 1.8 million mails, thats 1800 mails per year that goes down the drain. im not sure what that costs, but some of the are prolly quite expensive.
This is not absolute facts nor close, but my point is that the price of spam is more than the price of reciving spam.
spelling is for people who doens't know better...
Fun article for me. 25 years ago or so, I was the original "cable cop" in Michigan, USA (the job title was "system auditor"). This was before it was illegal to "steal" cable services, and the overall thrust of my work was to build a case for legislators.
About 50% of my time was indoors, pulling street-by-street printouts off our Tandem system and cleaning up/verifying account info by going back to original install paperwork. The rest of my time was spent climbing poles, verifying hookups and disconnecting the "non-subscribers." After a year of that, we had enough info to deliver numbers to the statehouse: 4% of all cable viewers weren't paying us for the service. That was enough for the legislators, and cable theft became a mid-range misdemeanor.
So then I started going after the midnight installers offering people "free HBO forever" at the low low price of $100 (or whatever). That was kinda fun...serveral times I was just hours behind these guys, removing service drops while the resident stood by watching, moaning eulogies for their recently departed 100 bucks.
I'm surprised that more ISPs don't have employees like the guy in TFA (or perhaps I'm surprised that we don't hear more about them)...losses due to spam are real, no? [In the case of cable, the "losses" were 99% paper; there was no extra drain on bandwidth, no guarentee these folks would have been paying us otherwise, and no real loss on the converters they were using (our collections folks did just fine charging 4X the cost for unreturned equipment). The only true "loss" was in tech-time, for the rare hookup that caused interference on a distribution line or radiated enough signal to breach FCC rules.]
Is the reason for this apparent lack of interest on the part of ISPs similar to that of the credit card companies during the early online days? Rather than appear inept at providing decent system integrity (easily spoofed card numbers, pitiful account verification, etc.), fraud and abuse were handled quietly, with costs taken off the bottom line. Or is the apparent less-than-vigorous investigation of spammers just part of the "?" step in the profit! formula...where bandwidth lost = cost of investigatory personnel, so screw the inconvenience to customers?
education is no substitute for intelligence
Several years back the local ISP for which I worked had a spammer force us to take our mail server down because his advertising bomb went off in our spool drive and completely filled it. It took a number of hours to manually clean it up, sift through logs to find and block the offender, and bring the server back on-line. Ask our business clients how much not having email available for several hours cost them. Just for illustration, that email was also only about 3k in size, but once it multiplied in the queue it consumed all 2GB of the spool.
More recently, the local ISP for which I often do admin work had to build three new incoming mail servers and purchase spam and virus filter software for each machine at the rate of at least $6000 ea. plus subscription. Without these machines, user mail spools were filling up with spam and viruses; the older the account the worse off it was. Ask these folks how much it costs.
I have seen spam perform the equivalent of DoS floods: causing servers to crash, filling up T1s, causing CPU loads on older but otherwise working machines to hit 98%, and more. I host a domain which sees 28,000 spams per week on average. We employ RBLs in our fight against spam, as well as blocking a number of countries known for delivering nothing legitimate to our servers.
We see the shit come from all directions. In one night I observed a spam run against a hosted domain attempt to deliver 5,821 messages -- all forensically identical -- in less than 100 seconds from roughly 15 sources.
Why should it be the burden of the ISP to provide extra bandwidth, CPU processing power, memory, and storage space just to accomodate what it clearly a theft of services? The dual 66MHz SPARC system that was running an ISP back in 1995 is still running, and in a normal environment handles incoming and outgoing email just fine. Without the introduction of a front-end server, or replacement altogether (money spent no matter how you look at it) the machine often ran at 75% load or more during times when historically it ran no more than 30%.
The attitude of "well, it's going to happen anyway, might as well deal with it" is garbage. Adopting such an attitude in the face of a hurricane, the forces of which cannot be stopped, is fully acceptable. But in the face of spam which should not exist in the first place, this attitude is comparable to rolling over and taking it right up the rectum rather than dealing with the source.