Spamhaus: MCI Makes $5M A Year In Spam Profits

An anonymous reader submits "According to a new Spamhaus report, MCI makes $5 million a year hosting spammers and illegal spamware. MCI/UUNET has long topped the Spamhaus spam supporting ISPs list, with nearly 200 active SBL entries. MCI even took on spammers such as iMedia, when they were terminated by Savvis in their half-hearted response to leaked pro-spam memos."

only $5 million

[bird603568]

with a compiny that brig is % million that much? maybe 500 million but only 5?

Re:only $5 million

[bird603568]

woops i hit post what was meant to been said was: with a company that big what % is 5$ million? It cant be that much. 50$ or 500$ million then would be a big deal.

Re:only $5 million

[Stevyn]

Their gain of $5 million is costing companies many times that. That's why it's bad.

Re:only $5 million

[ssimontis]

Still, this article shows several things. Lots of people complain that we can't do anything to stop spam without getting several countries to cooperate. While this might be true in the long run, we can still shut down all the spammers in the United States. One of the biggest ways we can stop spam is forcing ISPs to stop supporting it. I am not sure what could be done, but perhaps a large-scale boycott could have an effect?

Re:only $5 million

[BooRolla]

with a compiny that brig is % million that much? maybe 500 million but only 5?

I'm hard pressed to feel compassion for MCI and their spamming support, even if it is a fraction of their earned income.

Re:only $5 million

[thogard]

If 5 mil is nothing to them, then we need to get them to stop.
The only way to do that is nail them where it hurts most, their stock price. The only way to do that is blacklist them and let wall street know its going to happen and make sure that it does happen.

What needs to happen is that on Apr 1, we make fools of them by taking down their entire network. This is going to take massive planning because they run such a major part of it. The real problem is most name servers are still on it as well as many of the main web sites.

So for this to work, everyone running mail servers will need to to have a RBL type blacklist in place that gives out the same message that is clear and to the point. Then Web sites should return pages explaining the issue clearly. The idea is full up every ISP call centers with questions to the point that anyone paying MCI will be screaming at them. The result is that mci will either get their act together with the spamers or the net will prove that a permanent blacklist won't be so bad.

This is very difficult to do in a corporate environment. however sometime the big bosses can be convinced by letting them know just how much the spam and viruses are costing and don't forget the fraud. Remind them of the people who siphon millions out of large companies to help their new buddies in Nigeria.

Re:only $5 million

[rs79]

So what does Vint have to say?

Re:only $5 million

[Eggplant62]

The problem isn't how much they are making or what percentage of their profits is derived from their spam support, it's the fact that MCI is turning a blind eye to activities that are blatantly illegal under the CAN-SPAM act. The excuses they make about not wanting to censor content of their downstream customer ISPs is simply a cop-out to avoid losing this stream of income, regardless of how big or small that income may be. Every other ISP prohibits hosting of spamware sites, why does MCI allow this? Websites promoting tools that are used solely for spamming purposes should not be allowed on the net.

Re:only $5 million

[Cramer]

That's a nice theory, but it never works in reality. If you're willing to pay for it, someone will be willing to sell it to you. We made an enemy of one of the sales people for canceling one of his contracts sold to a spammer. (yes, I'm leaving names out.) He couldn't understand why we'd discard so much revenue (and thusly, his commission(s).)

UUNet already has a very strong anti-spam policy. And they do rub the noses of their ISP customers in it. (I may still have a few copies.) However, it's obvious they don't universally enforce the policy.

Re:only $5 million

[peg0cjs]

I wonder if there would be a way to get a large, essential service to effectively blacklist MCI customers. Something like Google. If they stood up and said "We're blocking all MCI traffic until they take action against their spammers", I wonder how long it would take for policy to change.

I'm not naive enough to think this would ever happen, but we can dream, can't we?

Re:only $5 million

Websites promoting tools that are used solely for spamming purposes should not be allowed on the net

So you're saying they should be censored?

Re:only $5 million

[zogger]

google crawls and indexes spammers ultimate websites, don't they? Porn, phony rolex watches, cheap mortgages, viagra and other pharmecuticals, normal spam, all found off of google search as well.

Re:only $5 million

Email Death Penalty.

Simply drop ALL email from ANY ISP that allows spammers. (They get one warning, and 24 hours to provide proof they kicked the spammer off.) If you get any complaints from that ISP's customers, explain why you are dropping the email, and point them back at their ISP. Once the ISP has dropped the spammer, they can ask to be reinstated.

Is this 'harsh'? Yes. Is this necessary? Yes. Make the penalty (losing all email connectivity) so severe that no ISP will ever risk it.

Maybe even make it part of the deal that the ISP must provide the customer information of the spammer. (Of course, ISPs's will make the customer's approval for this part of the contract you agree to when you sign up.)

Re:only $5 million

[Eggplant62]

Let's give you an "A" for reading comprehension.

Yes, they should be censored. Seems to be along the same line as banning assault weapons in my own personal viewpoint.

illegal spamware?

[dougmc]

and illegal spamware.

What's illegal about spamware? I thought it was spamming that was illegal, not software that could be used for spamming.

And in any event, one person's `spamware' may very well be another person's tool of choice for sending out mail to a large (and yet legitimate) mailing list.

Re:illegal spamware?

[rpozz]

I assume some spamware uses zombie networks to send spam. Surely that's illegal.

Re:illegal spamware?

I am pretty sure that when they say "illegal spamware" they do not mean "ware that is illegal because it is spam" but "sites which spam, and do so in an illegal manner".

I.E. the story submitter appeared to be delineating "illegal" spam as a distinct subset of spam, my first guess would be he was intending to refer to sites which are not themselves used for spamming but are used as platforms to install malware software ("illegal spamware") which hijacks your computer to send spam.

For any information beyond this you'd have to read the article.

Re:illegal spamware?

[Secrity]

Spamming in the US is not illegal, sending spam illegally is illegal. Selling spamware IS illegal in Virginia and UUNet has a large presence in Virginia.

The Virginia law says:

18.2-152.4. Computer trespass; penalty. ... B. It shall be unlawful for any person knowingly to sell, give or otherwise distribute or possess with the intent to sell, give or distribute software which (i) is primarily designed or produced for the purpose of facilitating or enabling the falsification of electronic mail transmission information or other routing information; (ii) has only limited commercially significant purpose or use other than to facilitate or enable the falsification of electronic mail transmission information or other routing information; or (iii) is marketed by that person or another acting in concert with that person with that person's knowledge for use in facilitating or enabling the falsification of electronic mail transmission information or other routing information.

Re:illegal spamware?

[GrAfFiT]

Did you ever use a dictionary attack when sending out mail to your mailing list ?

Re:illegal spamware?

[timmyf2371]

That's kind of a harsh law, sounds akin to making filesharing software illegal because of the actions of its users.

Re:illegal spamware?

[ScentCone]

That's kind of a harsh law, sounds akin to making filesharing software illegal because of the actions of its users.

Not really. If you look at the law, it specifically refers to software that's intended specifically to conduct your mailings in a fraudulant way (spoofing, hiding server addresses, etc.). File "sharing" (the act, if not necessarily all of the tools that are used in that way) may indeed be used almost entirely to do illegal things, but that's a different situation than the selling of tools that are, on the face of them, meant to facilitate fraud.

Re:illegal spamware?

[Secrity]

Uh, no, I haven't ever used a dictionary attack. My mailing lists are managed using Majordomo and require opt-in. What does that have to do with this topic?

Re:illegal spamware?

[balloonpup]

Grandparent was responding to your question regarding illegal spamware. Spamware often includes dictionary attack methods to be used, and depending on locale, that may indeed be illegal.

Re:illegal spamware?

[quarkscat]

Google needs to buy UUNET from MCI before
MCI gets gobbled up. I think Google could
could put UUNET on the "straight and narrow".
Those companies that employ spammers to get
"their message out" might be forced to use
Google's advertising strategy instead.

I, for one, would consider that a welcome
change for the better.

Might not be everything...

[mainfr4me]

That 5 million may not be everything they make off of that too, there might be other income they are getting off of it that could be coming from other sources. I'm only guessing, but it wouldn't surprise me.

It's nothing personal....

...it's just business. MCI has been in a lot of financial difficulties.

1. Host spammers
2. ?
3. Profit!

Oh, wait, I guess we don't need step 2.

Re:It's nothing personal....

[SmurfButcher+Bob]

Well, I was going to say that Step 2 should be "pay outstanding debts", but with the bankruptcy, you're correct- They don't need step 2.

Now I know why they prohibit port 25

If you run your own zombie- mailserver, you're competing with them on a lucrative business of theirs.

Impose an E-embargo against MCI

[Gary+Destruction]

ISPs should impose an E-embargo against MCI because they support spammers. All mail and traffic from MCI should be blocked until MCI stops helping spammers.

Re:Impose an E-embargo against MCI

Well since on occasion I like to get to a DNS server so I can enjoy parts of the internet farther away than downtown Seattle I'm going to have to go ahead and disagree here. How about instead we each buy a Barrett .50 and start hunting their executives like 60 minuts suggests?

Re:Impose an E-embargo against MCI

MCI == UUNet == huge portion of the backbone. It's impossible, and this is an old old pissing match.

Re:Impose an E-embargo against MCI

[pavon]

You do realize that UUNET(/MCI/WorldCom) supports roughly one third of all the traffic on the internet, don't you. You can't simply block one third of all your legitimate incoming mail.

Furthermore, I don't want to make ISP's responsible for the content that they are hosting. I think that would set very bad precedent, and the internet as a whole will be much better off if if ISPs are legal regarded as common carriers.

Fight the spammers not the postal service.

Re:Impose an E-embargo against MCI

Barrets aren't for hunting executives, they're for hunting Volvos.

Re:Impose an E-embargo against MCI

[Marz_Bug]

Just block their corp mail servers. 199.249.20.0/24 & 199.249.17.0/24

Re:Impose an E-embargo against MCI

You win today's Stupid Slashbot award.

Re:Impose an E-embargo against MCI

Why don't you go eat a bowl of fuck?

Re:Impose an E-embargo against MCI

[gnuguru]

Don't worry about being blocked at home, the rest of the world cares not about the fact that MCI carry 1/3 of U.S. traffic.

We block anyway.

Enjoy your spam infested mailbox.

Re:Impose an E-embargo against MCI

In order for spamhaus to work they block ip addresses. Many people can be hosted by one IP address. Anyone hosted on the same computer as one accused of sending spamhaus definition of spam is blocked, and if they try to send mail to a server using the SBL, they will recieve unwanted email from spamhaus saying why it was blocked, when they wanted it to go through even though they had nothing to do with spam in the first place and are innocent victims.

Spamhaus does business in the United States, but somehow believe they do not have to follow our laws. They think all americans are idiots and use crude language. They are just a bunch of vigilantes trying to force their laws on us. Don't use their block lists. Period.

Re:Impose an E-embargo against MCI

and what better option do you see than blocking ip addresses?

the BIG advantage of IP blocklists is they can stop the spam BEFORE it uses any significant bandwidth.

unlike content filtering which requires accepting transfer of the whole email before it can be rejected.

would you blame a bouncer for stopping the identical twin of a known troublemaker from entering a club?

Re:Impose an E-embargo against MCI

You do realize that UUNET(/MCI/WorldCom) supports roughly one third of all the traffic on the internet, don't you.

So? Fuck 'em (and us, of course, until they get their act together).

Re:Impose an E-embargo against MCI

[X86Daddy]

You do realize that UUNET(/MCI/WorldCom) supports roughly one third of all the traffic on the internet, don't you. You can't simply block one third of all your legitimate incoming mail.


I personally would find it infuriating as all hell, as would most users of the 'net. Within one day of such an obstruction, I bet MCI would respond decisively. Perhaps the most damaging response would also be the most successful?

Re:Impose an E-embargo against MCI

[dubl-u]

Furthermore, I don't want to make ISP's responsible for the content that they are hosting. I think that would set very bad precedent, and the internet as a whole will be much better off if if ISPs are legal regarded as common carriers.

This isn't about content; it's about behavior. If I rant with a bullhorn at 4 am on your street, the cops will happily haul me off for disturbing the peace, even if I'm reading the Bill of Rights.

Sending spam is in the same category as running DDOS attacks, spreading viruses, or attempting to break in to other people's servers. It's an abuse of the network, and ISPs have no legal or moral obligation to lend their resources to people abusing the network, any more than a landlord has the obligation to let somebody run a crack house.

Re:Impose an E-embargo against MCI

[OgTheBarbarian]

Remeber that you want your ISP to clamp down on illigal activity when you're trying to get a torrent of DVD rip or a newly release album on mp3. Most landlords will call in the police once they know a crackhouse is being operated in one of their appartments. But landlors have the whole building to manage, so maybe you have to go down and register the complaint along with the other concerned tenants. Also, if you're ranting on a bullhorn at 4 AM, you should be dragged away, not the store owner who sold it to you. Sending spam, or trojans or viruses is the problem, not the network they travel over. E-mail their abuse department a sample with the full headers displayed. Make your complaint known. Most ISPs will act. The problem is like most businesses, non revenue generating departments have been cut to the bone. Even a company the size of MCI probably has less than two dozen people world wide dealing with network abuse now. Score that against all of the intentional spammers unprotected networks, open relays and zombie servers around the world and the odds are even worse that General Custer's last stand.

Re:Impose an E-embargo against MCI

[moosesocks]

ah. you must run SPEWS.

honestly, SPEWS is one of the most irresponsible blacklists in the world, and yet many ISPs still rely upon it.

my server was once blacklisted because it was hosted by a company which had once used a colocation facility which had once hosted a spammer. a nice string of coincidences, huh? and the cool part is that there's really no way to get off the list once you're on.

they frequently block entire ranges of IPs, and I wouldn't be surprised if they blocked MCI or some other humungous providor.

one day the maintainer took personal offense at some comment somebody made on spews and blocked the entire internet for a day. neecdless to say, that was a big wakeup call and many ISPs dropped spews after that incident.

blacklists seem to hurt a lot more than they help. false positives at the server level are simply unacceptable. I don't mind if i catch a few FPs in my pop3 mailbox because I can quickly page through my spam folder once a week to look for any legit emails. when mail gets deleted before it even reaches my mailbox (or worse -- before it leaves the originating server), it's a bad thing.

another nifty fact -- my colo facility filters all OUTBOUND mail through some ridiculously strict spamassasin filters. a lot of my mail gets caught in these -- w ealso don't get more than 100 messages passed per hour. running a legit distribution list is a pain, especially when many of the users NEED to get the messages

Re:Impose an E-embargo against MCI

[Gary+Destruction]

I'd rather lose 1/3 than 3/3. Besides that, Worldcom had to file chapter 11. That doesn't aspire me much confidence.

Re:Impose an E-embargo against MCI

[dubl-u]

Remeber that you want your ISP to clamp down on illigal activity when you're trying to get a torrent of DVD rip or a newly release album on mp3.

If you read my post more carefully, I think you'll see that I'm not talking about what's illegal; I'm talking about what's bad for the neighborhood.

From a landlord's perspective, the problem with a crackhouse isn't that somebody's doing illegal drugs. If landlords kicked out every tennant who had ever smoked a joint, there'd be a lot of empty apartment buildings out there. The problem with a crackhouse is that it's an uncontrolled menace to the building and the neighborhood.

I don't much care whether the law formally recognizes the harm that spammers cause to the internet. (Sure, it would be nice, but our legislators' calendars are already pretty full doing the bidding of their campaign contributors; I doubt they'll have time for something that matters to mere citizens.) But I do care that network operators maintain an orderly network, and that includes cracking down on infected servers, hax0r kiddies, spammers, and other people or programs that abuse the network for fun and/or profit.

Re:Impose an E-embargo against MCI

[doombob]

Then YOU can pay our next monthly bill when it doubles using someone other than MCI.

Re:Impose an E-embargo against MCI

[Gary+Destruction]

You're getting what you pay for.

Wierd...

[NetNifty]

I'm not defending MCI/UUNET, or even sure if this is the same MCI that this story is about, but an MCI's AUP:

Email Sending unsolicited mail messages, including, without limitation, commercial advertising and informational announcements, is explicitly prohibited. A user shall not use another site's mail server to relay mail without the express permission of the site.

Which is strange because in the article it mentions "MCI is the only American, and indeed only Western network, where this spam support activity is 'not against our policy,'".

Or does MCI just post that as it's AUP on it's site to cover it's back if it wants to close an account for spamming in the future, or to comply with possible regulations etc?

Re:Wierd...

[rpozz]

That's kind of like the disclaimer on KaZaA saying that you shouldn't use it for copyright violation - ie it exists for the sole purpose of covering their arses.

Re:Wierd...

[Dimensio]

Spam-supporters are, in many ways, like spammers. They lie. MCI, when they claim to prohibit spam, is lying.

Re:Wierd...

[Greyfox]

I used to work over in MCI internet provisioning and they seemed like they were pretty serious about turning down lines that were being used for spamming. They even had a team set up to handle spam complaints (To abuse@mci.com if I recall correctly) and they took down several lines while I was there.

Of course that was over half a decade ago now, so I don't know if their internal policies have changed since then or not.

Re:Wierd...

only the true Messiah would deny his divinity!

I hate this kind of "logic."

Urgent request..

[adeyadey]

Dear sir,

I am a former member of the MCI ISP, here in my home country on Nigeria. Recently we have aquired the rights to $5 million ($5,000,000) US, which is ours to dispose of by rights, but we urgently need a business partner in Europe to help realise this sum. For use of your services we are prepared to offer you %20 of net proceeds. Please do not discuss this with anyone, since confidentiallity is paramount...
Please reply with your name, contact address & phone number & bank details for further discussions..

Yours

AA Albalone..

One simple suggestion

[brian.glanz]

If as TFA reads "MCI is the only American, and indeed only Western network, where this spam support activity is 'not against our policy'," then Congress should rule their (in)activity explicitly against the law. Most ISPs already agree as a matter of their own policy. Yes, the spammers will go elsewhere, but the U.S. should first clean our own house. Writing this law (or lines in a law) seems like a no-brainer.

BG

Re:One simple suggestion

Very, very, VERY bad idea. Once you create a law requiring ISPs to monitor and manage email passing through their systems, another law will come right behind it requiring ISPs to monitor and manage all traffic passing through their systems. A law of this nature would only lead to censorship of what the government doesn't want you to see (obscene, dangerous to "national security", anti-government sites, etc).

Re:One simple suggestion

[brian.glanz]

No one, not me, you, nor ISPs, should legally aid commission of crimes (or any activity causing significant damage to a sufficiently broad number of people).

ISPs already monitor and manage email passing through their systems, if it is the stated policy of all other ISPs except MCI to not host this kind of damaging and in some cases criminal traffic. They would not bother to state this as policy, and they would be on Spamhaus' Scheisse List, if they were not monitoring and managing traffic as you suggest a law should not require them.

Because it is already and effectively the policy of all other American ISPs, and because it does significant harm (US$25 Billion annually says the U.N., of all spam, and Spamhaus details what part of that MCI could be required to prevent), our Congress should pass this simple law to protect Americans -- and to a lesser extent among their responsibilities, to protect the world from harm done by Americans.

BG

Re:One simple suggestion

[ahodgson]

Congress had that opportunity, but instead enacted the CAN-SPAM act, which the DMA bought and paid for to ensure that spamming is not made illegal, only "bad" spam is. Then they made it so only the US AG could go after the "bad" spammers, which essentially guaranteed that absolutely nothing would happen.

Re:One simple suggestion

[fmaxwell]

Once you create a law requiring ISPs to monitor and manage email passing through their systems, another law will come right behind it requiring ISPs to monitor and manage all traffic passing through their systems.

No one suggested such a law. The other poster suggested a law that would force ISPs to remove spam support sites. This would include sites advertised through spam. It's not like there are a lot of "enlarge your penis with these pills" sites which are advertised through legitimate means, so if an ISP gets a complaint that they are hosting such a spamvertised site, they have to take action. Simple enough. No monitoring of e-mail is necessary -- or even beneficial.

Re:One simple suggestion

[nzkbuk]

As much as I'd like to agree with your view, things get very tricky if you start doing that.

I work for a large ISP / Hosting company and I have seen on more than 1 occasion where 1 site has had spam complaints from a competitor where the sole intent was to get rid of others selling similar products / services.

Yes most spam is an open & shut case and we'll pull any & everything relating to the spam (including occasions where the only connections was a colo hosting the DNS).

Re:One simple suggestion

[fmaxwell]

While there is no question that there are cases which are not "open & shut", but such cases are, as you point out, in the minority. In those cases, you err on the side of the accused. But if you get complaints about a spamvertised web site from multiple users on AOL, Earthlink, University of Idaho, and Rutgers University, then it's probably pretty easy to classify that as legit and to shut down the offending site.

Basically, your firm is already doing what many would codify into law.

Re:One simple suggestion

Most smart spammers (they do actually exist) host their sites with specialized companies, many of them overseas - the so called bulletproof hosting providers. They pay a premium (150 - 250$/mo) so that their sites won't be shut down when the complaints start rolling in. Since US law doesn't apply there, the only option left is to black list their networks.

Re:One simple suggestion

[fmaxwell]

Since US law doesn't apply there, the only option left is to black list their networks.

You are absolutely right. But we need the big ISPs to cooperate. If, say, Chinanet won't take down spammers' web sites, then we need the Chinanet IP blocks cut off at the big pipes. We need the routers configured to redirect web requests (port 80) to a "Chinanet traffic being blocked due to their continued support of spamming." If you shut down an ISP's ability to serve web pages to U.S. users, then you will force the ISP to take action.

Re:One simple suggestion

Shit, I'd settle for the big ISPs actually answering their abuse addresses! People make a big deal about how ISPs have the most to lose from spam, but spam couldn't even exist without ISPs. Chinanet is a perfect example: everybody knows they are in the spam game - their spews listing says, and I quote, "Just about every spam house trying to have a website can be traced here." And yet I'm willing to bet that their network is reachable from most of the major carriers/ISPs in the US.

Why? Because it isn't in their interest to block it. Spam *mail* costs ISPs a fortune, so it's worth their time to go after that (which is why you see people like Hotmail and AOL going after spammers), but try getting a major ISP to block off traffic to a website on another network.

Re:One simple suggestion

[fmaxwell]

Why? Because it isn't in their interest to block it. Spam *mail* costs ISPs a fortune, so it's worth their time to go after that (which is why you see people like Hotmail and AOL going after spammers), but try getting a major ISP to block off traffic to a website on another network.

It is in their interests to block traffic to the websites but the abuse personnel at most ISPs don't have the business acumen to realize that. AOL actually has a clue and is blocking access to spammer web sites. Think about the economics: If you are a major ISP and you block access to spamvertised web sites within minutes of the spam being reported, how effective is such spam to your domain? The ISPs are so busy playing whack-a-mole with the spammers that they are missing the bigger picture: The spammers are doing this as a for-profit business.

The way that the average abuse department operates is analogous to a few people running around swatting flies while ignoring the big, stinking pile of manure in the middle of the room. Why do the spammers send spam to the users? So that the users will visit the spamvertised web sites and order goods and services. Make it impossible for your users to visit the web sites and the incentive to spam your users is gone.

Re:One simple suggestion

It's not so much that AOL has a clue, it's just that proportionally more of their business is in email and less in hosting than other ISPs. And I don't think it's fair to say that the abuse desk personnel don't have the business acumen to realize that their employers should be cutting off access to bulk friendly hosters: firstly because pretty much everybody with half a brain can figure out the economics behind spam and how order websites fit in and secondly because abuse desk personnel work to guidelines written by other people - and those people certainly do understand how it all works. Not too long ago, ISPs have been known to sign so called "pink contracts" with spammers - selling them hosting for spamvertized websites as long as the spam mail doesn't originate from their network. Any abuse mails that make it back to their desks get forwarded to the actual spammers (who can then promote the address to a "confirmed active" list). And we're talking *BIG* ISPs. I know it sounds like a conspiracy theory straight out of the X-Files, but there is a major, MAJOR difference in how an ISP treats one of its customers for sending spam from their network vs. hosting sites on their network spamvertized from somewhere else. Not to mentiona the fact that ISPs don't seem to want to get into a "tit-for-tat" blacklisting battle because their users can't behave - to the point where they don't even blacklist the majority of offshore, one hundred percent specialized, pure spam hosting operations - people who's every site is some spammer and his stupid penis pills.

Re:One simple suggestion

[fmaxwell]

And I don't think it's fair to say that the abuse desk personnel don't have the business acumen to realize that their employers should be cutting off access to bulk friendly hosters: firstly because pretty much everybody with half a brain can figure out the economics behind spam and how order websites fit in and secondly because abuse desk personnel work to guidelines written by other people - and those people certainly do understand how it all works.

Sounds like they need to start looking for other employment. "Just following orders" is a rather weak defense.

But your characterization is really not true. I attended a spam conference in the Washington D.C. area and there were attorneys from AOL present. They had a clue. Then there was a head of an abuse department at a big ISP (not Earthlink size, but the next tier down). He resisted all suggestions to combat spam other than looking at headers and sending complaints. He didn't want to change contracts so that the identity of spammers could be released to spam recipients. He didn't want a contract clause allowing them to fine spammers to recoup investigative and bandwidth costs. He did not want to block access to the spamvertised sites. He didn't want to educate users against responding to spam. He wanted to sit at his desk and continue to draw a paycheck by sending ineffectual e-mails of complaint.

Not too long ago, ISPs have been known to sign so called "pink contracts" with spammers - selling them hosting for spamvertized websites as long as the spam mail doesn't originate from their network. Any abuse mails that make it back to their desks get forwarded to the actual spammers (who can then promote the address to a "confirmed active" list). And we're talking *BIG* ISPs. I know it sounds like a conspiracy theory straight out of the X-Files, but there is a major, MAJOR difference in how an ISP treats one of its customers for sending spam from their network vs. hosting sites on their network spamvertized from somewhere else.

I'm well aware of that. I own and run the domain anti-spam.org.

Not to mentiona the fact that ISPs don't seem to want to get into a "tit-for-tat" blacklisting battle because their users can't behave - to the point where they don't even blacklist the majority of offshore, one hundred percent specialized, pure spam hosting operations - people who's every site is some spammer and his stupid penis pills.

Really, how would it hurt, say, Comcast if Chinanet blacklisted them? It just wouldn't put a big economic hurt on Comcast, whereas the spammers would flee Chinanet like rats from a sinking ship if no one on Comcast, AOL, Cox, Earthlink, MSN, etc. could get to web sites on Chinanet. So would legitimate Chinese businesses flee.

Re:One simple suggestion

Once again we're talking AOL - 40 or 50 or whatever million email accounts - vs. more run of the mill ISPs which do proportionately more of their business in hosting. That's why AOL "gets it" whereas MCI winds up getting their dirty laundry aired on the slashdot home page. As for your question of "Really, how would it hurt, say, Comcast if Chinanet blacklisted them?", the answer is - not at all. So why haven't they blocked Chinanet? Because despite the widely touted line about ISPs being the major victims of spam, the truth is that they are _also_ major participants: spam couldn't exist without ISPs. So sometimes you lose and the spam flows in to your network, but sometimes you win and the spammers buy hosting (less often now) or big pipes from you. All in all, it's just a little too cosy.

Re:One simple suggestion

[fmaxwell]

Once again we're talking AOL - 40 or 50 or whatever million email accounts - vs. more run of the mill ISPs which do proportionately more of their business in hosting.

AOL has also been the target of spammers because the average AOL user is less experienced, lacks computer-savvy, and is, therefore, more likely to respond to spam. One spammer said that he'd be out of the spam business if it wasn't for AOL users.

All in all, it's just a little too cosy.

On that, we can agree 100%!

Re:One simple suggestion

I wonder if that's as true as it used to be? Not that AOL users have gotten any smarter, but rather that other "run of the mill" ISPs have gotten easier and more user friendly - and connecting a windows pc to the internet is much much easier than it used to be. Long gone the days of endless explanations of winsock configuration over the phone. I think these days the "spammability" of your email is more related to where it was harvested (eBay and other auction sites giving a strong positive, NANAE postings a strong negative) than what domain comes after the at sign.

Re:One simple suggestion

[fmaxwell]

I wonder if that's as true as it used to be? Not that AOL users have gotten any smarter, but rather that other "run of the mill" ISPs have gotten easier and more user friendly - and connecting a windows pc to the internet is much much easier than it used to be.

"Unlimited" dial-up service can be had for under $7/month. AOL is charging $20/month on a one year contract. Why would an Internet-savvy person spend almost three times as much for a non-standard service like AOL? While the bar has been lowered at all ISPs, AOL continues to cater to the newbies, with reassuring messages about how "safe" their service is. Then there is the AOL content. Let's get real: Anyone who can find their way to Google can dig up much better content than AOL offers.

I think these days the "spammability" of your email is more related to where it was harvested (eBay and other auction sites giving a strong positive, NANAE postings a strong negative) than what domain comes after the at sign.

I get spam sent to the postmaster and abuse accounts at anti-spam.org. The spammers seem to have become less careful in their spamming.

Re:One simple suggestion

I don't think spammers usually manually go through their lists and disqualify messages based on the domain. I have heard about a list of known anti-spammers which is used to clean spam lists (since those people will certainly react harshly to any spam they get). Sort of a private "do not spam" thing, but maintained by the spammers themselves.

Re:One simple suggestion

[fmaxwell]

I don't think spammers usually manually go through their lists and disqualify messages based on the domain

No, because most address CDs sent to spammers are divided out by domain already. See this.

I have heard about a list of known anti-spammers which is used to clean spam lists (since those people will certainly react harshly to any spam they get). Sort of a private "do not spam" thing, but maintained by the spammers themselves.

That's why I usually request that the ISP tell the spammer that I'm the one who complained.

Re:One simple suggestion

The idea of spammers getting spammed with offers for a cd full of emails to send spam to - it's like some kind of f***ed up Escher print. To think we all crawled out of the oceans for this.

Re:One simple suggestion

[fmaxwell]

The idea of spammers getting spammed with offers for a cd full of emails to send spam to - it's like some kind of f***ed up Escher print.

Well put! It's sort of like the pre-Internet 'make money stuffing envelopes' scam.

To think we all crawled out of the oceans for this.

Given my recent flame wars with the creationists, I'm not even touching that line!

Re:One simple suggestion

"It's sort of like the pre-Internet 'make money stuffing envelopes' scam."

TINLC ;)

MCI Doesn't care about $5M revenue sources

[skoda]

MCI is a $27 billion company. (according to http://global.mci.com/about/investor_relations/fun damentals/).

Corporately, they don't care about $5M revenue streams. If it's not a homerun, billion dollar profit potential, it's not going to be developed.

I doubt MCI is actively pursuing SPAM as a business venture. Not unless they believe it's going to generate billions in the next five years. Otherwise, this is a non-story, about MCI making a few pennies because they aren't 100% vigilant.

Re:MCI Doesn't care about $5M revenue sources

[mboverload]

Then they should have no quals about cutting off the spammers.

Re:MCI Doesn't care about $5M revenue sources

[soft_guy]

You would be surprised about how important $5 million in revenue is to a company like MCI. Weren't they just in bancruptcy?

Re:MCI Doesn't care about $5M revenue sources

[pyrois]

The point is, they're still making $5M so why bother cutting off the spammers unless it is advantageous for them to do so. I.E. if they make $5M by keeping the spammers, I'm sure they'd drop them if they could make $10M in that action. It's kind of like if you make $80,000/year and every year an extra $5 appears in your account. Even if somebody told you "hey if you stop serving such and such, those $5 will disappear." Why would you bother? In fact, if somebody said "if you stop serving those people, that $5 will turn into $10" you still probably wouldn't care:P In order for MCI to have a legitimate reason to cancel those accounts, they'd have to make hundreds of millions from that decision and/or be in legal trouble. Otherwise, it's a non-issue.

Re:MCI Doesn't care about $5M revenue sources

[slashname3]

Actually in the corporate world you will find that companies don't want to loose $5 mill in revenue. The department and the managers that that money is credited to will fight tooth and nail to prevent loosing that kind of revenue. You can bet some salesman is getting a nice commision on that sale.

I suspect MCI makes more money that that anyway. Remember that is just money from the spammers. They also get money from all their other customers which have to have bandwidth to handle the spam. So the real numbers are going to be much much higher.

Re:MCI Doesn't care about $5M revenue sources

[Whyte]

Corporately, they don't care about $5M revenue streams. If it's not a homerun, billion dollar profit potential, it's not going to be developed.

I believe you are correct in that the board of directors for MCI, in the course of business, would not be overly concerned about losing $5 million a year in business, or even $5 million a month in business. On the other hand, one of the many VPs at MCI in charge of the smaller regional sales units would probably view the loss of $5 million in revenue as possibly the end of his/her employment.

The decision making process for finding and enrolling actual customers is RARELY done at the board level. With few exceptions this type of activity is done at the business unit level, and these are often broken into smaller regionally or line-of-business units.

Activists need to find a way to target the individuals who are actually in charge of driving and maintaining relationships with incorporated spam outfits. These are likely to be your average Sales VPs not your board members. Ensuring that board members understand the potential public relations problems associated with these negative associations and the specific presence of them in their own organization has to be one of the better ways to bring about change.

The top decision makers in a corporation are usually much more interested in maintaining their corporate image of being a "good" public citizen because they view the value of a solid public image toward the generation of future business. So when we can, we should bring those "bad" public citizens to the attention of the board of directors for which they work.

Re:MCI Doesn't care about $5M revenue sources

Do you really think big companies are managed that way? That would be crazy. $5M here, $5M here, eventually your talking about big money!

Companies are divided into divisions, which are farther sub divided. The whole way down everyone is told to make money. Ok, not everyone, but you get the idea. I would think you'd know this by now.

Still, this should be easy to stop. It's bad for the whole company, so once people start talking about it, it's easy for the people on the top to come down one whoever allows this. They know they could lose far more than $5M in "brand image".

As for it being a non-story. This will not stop until it is a story. There's someone in this company looking good by allowing spam and that has to end.

Re:MCI Doesn't care about $5M revenue sources

[ScentCone]

Then they should have no quals about cutting off the spammers.

I'd wager that the administrative costs (legal, accounting, sales, NOC activities, phone calls) of validating that a spam complaint is legit, and their customer is aware of, and not doing anything to prevent the spam, and on and on, would dwarf the loss of the revenue. In other words, it would probably cost the more than $5M to go to the trouble. Now, if the get sufficiently bad PR, and that impacts their sales efforts, and they lose even one multi-million dollar corporate or government client because of this problem... then they'll have more incentive (cost/benefit-wise) to do something about it.

Re:MCI Doesn't care about $5M revenue sources

[skoda]

Do you really think big companies are managed that way? That would be crazy. $5M here, $5M here, eventually your talking about big money!

Crazy or not, it's real. I've been working for a comparatively small $6B dollar company for a few years now, and that's how it is. And that's what I've been told by people who've spent over a decade in the company.

The business is not grown by millions at a time. Corporate does not want to pursue 200 separate $5M revenue sources. They target a few hundred-million or billion-dollar goals.

I'm in a small section of mid-size division. Internally we pursue the few-million projects. But our real drivers are supporting the hundred-million dollar division-wide projects. And the small things we do are often strategic investments towards the next generation of major projects.

I'm not saying it's best, but it's what I see.

Someone show me I'm wrong. I know engineers interested in developing smart singles, rather than just the homeruns.

Re:MCI Doesn't care about $5M revenue sources

[OgTheBarbarian]

Wow. How did you get moderated as insightful for that piece of crap. Get out from under Rob's desk and wipe your mouth. Once again, consider what every business on the planet is doing to any department that does not generate a profit. They are cut to almost nothing. Pit the abuse team at MCI against every unprotected outlook client, zombie server, open relay and malicious spam host and tell me the odds are balanced. You obviously don't know much about corporate business in the 21st century so far.

Re:MCI Doesn't care about $5M revenue sources

It's a bit worse than having that $5 disappear. You're going to have to spend $.50 or $1 to lose that money ... you're going to have to increase your abuse staff headcount, your lawyers are going to have to look things over, connections will need to be deprovisioned and there are probably other costs associated with dumping a customer.

Right now MCI and all her competitors are losing money, fighting for survival and laying folks off. Fat chance some manager is going to stick his/her head into the line of fire and ask for increased headcount to process more abuse complaints. Right now, they're just trying not to lose more people.

Bottom line, doing a good job dealing with spam complaints is a luxury that few companies can afford these days.

Of course, that doesn't make it right.

Re:MCI Doesn't care about $5M revenue sources

[Seumas]

Whether or not they're actively pursuing SPAM as a business venture, they have an obligation to perform even the most rudimentary examination of their potential customers to prevent providing services to known spammers. Not only is this important for the health of mail servers everywhere, but for all of their other customers who pay good money and should not have 80% of their outbound email refused because someone MCI is providing services to on another IP address (but in the same block) is abusing their services and has caused everyone to be blacklisted.

We're not talking about expensive blacklists here. We're talking about some lackey at MCI going to Spamhaus and checking if the person or business signing up with them is in the top ROKSO list of top 200 professional spammers. There is no excuse for providing services to these people, other than laziness, greed and disgregard for their other customers.

Take iMedia, for example. It's very simple to do a check for iMedia and find all of the commonly registered names under which they do business. Someone signs up a dozen accounts with marked names from this list - deny them business. You've just saved your company's reputation, your customer services representatives time and aggrivation, your other customer's frustration and business (nobody likes being unfairly blacklisted for weeks at a time, because of your poor business practices) and mail administrators the world over.

Or . . . just grab the money and run. That's MCI/WorldCom's way, after all. From the top down.

Re:MCI Doesn't care about $5M revenue sources

[jrumney]

At the board level, you're probably right. But somewhere within MCI there are individuals that are using spammers to meet their sales targets. They're not about to drop it without pressure from above.

Re:MCI Doesn't care about $5M revenue sources

The business is not grown by millions at a time. Corporate does not want to pursue 200 separate $5M revenue sources. They target a few hundred-million or billion-dollar goals.

Funny, most business I know sell products with prices way under that and yet they are large profitable corporations. MCI sells long distance to consummers. That's not millions per person.

New mail protocol

[truG33k]

IMHO, what is really needed is AMTP, an Advanced Mail Transfer Protocol. The core of the spam problem is that SMTP was not desinged to handle the problems people are seeing now, mainly being spam. There have been a series of tools to aid SMTP in stopping spam such as RBL's and SPF, however, at the core of the problem, you still have a mail protocol that didn't have security in mind when it was created.

Re:New mail protocol

(not original poster)

Explain why, asshole.

Re:New mail protocol

[LukaFox]

That's true. SMTP is just what it claims to be: simple. The only problem with a new mail protocol would be backwards compatibility. It couldn't be compatible with SMTP and still be effective in preventing spam or email spoofing. However, ISPs are not going to want to implement a protocol that no clients can use, and email clients are not going to support protocols that are not actually in use as easily. SMTP has been around for a long time, and replacing it isn't going to be easy. SMTP would have been replaced already if it weren't so universally used.

We've already got competing solutions to some of the problems with SMTP, but not a lot of people are using them. Most people don't encrypt email, S/MIME still is not widely used.

Re:New mail protocol

[Soko]

I disagree. Security, in the traditional sense of the word, means that a major portion of e-mail functionality would be lost.

E-mail - for that matter, even the telephone system - is a random, anonymous contact system. What I mean by that is that you don't know where, when or whom is going to contact you via e-mail, and it's supposed to function that way. You can't secure your system against anonymous contacts or one of the design intents of the system fails.

IOW, SMTP, though it could be much better, isn't truly the core of the problem. It's establishing beforehand whom you wish to speak to before they want to speak to you.

Soko

Re:New mail protocol

[thogard]

Your problem is someone else feature. SMTP allows things such as anonymous mail which was considered important in emails early days. The real problem is someone sees anonymity as a business venture and the suckers fall for it. If you remove that, then the spamers will just lead longer paper trails which will cost them slightly more but wont stop anything. After all these guys are going out and paying cash for T3 setups fees and monthly fees in advance for a circuit they expect to get a few days use out of. They will be happy to comply with any sill new rules an advanced email system will provide.

X.400 fixed all the problems. You can buy a pateneted solution today that fixes all your email problem but it costs several tens of thousands of dollars per year in license fees alone to run an x.400 system.

Re:New mail protocol

[AKnightCowboy]

However, ISPs are not going to want to implement a protocol that no clients can use, and email clients are not going to support protocols that are not actually in use as easily.

And that is our problem with the Internet today. 20 years ago you could schedule a time to switch over to a new protocol and that would be that. Sorry, we didn't get your mail because we don't use that protocol anymore. Didn't you get the memo?

Re:New mail protocol

[a_n_d_e_r_s]

Maybe we should all switch to CMTP instead ?

C = complex - and anti-spammable!

Re:New mail protocol

[Hymer]

I agree... but it must :

not be a replacement (f.x. not run on port 25)

not be backward compatible (pointless)

have sender verification (we want to be sure that the sender IS in fact the sender)

support encryption on at least 256 bit level (as an option)

be a binary protocol and not text-based (let's get rid of all those encoding issues)

be free (as in NOT patented and without royalties)

support RBL's
...anyone interested in developing this ?
I can't, I don't have the time and knowledge...

Re:New mail protocol

...anyone interested in developing this ?
I can't, I don't have the time and knowledge...

Me! Please, pick me! I don't have anything better to do!

How much of the spam goes back to them?

[PxM]

If their customers don't get any spam because they have good filtering, then they have nothing to lose (as long as outgoing bandwidth is properly paid for) from hosting spam. As long as MCI can tell their customers that they're fighting spam, they'll keep their customers. At least, until some other ISPs block them out completely.

--
Free iPod? Try a free Mac Mini
Or a free Nintendo DS
Wired article as proof

Re:How much of the spam goes back to them?

Please do not spam links to pyramid schemes!

Re:How much of the spam goes back to them?

You've been flagged you free iPod peddling little faggot.

You've been now added to the anti-slash merck bots list and now will pay dearly in karma.

enjoy.

Making Money

[Bonhamme+Richard]

Note: I'm stealing this for Richard Marcinko's Rogue Warrior's Strategy for Success. Don't sue me Dickie, I gave you credit.

To paraphrase an anecdote used as an example in Dickie's book :

Johnson and Johnson's Corporate credo lists J&J's responsibilities in this order 1) to the consumer 2) to the employees 3) to the community 4) to the shareholders (meaning to making money.)

When Tylenol (a J&J product) was tampered with in Chicago, resulting in the deaths of several people, the local police advised J&J that it was an isolated incident, and that a recall was not necessary.

J&J recalled anyway (a $350 million process) and consumers flocked back to Tylenol when it was reintroduced to the market with new tamper proof packaging. Since consumers had proof that J&J cared about them, J&J ended up making money.

The moral of the story is that caring about your consumers may be less profitable in the short run but that in the long run companies that put the consumer first do better. It's obvious to me that MCI does not put the consumer first. Point 4 on the J&J credo is point 1 in MCI's strategy. MCI just lost one customer.

Re:Making Money

My employer's credo is: 1) personal profit, 2) personal profit, 3) personal profit, 4)personal profit.

He'll screw anyone in his pursuit of selling something. I've advised him against certain things, stating that it will hurt him in the long run. He didn't care and went ahead anyway. Yup, people were pissed, he lost customers.

He wonders why he has such a high employee turnover rate. It's simple, he treats everyone like shit and doesn't keep promises. When he asks for expert advice, he really doesn't want your opinion, he wants you to back up his plan, no matter how badly thought out it is. He gets upset when you don't reinforce his beliefs: "no, setting the login/password on all the computers to the same thing is a bad idea. Setting the password for remote access to the same password is an even worse idea" -- "do it anyway" -- "Fine, when your entire network gets owned, I am not responsible" (I look forward to the day that happens).

I took the job because nothing else was available. I am actively looking for a new job. I simply won't work for someone lacking ethics. I wish I could quit this moment, but having a family to feed makes that impossible.

Re:Making Money

[slashname3]

The credo list you have (1. to the customer 2. to the employees 3. to the community 4. to the shareholders) was a short term abberation that virtually no company in the world today would agree with.

All companies today use the following order 1. shareholders 2. shareholders 3. shareholders 4. company executives.

Companies today have a vision that is about 3 months out to the next quarterly report. The reason is that shareholders will trash a companies stock if they don't exceed all expectation each quarter. And companies have no loyalty or responsibility toward employees. Employees are the first ones cast adrift so a company can show a short term improvement on their bottom line. As to customers, I have to think that most companies feel their customers are morons and idiots. Just look at the commercials they run. :) It has been long known that many companies calculate just how bad they can perform customer service without running off most of the thier customers. Why do you think companies want you to input your account numbers when you call customer service? So they can identify really good customers from the rest of and drop you into a long wait queue in India. Really good customers (read high dollar value customers) get put at the head of the line and get routed to customer service centers here in the US.

J&J was in a shear panic over that incident. And they did what they did because they felt the company was dead if they did not. Bottom line. Nothing more nothing less.

Re:Making Money

[skoda]

While this is interesting, it's wholly irrelevant. The tampering was huge news, could be fatal to consumers, and ultimately could have destroyed J&J's business if they didn't restore public confidence in their product line.

In contrast, MCI making a few bucks from spammers isn't in the news, not really newsworthy, won't kill anyone, and doesn't threaten MCI's entire business.

There's little benefit to MCI in addressing this particular issue. MCI could aggressively attack this revenue source, but no one would hear about and few would really care.

Re:Making Money

[Femme_Ender]

Somebody sounds bitter....

I'll give you that a good number of companies perhaps do follow your "'shareholder x 3'/CEO" credo. but not all of them, mate. arguably, not even the majority. no where close. Perhaps some of the big companies -- ENRON, AOL, MCI, or anything Bill Gates has ever touched -- come to mind first and provide fuel for your argument. But the majority of companies traded on the market, and the VAST majority of those in existence (partnerships, family owned businesses - small OR large) don't operate that way.

A prime example of a "big company" that very distinctly does not follow your "stockholder-ceo" allegiance theorem is the Howard Hughes Company. A bit of history: Howard Hughes did a LOT of government contracting during his life, but didn't always live up to the requirements. Upon his death, the government couldn't retrieve (for leagal reasons) the money they'd loaned him for his projects because he had left it all to the Howard Hughes (pharmacuitical research) Company. Today HHC is one of the few firms that operates and finances R&D off its own surplus reserves. Moreover, it grants six years guaranteed research grants to scientists REGARDLESS OF RESULTS: if the researchers fail, their grant is not prematurely withdrawn, some times it is even renewed with the "fix it" or "try something new since you can" message. This sounds a lot like the type of company BonHamme Richard mentioned -- and not at ALL like the money-driven success-mad firms you describe.

Bottom line. Nothing more and nothing less.

Re:Making Money

[Bonhamme+Richard]

Information used in my response from: http://www.personal.psu.edu/users/w/x/wxk116/tylen ol/crisis.html

J&J was in a shear panic over that incident. And they did what they did because they felt the company was dead if they did not. Bottom line. Nothing more nothing less.

Quite frankly, I don't really care why J&J recalled Tylenol (though Tamara Kaplan of Pennsylvania State University implies in the above article that the executives of J&J were genuinely remorseful) the fact of the matter is that they recalled it in under a week. Kaplan says:

"As the plan was constructed, Johnson & Johnson's top management put customer safety first, before they worried about their companies profit and other financial concerns...This was unusual for a large corporation facing a crisis...An article by Jerry Knight, published in The Washington Post on October 11, 1982, said, "Johnson & Johnson has effectively demonstrated how a major business ought to handle a disaster."... Many executives attribute the success of the comeback to the quick actions of the corporation at the onset of the Tylenol crisis. They think that if Johnson & Johnson had not been so direct in protecting the public interest, Tylenol capsules would not have reemerged so easily."

Whether J&J's motives were altruistic or selfish, in this incident they acted with the public good in mind, and that is what matters. The blanket statement that "All companies" act in selfishly all the time is clearly false. As is one that proposes altruism on behalf of all companies.

If you look at the article a few days ago on Google's prize money for creative ideas, you'll realize that Google gives more to its employees in bonuses than its founders make. The two founders make a few Million a year (2M-4M), and the company gives out 12 Million to employees on successful products every quarter. This does not make Google a perfect company, but it certainly is not the soulless, horrible organization you describe all companies as.

While I certainly understand that not every company thinks exclusively of the public good, what I was intending to show is that if a company does act for public good, it does well.

When J&J moved to protect its customers, its customers responded by trusting it. MCI has shown that it does not have my interest at heart. I don't trust MCI. Bottom line.

Re:Making Money

[dubl-u]

All companies today use the following order 1. shareholders 2. shareholders 3. shareholders 4. company executives.

And your source for this information would be what exactly? I'm pretty impressed that you've managed to find out what all companies today do; there are a lot of them. Some companies that I know from the inside seem to have a different attitude, but I guess I must be mistaken.

J&J was in a shear panic over that incident.

A shear panic? Is that where you're so freaked out that you run with scissors?

Re:Making Money

[buss_error]

The company I work for put out a 1.2 M USD bid for telecom service. MCI and SAVVIS both bid.

I printed a list of the spammers on both, set them in front of my boss along with the RBL entries for them, and told him I couldn't work for a company that would support these people with contracts, that I would have to leave if either bid was accepted. And I ment it. And he could tell.

End result: Both were disqualified from the bidding process.

MCI & SAVVIS: Get rid of your spammers. All of them.

Re:Making Money

[zogger]

that just sucks man, really does. I hope you are documenting any abuses in case of future run ins with the authorities so you don't get screwed.

Here's a thought, whatever business this guy is in, he must have competition. It would probably follow then that those competitors need similar skills to what you have, so that might be a place to look for work.

As another thought, it would be nice if slashdot had a work offered/work desired posting section. And maybe even a mini eBay type thing.

Re:Making Money

[OldManAndTheC++]

Here's an interesting quote about the responsibility of corporations to their shareholders:

[snip]

There's not a lot of governance going on in corporate boardrooms. And the first thing that's not going on is that boards are not establishing the purpose of the corporation. Board members believe their only choice is to follow the prime directive, which is to maximize returns to shareholders.

The genesis of this directive is worth exploring a bit. It may have a feeling to it of long-settled and inviolable law, but it does not arise from either federal or state constitutions, nor is it in any solid sense found in state statutes. Indeed, it contradicts America's early tradition of chartering corporations to serve the public good--to construct bridges, for example. Shareholder primacy emerged from the ether in the midnineteenth century, when it was articulated by the courts. The basis of shareholder primacy is thus primarily common law, judge-made law. In state statutes, directors have a duty of loyalty to the corporation. But in common law, this is interpreted as a loyalty to shareholders alone.

Common law can be overturned in a heartbeat by legislation. And legislators have in fact attempted to make changes in thirty-two states, with stakeholder statutes that give directors leeway to serve the interests of employees and the community. But because enforcement tools for these laws are nonexistent, the myth of shareholder primacy remains solid in the business mind.

This myth found its most forceful articulation in the 1919 Michigan Supreme Court case of Dodge v. Ford Motor Co., which established that "A business corporation is organized and carried on primarily for the profit of the stockholders. The powers of the directors are to be employed for that end." There are exceptions, but this basic design has been affirmed in various ways over the years--particularly in Delaware, where over half the Fortune 500 is incorporated and hence where the most significant precedents are now set. Thus we have a handful of conservative Delaware judges setting economic policy for the nation. And that policy remains tethered to two sentences a state judge wrote eighty years ago. "To this day," as George Washington University law professor Lawrence Mitchell has written, "Dodge v. Ford remains the leading case on corporate purpose."

[snip]

from The Divine Right of Capital: Dethroning the Corporate Aristocracy by Marjorie Kelly

I'd argue that corporations are legally forced to act for the benefit of their shareholders, to the exclusion of all other considerations, despite the personal motivations of the managers and/or employees.

Re:Making Money

Although I agree with you that most companies are strictly short-term thinkers, there is at least one out there that is taking a different approach. Which naturally pisses some people off on Wall Street because all that money spent on wages and insurance should be bettering valuation or dividends instead.

Re:Making Money

[danila]

Oh, that's nice. Now I finally can justify reading Slashdot all day. :) The material you quoted and the references in it will fit nicely into my Ph.D. thesis on capital structure and project valuation.

Who would have known... Thank a lot!

Re:Making Money

[I8TheWorm]

Wow, his name isn't Tom Barr is it? I worked for a guy JUST LIKE THAT at JPMorganChase a few years ago. He was fired two weeks after I quit.

Not surprising.

[jwcorder]

Aren't we talking about the same MCI/Worldcomm that cooked their books 2 years ago? So bad accounting practices don't seem to be the only questionable business in which they participate.

Non Unique

[discordja]

Why is this news? Almost every bandwidth provider in the country will house spammers so long as they aren't breaking any laws. Internap, the largest bandwidth provider in the states, houses a good number of spammers even tho it's "against policy" to send unsolicited email. If the almighty dollar is involved don't expect companies to be "moral."

Re:Non Unique

[nchip]

Thats an lousy argument. Just because everone else is doing $badthing, doesn't make it right. The MCI thinking goes "they don't send spam from OUR network, they relay via troijaned machines in random dsl networks to hide the origin of the spam, so they aren't breaking our AUP."

And it is NEWS - because the bad publicity is the only weapon against immoral behavior of companies.

God doesn't care if you don't say "bless you!"

[MorboNixon]

As a former employee of UUNet, whom, in turn, got bought out by Worldcom, which was once and now is again called MCI...*breath*...I can say that my pop.net POP3 account I had when I employee there remained active for at least 4 years after I left in 2000. It only got deleted after I stopped checking it for over a month.

What does this mean? Well, speaking from experience, they don't have nearly as many people monitoring this stuff as they should. So, my guess is that this SPAM abuse is the result of neglect. However, as with most any telecom/IT company, Marketing and Sales drives the business, the techies are beholden to the machinations of the Marketroids and Salesbots. This could be their bright idea.

Re:God doesn't care if you don't say "bless you!"

[WoBIX]

They're not the only ISP that doesn't pay attention to accounts. A friend with a dial-up account back in the mid nineties closed her account when she moved. She discovered that she still had email access to it, and even dial-up was still available. Her boyfriend shared the dial-up info with a bunch of their friends and they all had free net access for several years. Last I checked it was still active.

Re:God doesn't care if you don't say "bless you!"

I worked for MCI when the merger was going on (I think BT put in an offer for cash and stock and then WorldCom topped it with a mostly-cash offer) and it was crazy times. People calling their brokers to sell their shares in the company (this was a different time, none of my friends who today work at HP have stock).

I remember somebody put a cheap plastic "FOR SALE" sign on the ~$10,000 marble MCI logo, which still stands today (it was never changed to WorldCom). It was there all afternoon but was gone when I left in the evening.

Opposite examples...

Just ask Intel how accurate the Pentium floating-point calculations are.

Ask Ford how safe the Pinto's gas tank is.

if MCI is profiting from spam

[Neuropol]

then why not go after them and the other companies who publicize their success stories of wokring with spam agencies.

just yesterday it was posted at cnn.com that companies around world lose ~$22 Billion a year in spam related lost-time and general IT issues directly affected by spam.

it seems to me if one company is posting loss and the other is posting gain, both due to increased spam, the two should get together and chat at some point.

I for one click on every spam link...

[ABeowulfCluster]

You know you want to click it... .. REally.. what could be the harm? Go ahead, click. http://www.post-literate.com/gerpunx/archives/2005 /01/prepare_to_lose_your_mind.php

I bet it costs MCI more than $5M

[sbaker]

Yeah - they may inadvertently make $5M from spammers - but I bet the cost of spam to them is a LOT more than that. It follows that this is not an intentional part of their business model - but merely the residue of spammers that they've been unable to eliminate.

Not surprised

It has been long known that MCI is also a top telephone telemarketer, so I am not surprised they decided to "legalize" spamming under their own Terms of Service.

Of course. They're criminals

[Animats]

What do you expect? Worldcom/MCI was run by criminals. Their former CEO, Bernie Ebbers, is on trial right now in New York for fraud and conspiracy.

AS number

[IAR80]

Does anyone know MCI's AS number? Because I am going to take it out of my BGP.

Re:AS number

[Fished]

If you had clue enough to deserve access to a BGP-equipped router (I doubt that you do) you would know that MCI is the world's largest provider of internet services, and that to take them out of your BGP would only hurt you as half the internet (it might be less now, but it used to be half) couldn't reach you.

Re:AS number

they are probably your ISP.
just cut your TX and RX of your DS3.

Re:AS number

[Marz_Bug]

AS 701/702/704/705

Re:AS number

[IAR80]

Well if you have clue enogh to know how to conigure BGP you are well aware that you can filter the routing using regexp against the AS path, therefore you can block just their adress space and let their AS owning customers through. I bet that the hosting service has adresses who are part of their AS. :D

Re:AS number

[IAR80]

Thank you! :) I'll try it for a couple of days and see if the spam decrease will be significant.

Re:AS number

[IAR80]

Well guess what! No! :))

Re:AS number

I am sure MCI's customers will be calling thier sales reps to cancel when they can no longer reach basement_dweller.dyndns.net

Re:AS number

[NotoriousQ]

Suppose you do this, and you can still reach the whole internet, how does this help you? Stuff from UUNET/MCI can still find you.

Would it not be more intelligent to find their ipblock and filter on that.

I think IHBT.

Re:AS number

[Cramer]

If you knew anything about BGP, you be wouldn't asking such a lame question... you'd go look for yourself. If you don't know where to look, you shouldn't be playing with routers.

Re:AS number

[IAR80]

There ip block might be huge with hundreds of subnets who might change a lot and I do not want tu burden the firewall with theat. If I take out the routes to them SMTP will stop to work since it is TCP based. I do not care if they still have a route to me.

Re:AS number

And you should not be trolling on ./ :))

What about this loss

[bman08]

Is this over the quintillion dollars lost on the 200 million billion man hours that their employees waste deleting the stuff every morning?

MCI has an even better reason to stop this

[ShatteredDream]

Spamming is now illegal in the U.S. and they are a company that just got into major accounting trouble when they were WorldCom. The last thing that MCI needs is to have more clients abandon them and more government scrutiny because they support spammers.

Re:MCI has an even better reason to stop this

[justin12345]

No spamming is now specifically LEGAL in the United States thanks to the CAN SPAM bill. You just can't do things like fake reply-to lines and you have to give an opt-out method; there are a few other regulations too that don't come to mind.

The Nigerian thing and viral spam has always been illegal as they constitute fraud and vandalism (repectively). But they aren't usually described as spam and won't ever be effected by legislation or probably anything else other than email filters.

Re:Wierd...Two different things

[Secrity]

The part of the AUP that you are quoting only prohibits the sending of spam. The article is talking about "spam support" which includes other things, such as web site hosting.

From the article:

"MCI Worldcom's official position on the issue is that MCI can't stop their spam gangs selling proxy hijacking spamware from MCI's network as that would be 'censoring' the distribution and sale of illegal proxy hijacking software.

MCI is the only American, and indeed only Western network, where this spam support activity is "not against our policy". Spamhaus maintains that MCI's 'protected speech' excuses for servicing known spam gangs and proxy spamware distribution sites are dishonest and non-sensical in the face of the Internet's spam epidemic."

Nice job, Asshoooooooole

[MorboNixon]

account I had when I employee there

Before anyone else gets to it...

What are you a caveman??? Try proofreading, ya yutz!

Drop em?

At what point do we start "accidently" dropping MCI packets on various routers around the world?

Re:Wierd...Two different things

[NetNifty]

Ah, well that makes more sense then. Thanks.

Darn...

These spam promoters don't show the spammers email address anymore.

And I was soo tempted to sign a few guest books with them so that they would get all sorts of nice cash offers from dead dictators, dead husbands, princes, poor orphans/refuges/etc with internet access, buried cash boxes being hold by corrupt officials, dyed money that needs a special remover to clean it, etc and all you have to do is send them money to get some back!. Why bother with spamming pyramid schemes when there are several Mariam Abachas waiting to give you 10% $100,000 left by their dead Nigerian husband "100% risk freely"... provided you pay them the fees necessary to do so.

Explain to me

[mattmentecky]

Could someone tell me the rationale for the Slashdot crowd supporting the file sharing programs/networks because they can be used for legit purposes and the "owners" stay out of the mix so to speak, and then on the other hand, slaming MCI for basically doing the same thing in this case? Sounds hypocritical to me.

Re:Explain to me

You must be new here.

Re:Explain to me

[timmyf2371]

It's rather simple - filesharing gives people something for nothing whereas spam annoys people and wastes their time.

Not saying I agree with this "philosophy" by any means though.

Re:Explain to me

[Captain+Nitpick]

It's rather simple - filesharing gives people something for nothing whereas spam annoys people and wastes their time.

To put it a little more poetically, file sharing gives people something for nothing whereas spam gives people nothing for something.

Re:Explain to me

No more hypocritical than passing wimpy legislation to deal with the spam problem and overreaching legislation to deal with the filesharing problem.

Re:Explain to me

[DreamerFi]

I'm sorry, I'm not aware of any legit uses of software that sends bulk mail via virus-infected computers owned by others. Please enlighten us.

Re:Explain to me

[mattmentecky]

The 'software' here is email....and besides, I was talking from a service point of view. The network itself is definitely used for legit purposes...

Think outside the box

[JPriest]

I really wish people would stop saying that.

Just becasue a new protocol exists does not mean that the internet at lage must upgrade to it the same day.

For instance, the group I work in only communicates with other people in the company and a small handfull of other IT companies. If there was a better solution we could easilly set up aliases on it and migrate to it. Some universities would offer it to students, and some companies could offer webmail or commercial service using it.

It is not like most people don't already have 2 or 3 email aliases as it is. This is not IPv6 we are talking about here, it would work along side what we have easilly.

You show me a hardened, open replacement for SMTP that would scale to the way we use SMTP today and I will show you a market for it.

Why no action from the AG then?

Then why hasn't the VA AG done anything? MCI's lawyers have already talked to the AG about this and he isn't going to do dick.

a question...

[mforbes]

Does anyone on /. actually receive as much spam as Spamhaus reports? According to TFA, they're estimating that as much as 95% of all email will be spam by 2006; I don't know about you, but I don't run an ISP-side spam filter, and I average maybe 2 or 3 a week, out of several hundred emails per week (I belong to several email lists, so my average is fairly high.)

Re:a question...

[x40sw0n]

interestingly I had a run in with a spam nightmare at work. I get a lot through MSN, almost none from either of my pop accounts, a few with my work (exchange server). My boss however gets hundreds a day, (which speaks loads about his online habits). I ended up installing a bayesian filter for email on the exchange server, using a spamassasin based tool. works wonders, but no one but he really needed it.

Re:a question...

I run a small webhosting company, and on any given week 70-80% of all incoming mail delivery attempts are rejected as spam by server-side DNSBLs. The DNSBLs catch around 95% of the spam, so based on my stats you can infer that 75-85% of the mail circulating on the Internet today being spam. (I think my clients are pretty typical Internet users -- some web-savvy, some clueless, and a lot in between.)

I didn't read the article, but if it's stating similar numbers, then it's pretty accurate.

Re:a question...

According to my POPfile stats for one account, just about 95% of messages received over the past 20 months have been classified as spam with 98.89% accuracy. That's over 23,000 spams for a thousand legit emails.

That's on an account that does have an ISP-side spam filter in operation, so all the spam sent to that address doesn't even reach POPFile.

Re:a question...

[bani]

90% of mail to my server is spam now. 95% by 2006 doesn't seem too much of a stretch.

Re:a question...

[kjamez]

it really depends on if you include what the various spam filters along the line drop ... my mailserver drops (as in ignores) every spamassassin says is 13+ points. my local mail client (kmail with spamd running) marks the rest as [SPAM] and files it in the trash for me (4-12.9 points) ... i get thousands upon thousands of spams daily (i've had and used the same email address since 1995 ... and aquired some since ), most of which are completely ignored. end up with maybe 40-60 daily in my client. 3 or 4 daily that get past all filters, which i use to train whenever it get's to be 100 messages or so ...

mailing lists are legit. you won't get much spam to mailing lists, 'moderated' ones useually get none. but how long was your email address published on various websites before it was such a big deal to hide it. eight years ago it wasn't a bad thing(tm) to publish an email address on a webpage. now it's dant e @@@ at wiw Do.T.TotDot org to make the spam bots freak out and not recgonize it.

i did some tests with spam traps and email addresses that never once existed, just a unique one to an ip address or a date or whatever. i don't want a /.ing but on my site at /projects/cliff/inbox.php is a thousand or so mailto: links back to address that sent fully unsolicited email ...

Re:a question...

[Cramer]

Yes and no. Across a wide enough sample, the 95% number will very likely be true. But in the smaller corners of the net, the number is much smaller. At my previous employer, there were about 10-20 messages dropped at the server from between 400-500 per day. And about 10 spams per week would get past the rules. Of course, that (obviously) wasn't an ISP. :-)

Re:a question...

[ErikZ]

And what happens when you take away the filter? You see lots of spam right? The emails you don't see are still taking up bandwidth on the internet cause they still need to be transfered.

Re:a question...

[ozric99]

Does anyone on /. actually receive as much spam as Spamhaus reports?

I run Popfile on my main PC. For someone who gets more than a handful of spams a day it's simply invaluable. Let me prove it to you. Here are some stats I've just copied and pasted from its web interface:

Since Thu Nov 20 16:14:56 2003
Bucket Classification Count
inbox-----------1,505-------1.04%
invoices--------196---------0.13%
newsletters-----2,076-------1.44%
spam------------139,989-----97.29%
unclassified----114---------0.07%

Messages classified---------143,880
Classification errors-------830
Accuracy--------------------99.42%

I don't post my email addresses all over the place* and as far as I can remember haven't posted on usenet for a long long time. Getting two or three spam emails a week firmly puts you on the "lucky" or "minority" side.
If nobody really got much spam at all then there wouldn't be stories all over the place about it and slashdot wouldn't have its own "spam" section.

Re:a question...

[mforbes]

Um, I said I -don't- run an ISP-side filter. My ISP does make it available, but unfortunately they drop all incoming mail from .ru domain (Russia), and I actually have a need to receive those.

I do run some simple automated rules on my inbox, but on average less than five emails a week go into my 'Junk' folder.

No suprising considering MCI's past.

[PocketPick]

They've also had some of the highest fines when it comes to violating the do-not-call list.

Example

This isn't a customer issue

[Mr.+Underbridge]

The spammers MCI hosts don't preferentially hurt MCI customers. They hurt everyone. So the J&J analogy isn't quite on the spot. If anything, this one's a community issue, definitely not a customer issue.

That said, as mentioned, this is likely due to the fact that they are enormous and don't have the time to eradicate $5M worth of spam business.

Spamhaus astroturf

Spamhaus does not use the US Can Spam Act or FTC definition of Spam so this is report is astroturf...

MCI's spam policy hurts clients

[John3]

I've found our mail server blocked by several smaller RBL's merely because our Class C is part of MCI's pool. Granted that most ISP's don't use these small personal RBL's, but it isn't a good sign when someone will block MCI's entire IP block because of the amount of spam originating within their network.

I wish they were still just uuNet. :-(

Re:MCI's spam policy hurts clients

[bani]

this is the while point.

if MCI won't listen to complaints from non-customers who are victimized by them, the pressure to change needs to come directly from MCI customers.

IOW, RBLs _make_ spam MCI's problem. the more MCI ignores their abusive customers, the more MCI will be blocked, and the more MCI customers will complain to them.

the idea is that either:
1) mci will come to their senses and nuke their spammers, or
2) go out of business after all their customers leave in disgust.

it looks like they're hellbent on 2), especially after their ceo was indicted and their CFO plead guilty to fraud.

Re:MCI's spam policy hurts clients

[Skapare]

I'd like to have the good ole days of the original UUNET, too. But alas, it's history. UUNET has been borged by an evil telephone company.

I take it that you are referring to 206.67.47.0/24.

So now it's time to quit using MCI/UUNET. A suitable alternative is to just quit paying them money. Or you could sue them for failure to provide 100% internet community peering acceptance. In any event, lots of us won't be crying over any "collateral damage" that affects you so long as MCI/UUNET supports the massive collateral damage of spam. It's rather obvious now that the act of staying an MCI/UUNET customer is an act of spam support, since it only encourages them to just keep on doing what they are doing now since they don't see any financial loses if you don't leave.

Re:MCI's spam policy hurts clients

[John3]

So now it's time to quit using MCI/UUNET. A suitable alternative is to just quit paying them money

It's on my "to do" list, but I wonder how much work and expense I can justify to "punish" them. Will it be MCI that suffers, or me? In the big picture there are political and social issues that need my attention more than battling MCI over their spam policy.

Re:MCI's spam policy hurts clients

[Skapare]

I would not call getting your email to work 100% again to be "suffering". You'll suffer more staying with MCI. Of course, if MCI was not blacklisted and blocked, you wouldn't have this incentive to leave MCI. No battle is needed. You simply hunt for a new ISP that has no history of supporting spam (suggestion: avoid telephone companies and cable companies), and sign up. Have your company lawyer write a notification to MCI that you are cancelling your contract due to their documented failure to provide full internet service. Send that to MCI along with a bill detailing your costs of making the switch (not that we would expect them to pay it ... but it would serve as a notice that you have something to add on to a counter sue if they hassle you over this). Then switch your firewall and server addresses, including DNS changes. I've twice moved entire ISPs between upstream providers; it's not all that hard to do if you plan it.

As the internet is gradually dividing into 2 parts, guess which MCI will be stuck in.

I work for MCI and this completely pisses me off

What is interesting to me is to see whether this shows up in our daily news clipping service on Monday.

I'm going to raise some serious hell inside the company about this come about 9am on Monday.

They make far more than $5M from spam

[Pig+Hogger]

Those sleazebags make far more than a mere $5 million from spammers. Whenever each of their customers are getting spammed, they're only too happy to send them the bill for extra-bandwidth consumed (plenty of people have T-1 or above high-speed connections that are rated by used bandwidth).

Hosting spam costs more than is brings in.

I've worked for a major hosting provider, and I can
tell you, hosting spammers is a money-loosing proposition. Our company used to host some spammers, of the "following the letter (but not spirit) of the law", "We're not spammers! <wink-wink nudge-nudge>"
variety. Some of them were huge accounts, including our biggest customer.

None of them were worth it. The spammers themselves were a huge drain on our support dept, and many of our other customers were constantly complaining because of our IP blocks being blacklisted.

Finally, we bit the bullet, and showed all of the spamhouses the door (like I said, including our biggest customer). It was a good, and very profitable, move. Within two months, all of our IPs were off the blacklists, our support costs dropped, and our reputation went up, attracting more customers (and big ones, at that).

Moral of the story:
1) Hosting spammers is a bad idea, for business as well as moral, reasons.
2) (The big point) Blacklists work. Very. Well.

So where is it all coming from?

[AstroDrabb]

According to TFA:

Over 70% of current spam comes from proxies (PCs infected with viruses/trojans). Since the release of Sobig, the first commercial spam virus designed by spammers to infect PCs turning them into networks of proxies through which spammers then send millions of spams anonymously, spammers have released countless virus variants, mostly variations of the original Sobig code, and have been infecting an estimated 80,000-100,000 new PCs every week.

So what I want to know is when is MS going to get off their butt and make their desktops more secure and resistant to these _simple_ types of attacks? There really should be no reason for a simple email or web browser exploit to be able to take over a users _entire_ system and exploit it like this. Hell, at least Linux and Mac OS X run normal users as NON ADMIN USERS and prompt for a password for admin activity. Why can't MS do this? And No the runas command doesn't even come close to the ease of use of having a dialog just pop up and ask for a root password when needed. Heck, Linux is Open Source, MS can look at how the major Linux distros do it if MS is not certain about how to go about it.

A few simple changes on the part of MS and the majority (70%+) of spam can be stopped.

I know that a ton of MS Windows applications die if they are not run from a user with Admin rights. However, all MS needs to do is implement a system like Linux or Mac has done and make _every_ user a non-admin user by default instead of making _every_ user in the Administrator group out-of-the-box. Then you will be running an MS Windows desktop as a non-privileged user. Now if you run one of those MS Windows applications that need Administrator access, MS Windows just prompts you for the Admin password. How hard could that be? This small change will allow all those "we need admin" programs to still run, however, it should prevent most of these email/web browser types of attacks from taking over a users system without their knowledge. For example, with this new system, an MS user using an exploited IE goes to a site, the next thing the user knows is that a site prompts for the admin password, the user clicks cancel and no-harm done. It is much easier to teach Joe User to _never_ put in his admin password for any web site than it is to teach Joe User to go out and spen money on an Anti-Virus program and _true_ two-way firewall program (MS's firewall is only one-way) and install them both and keep them updated.

Re:So where is it all coming from?

perhaps its because even if that happened your average windows user would just type in their password. I have seen this happen with Zone Alarm, where people just click 'the allow access' because they find it irritating and a bugbear when a piece of software trys to protect them.

Re:So where is it all coming from?

[nzkbuk]

What really needs to happen is a class action suit against M$ for promoting spam though the security holes in their software

No-brainer indeed

Writing this law (or lines in a law) seems like a no-brainer.

Yeah, because Worldcom would never break the law. Well, there was that one time when they perpetrated the largest case of accounting fraud in US histroy a couple years ago. But that's all behind us now. I'm sure George Bush's tort reform will arrive just in time. We must curb those nasty class action lawsuits you know, they're killing the American entrepreneurial spirit.

Now, let's whip up some irrational hatred for their network's spam policy and forget all that. Cue Emmanuel Goldstein bleating like a sheep in 3, 2, 1.... "We are at war with the spammers. We have always been at war with the spammers. ISP's are hiding behind common carrier status. The only way to defeat the spammers is to revoke the ISP's common carrier status! [Goldstein]: 'Common carrier status protects you. It prevents you from having your communications monitored around the clock by the government and ISPs. Without common caaaah [sheep bleating] baaah baaaaah!' Crimethinker! Oldthinker! Hold ISPs responsible for spam! All over America this morning there were irrepressible spontaneous demonstrations when workers marched out of cubicles and offices and paraded through the streets with banners voicing their gratitude to our President for the new, happy life which his wise leadership has bestowed upon us. Here are some of the completed figures. Spammers Executed-"

Let's switch...

Let's all switch to an other provider.

If consumers start taking spam in consideration when they subscribe to an ISP, providers will soon figth it for real.

The basic problem.

[OgTheBarbarian]

Sending huge amounts of spam/virii - very cheap to do. Stopping huge amounts of spam/virii - very expensive. Companies must make investors happy with profits or have their stock and bond ratings shot to hell. People sell off stock. Borrowing power dries up. No more company.

Cant Believe Vint Cerf is with MCI !

[AshuBhai]

Can somebody please post email id's for all the MCI execs. At least we could have the pleasure of subscribing them to extremely useful and fulfilling penis enlargement newsletters. On a more serious note, I cant believe this is actually a company with luminaries like Vint Cerf ( in my book the father of the Internet) on its board. There's nothing more ironical than that.

Re:Cant Believe Vint Cerf is with MCI !

"ironical" ?
Good god, the language on slashdot is really terrible.
I'm getting the impression this place is frequented by a bunch of spotty teenagers.

Re:Cant Believe Vint Cerf is with MCI !

Ha! They fooled you! They've just got the emotional maturity of teenagers - they're actually in their twenties and thirties.

Re:Cant Believe Vint Cerf is with MCI !

I know you are a troll you son of a whore.

Re:Cant Believe Vint Cerf is with MCI !

ironical

adj 1: characterized by often poignant difference or incongruity between what is expected and what actually is; "madness, an ironic fate for such a clear thinker"; "it was ironical that the well-planned scheme failed so completely" [syn: ironic] 2: humorously sarcastic or mocking; "dry humor"; "an ironic remark often conveys an intended meaning obliquely"; "an ironic novel"; "an ironical smile"; "with a wry Scottish wit" [syn: dry, ironic, wry]

Re:Cant Believe Vint Cerf is with MCI !

Maybe you have the emotional maturity of a teenager you FAT FUCK. Why dont ya call mommmy and tell her that I made you cry.

Let's make it more expensive.

[herbierobinson]

Let them know it's pretty lame to be making money on spammers when spammers are costing other companies billions.

hostmaster@mci.com

1-800-465-7187

1-800-264-1000

Fomery MCI Employee

[under_clocker]

I used to work for MCI are we talking about this mci?

Re:Fomery MCI Employee

No, we're talking about Miniscule Cock Incorporated.

Re: STOP MISUSING APOSTROPHES

Totally off-topic, I know, but English is full of exceptions to the rule, and since you seem so earnest on the subject, I have a few suggestions for inclusion in your guide to the apostrophe.

The following text is taken from Conventions & Choices -- A Brief Book of Style and Usage by Stephen Merriam Foley of Brown University and Joseph Wayne Gordon of Yale University (1986 D.C. Heath and Company), p. 140:

No apostrophe is used in possessive pronouns: its, hers, his, ours, yours, theirs.

The plural of some compound words and phrases requires an apostrophe, especially when the last element of the compound is not a noun: thank-you's, chin-up's.

The apostrophe should also be used to indicate plural forms of symbols, abbreviations, characters, and numerals: &Delta;'s, r.p.m.'s, p's and q's, counting by 5's; during the '60s. Note that the style used by many publishers drops the apostrophe both before and after the numerals denoting a decade: the 60s, the 1960s.

Getting rid of the spammers is easy

[Skapare]

Getting rid of the spammers is easy. First, we shoot all the lawyers.

The work of one lone gun man inside MCI maze

[Dark+Coder]

Apparently, from what I've gathered from laid-off MCI/Worldcom employees, this may be the work of a lone mid-level manager try to boost his bottom line and impress his local vice president.

MCI CEO and board members... Try moving your lip and ennunicating your voice clearly by following the Donald Trump and "The Apprentice"...

"You're fired!"

How much do those spammers COST them?

[billstewart]

I'm actually surprised that all they're making from spammers is $5M, but if the direct amounts are that small, great. But how much does that spam itself cost them? It increases the load on their mail servers, an costs a lot of money in the spam filtering they need to do for their customers and for their company's internal email systems, sysadmin time, and lawyer time. While spam is a huge fraction of email traffic, it's not a huge fraction of total bits transmitted on a typical big ISP's network, because web surfing is a lot bigger (and Bittorrent is about 35%, and other P2P file-sharing is pretty bit too.) But they probably are making some extra money from customers buying bigger pipes to carry the spam they're receiving.

One difficulty with being a really big ISP is that you don't have simple centralized decisionmaking. You have a whole lot of sales people who get commissions for selling services to different geographical territories and market-segments, and your sales person who sells to the under-$100K/year market in Northern Louisiana is typically going to sell people T1s first and *then* discover that they're spammers rather than the other way around - at most he's going to have done a credit report on the customer to decide if they can pay their bills. Sure, there are contracts that say that customers aren't allowed to spam, but it takes a while to figure that out, especially if the customer does business as Billy-Bob's Bait Shop rather than Spammers-R-Us.