By Dan Ilett, 25 May 2005 20:15
NEWS
International trade associations are urging internet service providers (ISPs) to stamp out networks of computers used for sending junk email.
Members of the London Action Plan (LAP), which include the UK Office of Fair Trading, the US Federal Trade Commission (FTC) and government agencies in 18 other countries, have launched Operation Spam Zombies - a campaign to make ISPs quarantine customer computers used to send spam.
Zombie networks are made up of thousands of virus-infected computers typically controlled by hackers for illegal activity, such as spamming. By routing emails through zombie computers, spammers are able to hide the origin of junk mail and make it more difficult for law enforcement to find them.
LAP will send letters to 3,000 ISPs around the world asking them to limit the amount of spam sent from a network and help customers to disinfect computers suspected of sending spam.
The FTC said some ISPs have already put similar measures in place but the campaign would force the rest to follow.
Don Blumenthal, internet lab co-ordinator at the Bureau of Consumer Protection for the FTC, said: "We're hoping that the added weight will be the incentive that's needed. We deliberately tried to avoid costing them a lot so some of the measures we suggest are [cheap] to implement. But the structure of some ISPs will get in the way of the recommendations."
The FTC said it would also like to identify spam networks and the providers that allow them to operate.
Steve Linford, director of anti-spam group SpamHaus, said: "We're all for this. [ISPs] will listen a bit more. Up until now it's just been us but now governments are noticing that ISPs are not cleaning up.
"The only problem is that all this costs money but there are some very responsible [ISPs] out there. We've already got a database we'll be handing over to them. But who knows what will happen after that?"
Comments
There are 3 comments. Join the discussion
1. chris worley
The quick fix is to uninstall windows and use linux.
2. anonymous
Bravo for Steve Linford in this and in all he's done to date. Still, crushing spam zombies isn't adequate, just as securing open relays wasn't adequate (and as very clearly stated in RFC 2505, "Anti-Spam Recommendations for SMTP MTAs": "The Non-Relay rules are not in themselves enough to stop spam.".)
Spammers have moved from one abuse pathway to another to another. Crush the zombies and they'll do it again (plus it will take a long, long time to crush the zombies. Even the open relays aren't really secured at this time - most spammers just moved on to something else.) It's high volume abuse, it's internet traffic made up of packets, the spammer has to somehow communicate with the zombie, somehow set it up. ISPs need to put more effort into using the zombies (or fake zombies) to trace the abuse back to the spammer.
3. anonymous
Why not attack the people who benefit from Spam rather than the victims.
Businesses who advertise by means of Spam should be made to pay for the damage done to ISPs and their customers. Spammer’s intentions aside, the banks MasterCard Visa (et-al) all make profits from the end sale of the goods, so they must also be people to discuss the problem with.