Spam Drops Worldwide after California Host Firm Loses Access

I hope they rot in prison for a long time.

Thats why I was wondering why I was getting so much less spam since in last few days. Now I know the answer. ;-)

1 firm... 75% less
jesus.
i would never have thought that so much goes through one host
hard to believe actually
and yeah... they better rot in prison

Only 2 messages in my quarentine summary this morning. I was wondering why.

I would never have thought that so much goes through one host.

I wouldn't think so either. And, in California no less. You would expect these types of servers to be offshore where they could be easily hidden. Apparently they've done a pretty good job of hiding them here in California for the past few years.

I would imagine there are quite a few people scrambling right now to set up operations elsewhere. While there may be a slight break in email spam, it won't be long before another resource fills the void. That is how I understand the system to work. ;)

I'm not sure if they'll even face a judge.

Also unclear is the extent to which McColo could be held legally responsible for the activities of the clients for whom it provides hosting services. There is no evidence that McColo has been charged with any crime, and these activities may not violate the law. ... Web hosting providers are generally not liable for illegal activity carried out on their networks, except in cases involving copyright violations and child...

(The forum seems to filter the last word and I'm not sure if posting it would get me in trouble, so I'll leave it out)

I'd guess that McColo will give out the information the authorities want, get a slap on the fingers and resume their activities under different name. If McColo people do get some jail-time, this might deter other service providers from protecting their criminal clients.
Still, I'd rather see the criminal clients brought to justice, but this probably isn't that easy.

now if someone would point that big stick at SoftLayer next, we'd be Peachy and Dandy .....

Why softlayer?

Good result!

Just seen BBC item mentioning spammers can make money from 1 response in 12.5 million emails.

If one company was responsible for 75% of spam why has it taken so long to shut them down?

This REALLY doesn't make sense to me... I've always been told by industry experts the bulk of spam was from "zombie" computers in the US / UK / other local "target regions" where these unwilling average home pcs became little mail servers to pump out spam with fresh ips. I also though the second largest sources of spam were mail servers for china, brazil, russia, etc. that didn't care about spam laws... the next thing they should do is require registrars to give free email masking. For example I don't want private registration for my business because I think it looks shady if a legit person is trying to confirm who you are and where you are located but I don't want my email wide open to spammers...

Our spam email has dropped so much in the past 2 days that I was beginning to wonder if there was something wrong with our email accounts.

Went from roughly 100 per day to less than 30.

-- -Why softlayer? -

First host that comes to mind who's customers/hacked-servers-whatever constantly pounding several fake forums/guestbooks that were setup to capture ip addresses of comment spammers leading to exploited sites elsewhere, that's why.

> I've always been told by industry experts the bulk of spam was from "zombie" computers in the US / UK / other local "target regions" where these unwilling average home pcs became little mail servers to pump out spam with fresh ips.

True, many of the senders are zombie machines, but they do not receive the replies. The servers for the actual "sales" sites must be located where they can be administered by the spammer.

Jim

---True, many of the senders are zombie machines, but they do not receive the replies. The servers for the actual "sales" sites must be located where they can be administered by the spammer.

So, because the spammers can't get the web traffic, they stop sending out the spams? I think that gives them a little too much credit. Half the spams I receive don't even have links, or the links don't work.

Look for "Web beacons" -- often seen as 1x1 transparent .gif images embedded in HTML e-mails. When you see these in a message without a reply address, it indicates that the purpose was simply to confirm that the e-mail address is valid and that someone is reading it; When your browser or e-mail client loads such a page, it will request the embedded image from the spammer's server, thus confirming that you read the message, and likely carrying your e-mail address identifier in the image URL or as an attached query string parameter.

This is why many e-mail providers supply an option to "suppress image display" until you've checked the message and found it to be legitimate.

I don't give a lot of credit to individual spammers, but this is big business and there are relatively-sophisticated off-the-shelf turnkey spamming solutions readily available.

Jim

-- -Why softlayer? -

First host that comes to mind who's customers/hacked-servers-whatever constantly pounding several fake forums/guestbooks that were setup to capture ip addresses of comment spammers leading to exploited sites elsewhere, that's why.

Is there any evidence that its sill happening there, the reason I ask is that I'm sure were not the only company there with servers running legitimate sites not involved in these types of activities at softlayer, also your post insinuated that shutting down softlayer would take care of the rest. From what I've read today these people operate out of many of the larger web hosting companies.

This is useless because they didn't follow the money.
Without taking away their profit, they will just find other providers.

Sure, we'll have a little less spam for a week, maybe two, but they will certainly be back.

If you look at the live Spamcop readout, you will see that world spam appears to have picked again as presumably the spammers are using other servers

[spamcop.net...]

Here in Italy, I keep getting the same amount of crap.
I suppose they route from Asia.

My spam rate also went to do ALOT in the last few days, I thought there was a problem somewhere. But this morning I again started getting spam...maybe those clients have moved elsewhere. That was sure quick!

> This is useless because they didn't follow the money.
> Without taking away their profit, they will just find other providers.

Perhaps they *are* following the money, but the disconnection of individual spammers isn't quite big news, and legal cases take time to prepare, and thus aren't "news" yet.

Also, this is the second colo that has been disconnected recently. Others can now see that hosting spammers is getting to be dangerous: It's very expensive to run a datacenter if you have no internet connectivity. So, availability of hosts will go down and prices will go up.

It is at least a little progress in the right direction.

BTW, this graph shows the effect more clearly, as it is a weekly view: [spamcop.net...]

Jim

Seeing that weekly view and then changing it to spammonth gives a much clearer picture of the volume. That is pretty drastic. It will be interesting to watch over the next week or so.

[spamcop.net...]
[spamcop.net...]

^ Looks like spam is way up from this time last year.

I'll bet that by end of November it's back to nearly the same levels again.

This is like flipping over a rock and all the bugs scatter.

Now you have to find the dozens of other rocks they've all gone to hide under.

Law enforcement should have used an undercover operation and let them run a little longer without them knowing they were being observed and get them for interstate mail fraud or something like that.

hey... leave the spammers alone. without them we wouldnt have anything to bi**h about in our email in boxes... all of our mail would be just plain old boring legitimate mail from people we know...wheres the fun in that...

me and Viagra... oh we had some good times. All of those hot ladies that wanted to meet me locally...i will miss you.

The National Dignitary Departments that had all of those million dollars waiting for me... ill give you my social security number soon.. promise...

To the pharmacy who wanted to extend my manlyness.... and excite my wife like never before... sorry my credit card was declined...!

And, in California no less.

Yeah this really surprised me too. I would have expected the majority of SPAM to be sent from Russia et al. I suppose that's why it has taken so long for anyone to get around to shutting down this California company.

As far as whether or not they've broken any laws... They have undoubtedly been contacted countless times with spam complaints about their hosted servers but have ignored them. If they were not "bulletproof" to some degree they would not have attracted all the spammer business to begin with.

So perhaps there isn't a specific law that is being broken but it seems likely a lawsuit would succeed.

I've always been told by industry experts the bulk of spam was from "zombie" computers

Industry experts love to tell people things :-)

True, many of the senders are zombie machines, but they do not receive the replies. The servers for the actual "sales" sites must be located where they can be administered by the spammer.

No offense meant but, if you stop and think about it, that it makes no sense. For a 75% drop in spam overnight it had to be the servers that were actually sending the spam that went down.

It also follows that of the remaining 25%, only a small percentage comes from zombies.

Which makes sense as you can send a lot more email, more reliably from a few disposable dedicated servers then you can from a zombie network. Also these days it's cheaper to rent servers than it is to rent zombie networks.

Is there any evidence that its sill happening there, the reason I ask is that I'm sure were not the only company there with servers running legitimate sites not involved in these types of activities at softlayer, also your post insinuated that shutting down softlayer would take care of the rest. From what I've read today these people operate out of many of the larger web hosting companies.

Agreed. Softlayer is the best hosting company I've dealt with in my 8 years of hosting. I generally don't give Kudo's out, its not my nature, but I got to tell you Softlayer has their act together.

If you have evidence that spam is originating from Softlayer, just tell them. I do not think they will let it go on for long.

The author generated a MindMap file of all the various domains hosted on McColo. Its incredible how much unsavory content this business hosted:

[voices.washingtonpost.com...]

> For a 75% drop in spam overnight it had to be the
> servers that were actually sending the spam that went down.

Not really. Zombie computers still need to receive commands from another computer. These servers are temporarily unavailable, but once the spammers set up elsehwere, it'll be business as usual. That is, of course, if the trojan coder anticipated this type of scenario.