ISP software tracks down spammers
Shivers, a system administrator for Aristotle Internet Access, an Internet service provider in Little Rock, Ark., with fewer than 20,000 customers, was unsure on an hourly basis whether the ISP's servers could handle the amount of spam hitting subscribers' accounts. The volume threatened not only the e-mail servers, but the filters the ISP had originally set up to fight the spam influx.
"I had three filtering servers and we were still getting killed," said Shivers, who estimated he would spend two-thirds of his working hours handling the spam problem. "It was like a denial-of-service attack. The spammers would just eat whatever bandwidth I could provide."
The tide turned in Aristotle's spam fight one month ago when the company became the beta tester for SpamSquelcher, new software from the ePrivacy Group that analyzes incoming mail and, in a technique known as "traffic shaping," targets broadband connections serving as great riverbeds for spam.
With SpamSquelcher installed, the ISP can dial down those connections to the bandwidth equivalent of a leaky faucet.
SpamSquelcher's beta, or test, period ends Monday. The product launches this week on a per e-mail account basis starting at $19,000.
The strength of SpamSquelcher--that it relies on random sampling of incoming e-mail and network analysis--is also its potential weakness. If legitimate e-mail is coming through connections that spammers have hijacked for their purposes, then that legitimate e-mail will also get squelched. The technique is reminiscent of "spam black lists," which lists servers known to send large amounts of the unwanted e-mail regardless of whether the server also sends legitimate e-mail.
But the ePrivacy Group, an antispam consultancy based in Philadelphia, insists that even the occasional squelching of innocent e-mail beats other filtering systems, which sometimes accidentally consign such messages to bulk mail folders where they might never be recovered, or to digital oblivion.
Instead, SpamSquelcher ultimately lets all of the e-mail through--even the spam. But once spammers realize their bulk mailing is taking hours and days to process, rather than minutes, they typically abandon the connection and leave the ISP alone.
Reader Resources Spam  ZDNet White Papers | ||||
It also aims to interrupt a vicious circle in which ISPs increase their bandwidth in order to cope with spam, only making the ISP a more attractive target to spammers.
"The beta site had recently doubled its total e-mail handling capacity, at a cost of about $30,000, but once the spammers saw they could make more connections, volumes increased until the systems were maxed out again," ePrivacy Group Chief Privacy Officer Ray Everett-Church wrote in an e-mail exchange describing the ISP's original spam problem.
With SpamSquelcher installed, Aristotle immediately went from using 99 percent of its processing power to using 40 percent, on average, Everett-Church said.
From a competitive standpoint, SpamSquelcher may have the awkward distinction of actually making life more difficult for its users' competitors.
"Due to the increased 'cost' in terms of time and bandwidth to spammers from being squelched, the beta site is seeing its first-ever decrease in total volume of spam attempting to get in," Everett-Church wrote. "Spammers are seeing that it is unproductive to waste time trying to deliver to the beta site, so they're moving on to other victims."
Shivers says Aristotle has benefited sufficiently that he's abandoned his midnight network inspections. The ISP is back to using two spam filters rather than three.
But the occasional innocent victim still gets squelched.
In one instance, an Aristotle.net subscriber whose e-mail was forwarded to him from his domain name host found his connection squelched because so much of his incoming mail was spam.
Still, Shivers recommends the software.
"A lot of small ISPs out there don't have the capacity to build 10 servers to filter spam, and they're in the same position I was in," Shivers said. "It basically shuts down your mail delivery system. And if you're not filtering at all these days, you're pretty much cooked."