MCI should cut off spammers

It's not our fault that our customers' customers are spammers, says MCI. Sadly for MCI its argument has as much substance to it as tinned pork

Who has the power to shut off spam? No one can flick a switch to stop all the bulk mailers, but one US-based telco could certainly do more.

Last week anti-spam campaigner Spamhaus launched a series of allegations against Internet service provider MCI, claiming it effectively harbours spammers by leasing bandwidth to an ISP that hosts the Website that sells the Send-Safe spamming software. This behaviour, said Spamhaus, makes MCI responsible as it is facilitating the sale of a tool that is increasing spam levels.

MCI denies these claims, saying that the Web site is hosted by one of its customers and that it doesn't like to interfere with the content of customers' Web sites. In other words, MCI said "yes, we control the pipes through which this spamming tool is sold, but we won't flick the switch to stop Send-Safe being distributed". Thank you MCI: everyone must love you.

AOL has confirmed the new waves of spam. Anti-spam company MessageLabs has confirmed that Send-Safe enables spammers to re-route spam through ISP mail servers. Millions of compromised machines (zombies) hit by mass-mailing worms Sober, MyDoom and Sobig can be targeted and ordered to direct spam in different ways. This provides spammers with fresh lists of compromised proxies every day.

Spamhaus has also said that waves of virus attacks tend to correspond with the release of updated versions of Send-Safe -- and it believes this is not just a coincidence.

Although MCI insists it is not doing anything illegal (something that Virginia attorneys are currently investigating), it is failing to behave responsibly. On Friday, the London Internet Exchange (LINX) promised to snub the ISP responsible for hosting Send-Safe. It will be interesting to see what will happen on the other side of the Atlantic, as MCI owns the US equivalent of LINX, but whatever happens we are starting to see large organisations attack MCI for failing to act -- and this has to be a good sign for the future.

So while it may not be directly hosting Send-Safe, it certainly has the power to turn it off. Go on MCI, push the button.