Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
/

Four days in spam hell

Canadian ISP executive recounts frustrating and costly experience of being victimized by mysterious spammer.

Today's breaking news
Send to a friendFeedback

Advertisement:
Today's breaking news
Send to a friendFeedback

Advertisement:

By Paul McNamara
Network World, 3/30/98

Toronto - Ray King's nightmarish tale of a four-day fight with a run-amok spammer could have been penned by Stephen King.

As president of ShockMedia, a small Toronto-based Web development company and Internet service provider, Ray King emerged from the battle hopping mad and eager to enlist in the growing army of antispam activists. Besides contacting the FBI and the Royal Canadian Mounted Police, King sent the spammer's Florida Internet service provider, which he claims did virtually nothing to stop the assault, an attention-grabbing bill for $225,000.

What follows is taken from an interview with King and excerpts from a fuller account of the incident posted by King at www.infoweb.com.

Thursday, March 5

"We figure the spamming started about noon [after] our servers started being hit with a tremendous amount of stress," King said. Someone who identified himself as George Hughes, of Pembroke Pines, Fla., had appropriated a ShockMedia-owned domain name, infoweb.com, as the fraudulent return address of a bulk e-mailing that touted a marketing scheme. (The spammer's identity was never authenticated by King or Network World.)

An hour later the company's servers experienced a series of crippling service denials, which King now believes may either have been related to the spam, the effects of a widespread Teardrop2 virus attack against Microsoft NT servers, or both.

At 5:30 p.m., ShockMedia fielded what would be the first of some 96,000 bounced e-mails and angry replies from spam recipients who presumed King's company was the sender.

Figuring that bounced messages represent only about 10% of what was actually generated, King said, "that's a million pieces of mail that got sent out by this guy before the ISP stopped it."

From that initial forwarded copy of the spam, King ascertained that the real culprit was using a Florida-based ISP named Netrox, Inc.

He called Netrox and asked a technician to pull the plug on the spammer, or, at the very least, to provide King with a way to contact the person. The technician said he couldn't give out any information about a client without a court order and told King to e-mail details about the problem to the ISP.

King said he immediately complied.

"The mails continued until 11:30 p.m., when I decided to turn the server off," King said. "This stopped it . . . for now."

Friday, March 6

After tending to other matters in the morning, King restarted the mail server at midday. The server immediately raced to heavy stress levels and indicated that all of its resources were being occupied receiving e-mail - bounced spam and flames.

King e-mailed another plea for help to Netrox at 12:32 p.m.

"I again asked that they cooperate in this matter and take appropriate actions to stop the assault," he said. "I again reminded them of [the possible] legal ramifications and asked them to get in touch with their client and then give me a response of some sort. I received no reply."

King also tried to stem the flow by changing the server domain name to a fictitious one, but the ruse failed to help.

He then turned to the antispam newsgroup news.admin. net-abuse.email for assistance and was advised to contact the FBI, which in turn suggested he try the Canadian authorities. The latter promised to investigate once King provided backup information, which he subsequently has done.

At 4 p.m., with no letup discernible, King called Netrox again, only to be told to send headers of the e-mail that was "bothering" him. He complied.

An hour later, "after realizing that the mail server was almost out of disk space," King said he removed the server "completely from the drive to get disk space back and let the computer take a break."

"The assault was finally over - or so I thought," he said.

Saturday, March 7

A new day and a new idea: King decided to set up a mail server on a fresh machine to accept mail from info@infoweb.com. His goal was to accumulate a batch of bounced spam he could later use as "proof" in the legal actions he was now determined to pursue.

"I got the new mail server running at about 6 p.m.," King said. "Thinking that the people from Netrox had surely stopped the guy by now, I thought that once I got [the new server] running there would be peace and quiet."

It turns out he thought wrong.

Over the next 12 hours the server sucked up 270M bytes of returned messages, "all addressed to info@infoweb.com and usually originating from a PPP connection at Netrox," King said.

King fashioned another e-mail to Netrox, this time informing the ISP that he would be charging it a $25 per message usage fee "for the resources they were consuming" by failing to stop the spammer.

"I told [Netrox] 48 hours earlier that this was going on and [the ISP] took absolutely no measures to even contact the [spammer] or let me know what was going on," King said.

He watched the mail pile up all night long before nodding off at 6 a.m.

Sunday, March 8

King finally received an e-mail reply at 8:22 a.m. from a Netrox official named David Marcus, which read: "We don't support spammers. This matter will be handled. I apologize for this annoyance. We won't even mass mail for our own purposes, so I can assure you that we will not put up with it from others."

Marcus last week told Network World that he "didn't know the specific user" who had misused King's domain name.

"There were two spam users that we axed recently," he added. "It's hard to be pre-emptive with that, but anytime anybody does do spam we ax them from the system."

The flow of spam did ease up on this evening, but King noted in his online chronology that mail related to the spamming "keeps coming through."

A week later and still steamed, King said: "We've got to stop this kind of stuff before it overwhelms the whole Internet."

King fears that there may be long-term damage to his company's reputation as a result of the episode.

"We think infoweb is a tremendously powerful name," he said. "And the future long-term value of that name may be impacted by the fact that people might think we are a bunch of spammers."

RELATED LINKS

Contact Senior Writer Paul McNamara

Ray King's complete spam account

What is spam?
Our online forum on the topic; see how others have answered the questions.

Coming soon: A spam ban in a can
Also has additional spam resources.

news.admin .net-abuse.email
Usenet newsgroup.

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.