NYTimes.com Article: Spammers Can Run but They Cant Hide
- This article from NYTimes.com
has been sent to you by ar109@....
An article about one of the groups that provide ISP's (Internet Service Providers) with the lists that they use to block spam - just think - maybe it is worse than what we get in our inboxes!
/-------------------- advertisement -----------------------\
FOR YOUR CONSIDERATION: IN AMERICA - IN THEATRES NOVEMBER 26
Fox Searchlight Pictures proudly presents IN AMERICA
directed by Academy Award(R) Nominee Jim Sheridan (My Left
Foot and In The Name of the Father). IN AMERICA stars Samantha
Morton, Paddy Considine and Djimon Hounsou. For more info:
Spammers Can Run but They Cant Hide
November 9, 2003
By SAUL HANSELL
TAGGS ISLAND, England
AS Steve Linford walks his German shepherd, Zen, across the
gangway from his houseboat into his prim little garden on
this small island in the Thames, he hardly looks like a man
in a battle over the future of cyberspace. He has a
salt-and-pepper beard and a twinkle in his blue eyes, but
the effect is more former hippie than Sean Connery.
After Zen gives a good bark at the ducks, the two return to
the boat, and Mr. Linford climbs a spiral staircase into a
sunny home office with nine computer screens piled on a
black desk. This is the unlikely command center for the
Spamhaus Project, one of the leading groups that is trying
to make the world safe from junk e-mail.
As a cause, stopping spam may not be as urgent as, say,
curing AIDS. Yet thousands of activists, of whom Mr.
Linford may be the most visible, have mobilized to fight
By some counts, spam is now as much as 80 percent of all
e-mail. It is a drag on human endeavor, in the sense that
people collectively spend billions of seconds each day
opening, puzzling over, complaining about and deleting
messages from charlatans and pornographers - and, yes,
legitimate if unloved marketers.
"E-mail is the most incredible communication vehicle
invented, and it is on the verge of being made useless,''
Mr. Linford said.
On the floor of Mr. Linford's houseboat office, near the
Hampton Court palace of Henry VIII, just south of London,
is a cube-shaped Apple computer that is the nerve center of
Spamhaus, controlling servers on five continents. In its
database are dossiers on the 200 most prolific spammers and
the addresses of the 8,000 computers they use to inundate
people with ads. Spamhaus makes the list available to
Internet service providers, which use the information to
weed spam from the e-mail boxes of 160 million users.
Those lists are compiled by Mr. Linford and 15 volunteers,
many of whom work for Internet service providers. Some
members of the group do detective work, tracking down the
spammers from telltale clues they leave in their e-mail.
Others assemble this evidence to try to persuade the
service providers to kick spammers off their networks. One
Spamhaus member, a Southern California woman who goes by
the online name "Shiksaa,'' chats online with the spammers,
pumping them for information and trying to pull them away
from the dark side.
"They are kind of like the X-men,'' said Matt Sergeant,
director of anti-spam technology at MessageLabs, an e-mail
security firm in Britain that works with Spamhaus. "Each
one has their specialist powers.''
Spamhaus plays up the comic-book theme a bit. The main
screen of its internal computer network is emblazoned with
Spider-Man's slogan: "With great power comes great
Not everyone sees Mr. Linford as a hero. Most of the
marketers that are his targets say they don't send spam;
they call Mr. Linford a vigilante. And the Internet
companies he pressures to stop doing business with spammers
say he sometimes pushes too hard. He is known to have
blocked the e-mail of Internet service executives he thinks
aren't kicking off spammers fast enough - a method that
often wins results, if not friends.
Yet Mr. Linford, 46, has earned the respect of most
Internet service providers - even those with whom he has
had run-ins - as the best source of information about
"Spamhaus is the only clearinghouse for information on the
spammers themselves, and for that it is invaluable," said
Laura Atkins, who runs Word to the Wise, an e-mail
consulting firm in San Carlos, Calif. "Any time one of my
clients has ended up on their list it is because someone
received mail they didn't ask for."
Mr. Linford has focused on making his list of spammers
reliable enough for big companies to trust. He publishes
his e-mail address and phone number and responds to
complaints that listings are incorrect.
That is in sharp contrast to other spam-blocking lists,
which are often run anonymously and, at times, recklessly.
Some block the mail of innocent Internet users to create
pressure on the Internet provider to kick off spammers.
For now, sending unsolicited e-mail isn't illegal in the
United States, but it has just been prohibited by the
European Union. Most Internet providers have policies that
ban spam from their networks; some providers have sued
spammers, contending that tactics used to avoid detection
Mr. Linford says he has intercepted chat-room conversations
between spammers and crackers, the name for malicious
hackers who write computer viruses and steal credit card
numbers. The spammers have been seeking ways to send their
messages to avoid the blocking systems created by Internet
"In the last six months, the cracker world has joined the
spammer world,'' Mr. Linford said.
Aided by crackers, the spammers have secretly infected and
taken control of thousands of computers around the world,
most of them owned by home users with high-speed Internet
These machines - called zombie drones - relay mail for
spammers and serve as hosts for the Web sites where people
are sent by spam, all without the computer owner's
Since last June, zombie drones have also been subjecting
Spamhaus to what is called a distributed denial-of-service
attack, perhaps the most virulent weapon in a hacker's
Tens of thousands of enemy machines have simultaneously
deluged Spamhaus's computers with so much meaningless data
that they can barely perform their intended missions.
Similar attacks have put several smaller anti-spam
organizations out of business.
This month, the crackers took the attack to a new level:
they released two computer viruses that have already spread
to hundreds of thousands of machines. The purpose was to
attack Spamhaus and two similar groups.
"For the spammers to actually manufacture and release a
worldwide virus specifically to attack you, you're probably
making quite some impact on them," Mr. Linford said.
HOW did Mr. Linford end up as an avenging angel of
Discouraged by the economic stagnation of England in the
1950's, Mr. Linford's parents moved to Rome, where his
father ran a factory that made industrial platinum. Steve
Linford dropped out of a college photography program,
bought a motor home, parked it on beaches and played his
guitar in coffee shops for money. He eventually met Ennio
Morricone, the legendary Italian film composer. (Mr.
Linford can be heard singing on the soundtrack for
"Copkiller," a 1983 Italian film starring Harvey Keitel.)
Mr. Linford later became a road manager for acts like Pink
Floyd and Michael Jackson when they toured Italy. As he saw
technology embrace music production, Mr. Linford became
enamored with computers. In 1986, he drove the motor home
back to London and started a company devoted to putting
musical tours online. It flopped, but he did start a Web
page design and hosting business, called Ultradesign
Internet. It was there that he had his first run-ins with
Mr. Linford's initial reaction to spam was similar to that
of countless others. Outraged, he asked the senders to
remove him - and his clients - from their lists. Getting no
response, he turned to the Internet providers. After he
failed to get results there, an activist was born.
Mr. Linford found the central meeting place for the
anti-spam activists - an Internet newsgroup that is called
Nanae, for news.admin
.net-abuse.email. Like many other news groups, Nanae
(pronounced nah-NAY) is a boisterous place, where
information about fighting spam is interposed with rather
pointed insults of spammers and their allies.
"Nanae is a very angry crowd," Mr. Linford said. "They
shout a lot because they feel powerless."
Mr. Linford, however, felt anything but powerless. In 1997,
he created a series of sophisticated Web sites with tools
to help spam fighters, databases of people selling software
for use in sending spam, and assistance for people who
wanted to write to an Internet service provider to complain
Because he owned an Internet company, Mr. Linford
encouraged activists to use far more moderate language,
without the typical threats and demands. In 1998, he
started what would become his main site: Spamhaus.org, a
clearinghouse for information on the organizations behind
most of the spam. Meanwhile, Paul Vixie, the pioneering
Internet software developer in Redwood City, Calif., had
formed the Mail Abuse Prevention Service, creator of the
Realtime Blackhole List. That was the first list to block
Internet addresses known as sources of spam. But that
effort became bogged down, both by lawsuits and internal
So Mr. Linford created his own list, the Spamhaus Block
List, devoted to addresses used by spammers. He says it is
used by Internet providers that serve 160 million e-mail
That count is impossible to verify. In the United States,
the list is not used by the biggest providers, like America
Online and Microsoft's Hotmail. But it is used by the next
tier of providers, including the Road Runner high-speed
service, from Time Warner, and the NetZero and Juno
services, from United Online. Smaller organizations that
cannot afford commercial anti-spam services also depend on
Spamhaus takes no money for its services, and the computers
it uses to host the service are donated. So far, Mr.
Linford has paid all of the direct costs, about $25,000 a
year, using money from Ultradesign, the company he still
owns and runs.
That will have to change, he acknowledged. He and some of
his volunteers have outstanding legal bills from defending
a lawsuit, now dismissed, brought by a group of Florida
e-mail marketers. He has asked the British government for a
grant, but has not received one. Whatever the source of
funds, he says he hopes that access to his services will
JUST as people talk about their ailments when they meet
doctors, people can't wait to show Steve Linford their
A visitor shows him one for "superviagra.'' Mr. Linford
ignores the return address, which the spammer made up. But
he looks closely at the address of the Web site being
advertised. Fingers flying, he looks up the site in the
"whois," the database that links domain names to Internet
protocol numbers, the unique address of each computer on
Mr. Linford then looks up the number in Spamhaus's block
Pay dirt. The site is operated by Chinanet Chongqing, one
of the regional state-owned Chinese Internet providers.
According to the block list, it is operated on behalf of
Alan Ralsky, an e-mail marketer in Bloomfield Hills, Mich.,
whom Spamhaus calls the world's No. 1 spammer.
Mr. Linford looks at a second e-mail message, this one for
mortgages. The same drill leads to an Internet site hosted
from Brazil. But again, the block list already knows about
"Ah, Ralsky again,'' Mr. Linford said.
On its Register of Known Spam Operations, or Rokso,
Spamhaus describes Mr. Ralsky as "one of the bigger spam
houses on the Internet with a gang of fellow morally
challenged types working with him." The files include state
records of Ralsky's run-ins with the law, newspaper
articles about him, and long lists of aliases and Web sites
he supposedly has used.
Mr. Ralsky, in a telephone interview last week, said of Mr.
Linford: "He is so far off base on me he has no clue.'' Mr.
Ralsky said he sold travel and other products but did not
handle "super Viagra.''
I don't see where he's coming from,'' Mr. Ralsky added.
"All we are doing is selling products. I don't understand
why I don't have the right to make a living.''
Mr. Linford, of course, disputes this, saying that his
investigators have traced the Internet domains used in
these spam messages to companies controlled by Mr. Ralsky.
At its peak last year, the Spamhaus Block List was
catching as much as half of the spam at many of the
providers that used it, according to Mr. Linford and
Internet services. But its effectiveness has fallen sharply
as spammers use zombie drones and other techniques to hide
their tracks. Many Internet providers now say the list is
catching less than 10 percent of the spam. But there are
other block lists, focusing on identifying purloined
computers, that are now much more effective in keeping spam
out of inboxes.
Eliminating these zombie drones has become a major headache
for providers of high-speed Internet service. They must
call users, explain that their computers have been secretly
invaded and talk them through the extensive steps required
to remove the problem.
Even though Mr. Linford's block list is faltering, his
database of spammers remains a potent force in the fight
against spam. Many Internet service providers still check
regularly with Rokso to vet potential customers before they
open accounts. And they monitor the block list to see which
spammers have appeared on their networks.
Mr. Linford said some of the big American service
providers, like Qwest and Sprint, now respond quickly to
cut off spammers named by Spamhaus. Others take more
persuading. For example, Spamhaus complained for months to
Cogent Communications that Eddy Marin, one of the perennial
top spammers in Rokso, was using its network. Cogent
finally cut off Mr. Marin's account late last month. A
spokesman for Mr. Marin said Cogent's action was not
As for Cogent, Michael Hammons, the company's senior
director for operations, said Spamhaus often pressed it to
cut off customers based on what he saw as flimsy evidence.
"I'm concerned that we should find customers guilty by
association or alleged association," he said. "They may
give us a warning to say you will have problems with this
customer, but we can't do anything until we actually do
Mr. Hammons added that Cogent found the information from
Spamhaus to be more credible than that from any other
NOW, Spamhaus is trying to win over Internet providers
around the world, especially in China, which has become the
headquarters of choice for many spammers. Spamhaus has
blocked the corporate e-mail of Chinanet-Shanghai, one of
several state-owned Internet providers. In response, the
company created a department to look for spammers.
"We don't like to see that we are blacklisted," wrote Lin
Chen, an administrator at Chinanet-Shanghai, in an e-mail
interview. He called the blocking actions of anti-spam
groups "functional and effective." Spamhaus, he wrote,
promptly removed the block when the spammers were cut off.
Despite efforts by Spamhaus and others, the volume of spam
appears to be increasing. Spamhaus's campaign is futile,
said Scott Richter, president of OptinRealBig, an e-mail
marketing company in Westminster, Colo., which is on the
"All they are doing is making the problem 10 times worse,''
said Mr. Richter, who says he sends e-mail messages that
are requested, not spam. "The spammers are learning to do
stuff that can't be caught. If they get kicked off a
Chinese I.S.P. they open the next day at a Korean one, who
never had a way to get that sort of customer before.''
Mr. Linford said he believed that spammers could be
contained, if not eliminated. A tough new anti-spam law in
Europe will help, he said. The proposed Can-Spam act in the
United States, he said, is not tough enough, but he figures
that when it fails to work, Congress will have to make a
stronger law. But Mr. Linford gloomily predicts that
spammers will simply move more of their operations to Asia
and Latin America.
As for Mr. Linford, he plans to move his home, business and
Spamhaus to a 70-foot yacht that will travel, cove to cove,
across the Adriatic.
But spammers had better not relax. With superfast satellite
connections, he plans to hunt them down from the high seas.
Get Home Delivery of The New York Times Newspaper. Imagine
reading The New York Times any time & anywhere you like!
Leisurely catch up on events & expand your horizons. Enjoy
now for 50% off Home Delivery! Click here:
HOW TO ADVERTISE
For information on advertising in e-mail newsletters
or other creative advertising opportunities with The
New York Times on the Web, please contact
onlinesales@... or visit our online media
kit at http://www.nytimes.com/adinfo
For general information about NYTimes.com, write to
Copyright 2003 The New York Times Company