ISPs are battling rogue spammers lurking in the back alleys and hidden corners of their networks. As the fighting heats up, more and more legitimate e-mail is getting blocked along with the junk.
"It's a guerrilla war that has been escalating for years," said Ray Everett Church, a spokesman for Coalition Against Unsolicited Commercial E-mail (CAUCE).
"ISPs are having to go to greater and greater lengths to keep their networks safe, and there is a collateral damage to legitimate mail that suddenly can't get through."
For example, for the past several weeks, some Mindspring customers trying to send e-mail to an @home address had their messages returned with an error message saying "user unknown."
The reason is that Excite@home had blocked all messages coming from one of Mindspring's e-mail servers that @home engineers had identified as a source of spam, according to Estela Mendoza, a spokeswoman for @home. When their inquiries to Mindspring went unanswered, they just shut down all traffic -- legitimate mail included -- from that server, Mendoza said.
Mindspring, which is now part of Earthlink, claims it checked the server in question, but didn’t find any problem with it. A few hours after a Wired News reporter had called both companies asking about the problem, @home removed the block.
This kind of thing happens all the time, experts say. Typically, the spam hole can be blocked in a matter of hours. But if ISPs don't communicate well, or one fails to respond to another's complaint, the blocks can go on for weeks, as in this case. When they do, some legitimate e-mail can easily get caught in the trap.
"ISPs block each other constantly," antispam crusader Tom Geller said. They have to constantly monitor for spam clogging up their servers, and try to figure ways to stop it, he said.
Just last week, @home was on the other side of the equation. Peter Lalor, who runs a small ISP in California called Infoasis, said he was forced to shut down all traffic from @home due to a flood of spam coming over @home servers.
"They have a lot of big fat servers and they can pump a lot of junk at us," Lalor said. When @home didn't respond to his complaints, he was forced to shut off the pipeline, even though he knew it could block a lot legitimate e-mail from reaching his subscribers.
"It's a last resort you use when they're not responsive," Lalor said. He had @home servers blocked for almost a week before they plugged the hole and he could turn them back on.
Besides their own monitoring, many ISPs consult something called the Real Time Black Hole List. Commonly known as the RBL, this constantly changing list of IP addresses known as sources of spam is maintained by a nonprofit organization called MAPS.
It's difficult to measure just how much legitimate mail is getting blocked. The problem is still relatively small, but it's growing, experts say.
"The percentage of non-spam mail that gets bounced is small," Margie Arbon of MAPS said. "The filters are pretty accurate. But I think it is getting more common for ISPs to take action to control what is getting on to their networks."
It's not that ISPs want to be part of the problem, but it's difficult to avoid. Spammers are constantly scouring ISP networks for a hole they surreptitiously can pour mail through called an "open relay." Any server connected to an ISP that has an e-mail server program on it is a potential target.
"An open relay is a mail server that accepts mail from anyone and sends it anywhere," Lalor said. Server owners may not even know their computer arrived with an e-mail program on it, much less that its default is set to "open relay."
Once spammers locate an open relay, they can use the machine to send millions of annoying messages. It's like finding an unlocked postal truck and tossing bags of junk mail in the back, postage-free.
Then it becomes the ISP's problem. They have to find the hole and plug it. If they don't find it in time, they may face a wave of complaints from other ISPs demanding that the spamming stop. And some may choose to protect their networks by blocking everything until the hole is plugged.
The block by @home of the Mindspring server was a mistake, according to Earthlink spokeswoman Carla Shaw. It was not an open relay, she said, insisting that Earthlink engineers plug spam holes as soon as they open.
"We hate spam!" she said.
