Go to the Globe and Mail homepage

Jump to main navigationJump to main content

Adventures in spamming Add to ...

Some time ago, e-mail my family sent to cousin Vladimir, who teaches math at San Jose State University, bounced.

We got a message saying it was because we were using our Sympatico account, and Sympatico's e-mail servers appear on lists maintained by the Distributed Server Boycott List (DSBL.org), SJSU's anti-spam service.

Cousin Vlad alerted SJSU's IT department that their system was losing e-mail from Canada's largest ISP. SJSU's IT people weren't particularly devastated, and told him to take it up with DSBL.

For its part, DSBL.org said it would take Sympatico off its list after Bell reconfigured its e-mail server so that it can no longer be used either as a source of spam or as a "multihop" server, meaning one used by spammers to relay messages from yet another server, a method of covering their tracks.

But Sympatico then told me the offending server had been fixed much earlier, and the service had obviously not updated its block list - which, by the way, has become the politically correct form of saying on-line "black list."

So we started sending our personal e-mail to Vlad's home address - a simple workaround.

Then the other day reader Michael J. Doran wrote a note to say that e-mail sent by his father, a Sympatico subscriber, to various e-mail lists to which he subscribed was rejected because Sympatico was still block-listed by an anti-spam service. The same one, in fact, used by SJSU.

Mr. Doran then passed along three e-mail notes, all explaining DSBL.org rejections.

Investigative help from Paul Chvostek, an independent Toronto Internet service provider (www.it.ca) who has had to block Sympatico servers himself in the past, revealed a few interesting details about Sympatico and its servers.

It's a textbook case illustrating the complexities involved for large on-line companies offering everything from Internet access to Web-hosting services. If the right hand doesn't pay close attention to what the left is doing, business activities and policies in one area can have an unexpected impact on other divisions - and their customers.

Mr. Chvostek's last confrontation with Sympatico had been a little more than a month earlier, when his own e-mail servers were being hammered "with everything from porn to make-money-fast scams," all originating from Sympatico server addresses, he said.

There are about 30 organizations that offer anti-spam services, he told me, but the two most popular are DSBL and the Spam Prevention Early Warning System (SPEWS.org). The first blocks e-mail from servers usable by spammers; the second blocks e-mail from servers that actually host spammers. Sympatico is on both.

Sympatico a host for spammers?

Sympatico's servers - the one called tomts20.bellnexxia.net seems to be the centre of the fuss, and is the primary address for a network of servers - can be run through the search engine at OPENRBL.org, a clearinghouse for blocklisted servers. It showed that tomts20.bellnexxia.net appeared on 11 such lists, including both DSBL and SPEWS.

Mr. Chvostek examined the posted logs at DSBL, which listed test messages sent by DSBL.org to Sympatico servers, which showed "multistage SMTP relay traffic," meaning Sympatico was taking e-mail from other servers and passing it on; the last reported incident was on May 24. It also showed HTTP relay traffic, which means either Sympatico was allowing e-mail relay via HTTP, a browser-based system, or it was forwarding mail from Bell customers who are vulnerable in this way. Sympatico tested positive for HTTP relaying as recently as June 5, according to DSBL.org.

The logs showed that every couple of months since the spring of 2002, Bell has been asking DSBL to remove Sympatico from the list. According to DSBL policy, the servers have been removed from the list each time a request was made, and then added back almost immediately after automated test messages reported the servers had not been reconfigured to stop spam.

The SPEWS listing, however, bluntly reported that Sympatico hosted Pythonvideo.com, a porn company and spammer.

Mr. Chvostek suggested an explanation: "That particular listing appears to be a legacy one," he explained. "Pythonvideo.com is a Toronto company that publishes porn, and they used to be a Bell customer. It appears that when they ceased to be, Bell neglected to 'clean' the IP addresses that Python had been using. … It's one of the lesser understood costs of spam."

His conclusion: "In the past, [Bell and Sympatico]have demonstrated tolerance of spammers and apathy regarding the problems, so I suspect they may simply not care, and customers who have problems will eventually give up, either assuming the problem is irresolvable, or switching to an ISP with a more responsible attitude."

I contacted Sympatico on June 10 about the issue, and while they couldn't confirm Mr. Chvostek's hypothesis, they promised to look into it. The DSBL log showed that on June 10 and 11, Bell Canada again sent requests to remove its servers from the list; on June 11, DSBL and SPEWS took tomts20.bellnexxia.net off its lists, and seven other services dropped it as well.

But by June 14, tomts20.bellnexxia.net was back on the DSBL and SPEWS lists, and was still listed on June 16. The server was still testing positive for relay and muiltihop spam. And SPEWS still blamed Pythonvideo.com and another company, called Webfinity/Dynamic Pipe, owned by Able-One Systems Inc., with offices in Kitchener, Ont. Further research into those companies revealed that The Spamhaus Project, another anti-spam service, has listed nine Webfinity spam infractions over the past four months, including an attempt on Feb. 7 to e-mail-bomb Spamhaus.org, an attack originating from Bell Canada servers.

The problem is not that large - yet. The anti-spam services blocking Sympatico are still not wildly popular, and few enough Sympatico subscribers are being inconvenienced for Sympatico to do much about it.

But the spam situation is getting worse, and services such as DSBL, SPEWS and Spamhaus are using simple but effective technology that may become a standard. With the growing backlash against spam, it's a lesson other on-line service providers would best heed.

And when the industry works out anti-spam standards, Mr. Chvostek said, "Bell will have to clean up its act."

 

In the know

Most popular videos »

Highlights

More from The Globe and Mail

Most popular