After analyzing an overload of email that hobbled its email service last month, Pacific Bell Internet Services concluded that several large coinciding spams were to blame. Though not coordinated or especially unique as spam goes, the timing and size of the bulk emails were able to score a direct hit on the ISP's mail servers.
"The sizes of the spams were all different, but they were fairly large, and they hit at more or less the same time," said Ruben Cota, Pacific Bell's Internet vice president.
In mid-March, Pacific Bell Internet Services saw an unprecedented load of spam over the course of four days, causing heavy, sporadic disruptions of email service to its more than 175,000 California customers.
While there's nothing unusual about large amounts of spam flying around, its scope was notable in this case, said J.D. Falk, board member of The Coalition Against Unsolicited Commercial Email.
"It's actually happened before, but usually to smaller ISPs," he said. "I haven't heard of it happening to somebody this big, who we would usually assume to have the infrastructure to handle it."
Cota, explaining the incident, said the two largest spams originated from two ISPs, CompuServe -- purchased last year by America Online -- and AT&T WorldNet.
Not surprising, said Falk. "Those seem to be the most popular with spammers right now, because they're both kind of slow in canceling accounts of [abusers]."
Also, Cota said, both spams were sent directly from end-user computers rather than the ISPs' regular mail servers. After dialing in, the spammers use local mail server software on their own PCs to launch their mass messages. Aimed exclusively at the spammer market, the software is supposed to be able to send e-mail without using an ISP's server, making it both faster and more "direct."
But Falk says those claims are bogus. The main advantage to the software, he says, is that it makes it harder for ISPs to track down offenders. Spammers can simply log off and set up operations on a new account or with another ISP.
Consequently, ISPs, including Pacific Bell Internet, are training their gateways to detect such mail, Cota said. "Many ISPs are configuring their mail servers to reject attempts directly from dial-up ports ... More than three [of the spammers] used that type of [mail] server," he said. "Unfortunately, it takes an incident before you are really aware of the impact it can have on you."
The largest spam in the group was a restaurant promoting its stock; the second largest promoted a Web site. Both used the localized mail server software. Next in size was a pitch for an Arizona-based pyramid sales scheme, which Cota said the company later discovered was illegal. It was followed by a spam from a mortgage company promoting a loan.
Number Five was more unique, Cota said, coming as it did from an individual, not a business. The person responsible for this spam, which promoted a social event in California, has since contacted the ISP to apologize, Cota added.
Pacific Bell Internet has complained to the offending ISPs, CompuServe and AT&T WorldNet, but has not yet received a response. That didn't surprise Falk, either. Because of their size, he said, their ability to respond is slower than smaller providers.
In particular, CompuServe has been notoriously slow in handling spam issues, said John Mozena, co-founder and vice president of the Coalition Against Unsolicited Commercial Email. "Their relationship with the anti-spam community has been much less vocal and committed than that of AOL. Most of us would like to see AOL take over CompuServe's abuse team."
Calls between ISPs notifying each other of spammers, Mozena said, is the closest thing the Net has to 911, and deserves a prompt response.
"When you're affecting 175,000 users, you're expected to do whatever you can to help," he said. "There's no law that says you have to do that, but it's an important part of being a distributed network."
Financially, Pacific Bell Internet said the problem cost the company $500,000, but that includes the cost of four new mail gateways. That change more than doubled the service's email capacity, which Pacific Bell Internet said should be more than enough to prevent a repetition of the email outage.
