The following text is copyright 2003 by Network World, permission is hearby given for reproduction, as long as attribution is given and this notice is included.


Is the battle joined?


By Scott Bradner


It's been quite a few weeks on the spam front and it looks like the good guys are losing big time.  It looks like a few hundred thousand new spam relay hosts may have been established around the world, according to the press the FTC seems to be giving up fighting spam and a primary source of anti-spam information is under heavy attack.


For a while things were not looking too bad on the anti-spam front.  Congress seemed to finally get the message that the folk out here in the real world were fed up and wanted them to do something  - and got that message loud enough that it was starting to be heard above the roar of donations from those who want to keep filling your mailbox.  Even the Direct Marketing Association (DMA), you know them, they are the folks that are suing the U.S. Government to stop the national anti-telemarketing do not call list (even though 41 million  registrations on that list should be a hint to the DMA that they are on the wrong side), admitted that it has offered to work with the FBI to "identify and prosecute spammers." (http:// 


But then the chair of the U.S. Federal Trade Commission (FTC) was reported to have gone into wet blanket mode and poo pooed all of the current congressional proposals.  This turns out to be worse in the reporting than in reality.  The actual speech ( is far better than the reports would have indicated (even if he seems to like "the flow of useful information to consumers" more than I do - by a few orders of magnitude.)


Then all hell broke loose.  The latest generation in the evolution of the Sobig virus (or worm, depending on your definition) struck on Aug 19th.  I did not get my 1st Sobig message until early on the morning of August 19th but in the following week and a half I've received 7,917 to my own mailbox.  I cannot begin to imagine how many went to the central mail servers at the University.  Press guesses (I'd call them reports but that implies more precision than I think is the case.) have between 100 and 500 thousand machines compromised.  In the last few days there has been a lot of speculation that one of the aims, other than the propagation of the species, of Sobig was to set machines up to be used in the future for relaying spam.


There is a report in the Boston Globe today that the anti-spam blacklist services have been hit hard by distributed denial of service (DDoS) attacks.  (  These services maintain lists of the addresses of spam relays so that ISPs and enterprises can block all incoming mail from them.  these services, while quite controversial, have been quite effective in reducing the amount of spam that gets through to the places that use them.


I.e., with Sobig and the blacklist DDoS attacks the bad guys are in full counterattack.


Some people are trying to fight back.  Earthlink and filed suits against spammers or on-line marketers within a few days of each other.   But that is a long row to hoe.


The FTC chair seemed to be mostly hoping for a technical solution to the spam problem - donŐt hold your breath.  Meanwhile maybe congress can make it easier for the FTC and others to attack the attackers and the FTC can be less despondent.



disclaimer:  At Harvard, guesses are called "research," but the above is my "research."