@Home threatened with discussion-group blackballing
January 13, 2000
By D. Ian Hopper
(CNN) -- Broadband Internet service provider @Home was threatened Sunday with the worst community-enforced punishment the Usenet newsgroup crowd can hand down: a Usenet Death Penalty (UDP).
Unless the penalty is called off, it will take effect January 18 at 5 p.m. PST. The sentence under full force would effectively kick @Home off Usenet, preventing any @Home server from posting messages to any newsgroup, whether or not the poster is an @Home customer.
The @Home network, owned by Excite@Home, is the largest broadband Internet provider in the United States. Its chief cable access competitor, Road Runner, is partially owned by Time Warner, the parent company of CNN.com.
Usenet is a network of discussion groups called newsgroups and uses the Internet for transit. It is policed by news server administrators at each Internet provider -- at an ISP, government installation, corporation, educational institution or elsewhere -- along with self-styled "spam-cancelers" that have the ability to request network-wide deletions of messages determined to be junk.
Just like private e-mail boxes, Usenet's thousands of discussion areas -- devoted to every topic from gardening to Sun network servers to more intimate pursuits -- are littered by messages peddling wares or inviting recipients into get-rich-quick schemes.
The administrators, along with the private cancelers, use automated programs known as bots to sift through those messages and get rid of the spam. Usenet Death Penalties are announced for the most egregious of offenders.
Without the watchdogs, the Usenet community would become useless. Before a UDP against monolithic ISP UUNet in August of 1997, 40 percent of all Usenet traffic was spam, and another 40 percent was requests for spam cancels, according to volunteer spam-canceler David Ritz, who called for the UDP against @Home. Only 20 percent of total traffic was legitimate discussion.
Ritz said the greatest drop in Usenet spam occurred when spam cancelers went on strike. When their bots no longer looked for spam, thousands of news servers around the world "filled up until they barfed," he said.
"People started making messages expire quicker, and run spam filtering software on their servers. This caused a drop in spam, and people became very aware of just how important these volunteers are to the network," Ritz said.
Just because @Home servers are pumping out spam, that doesn't necessarily mean that that @Home is spamming Usenet, or even @Home customers. In fact, most of the gripes that spam watchdogs have with ISPs is that they leave backdoors open so that spammers can bounce their messages through another ISP. This provides another layer protecting the sender or the sender's ISP from repercussion, leaving the target ISP -- in this case, @Home -- to take the fall.
Ritz asserts that @Home hasn't responded well enough to requests that the ISP disable open backdoors. "When I call @Home, the response is 'send a message to Abuse.'
"If I'm calling their network operations center on a Friday evening, I find out that there's been no one at their abuse desk since Friday morning. Last night I sent a notice of an open server targeted for abuse. I called three hours later after I got no response. Once I informed them of the call for a UDP, they closed it," Ritz said.
@Home responded to Ritz's concerns in a statement posted to Usenet. The statement said that the back doors were left open due to software errors, which the company will address. As to allegations about @Home response, the company said it was dedicated to "participating respectfully" on the Internet, and will commit to more user education.
The UDP certainly works as a threat to ISPs trying to keep from being blacklisted from Usenet. However, since there is no overarching regulatory body for Usenet, it takes local news administrators to enforce a UDP. An administrator honoring the UDP would delete messages for his or her servers exclusively.
According to the Usenet Death Penalty Frequently Asked Questions, "Whether [a UDP] is taken up by others is dependent upon several things: the reputation of the person making the request, the facts laid out as to the reasoning behind the call, the nature of the complaints, whether the site in question has been attempting to solve the problems, and many other factors."
Pathlink Technologies administrates Newsadmin.com, which keeps track of Usenet spam and publishes the popular UltraHippo program, a free server-side spam filter. Representatives from Pathlink said that although they believe Ritz to be sincere, they don't think @Home is one of the worst offenders, compared to their network size.
"@Home isn't generally a huge producer of spam compared to the huge numbers [of posts from @Home]," said Joe D'Alessandro, network technician at Pathlink. "The higher the traffic, the larger the geography, and the more servers you run, the more likely you're going to be used" as a conduit for spam, he said.
"I think that [Ritz] probably had a frustration issue with @Home, probably had one stubborn problem. We usually get pretty good support when we report spam."
Pathlink doesn't plan to enforce the UDP. However, that doesn't mean that no one will, or that @Home isn't at all at fault. The response to the UDP is "going to be mixed," D'Alessandro said. "But I think @Home will feel the impact. I'm not saying @Home is blameless."
"We think [the UDP] is unfair to the people that make legitimate posts, and it disrupts Usenet," he said.
Pathlink spokesperson Cindy Esco said the company has become a bit skeptical of UDPs.
"In general, we believe that anti-spam efforts are becoming very political and self-promoting. We noticed that one of the anti-spam associations has created a partnership with an advertising group," Esco said.
UDPs, or even threats of one, are still very effective at curbing spam and keeping ISPs on their toes. Many major ISPs, including CompuServe, Bell Atlantic, Erols and PsiNet have all had UDPs called against them. Usually within days of the declaration the ISP -- no matter how large it is -- takes notice and announces to the Usenet community active measures it plans to take.
@Home was quick to respond to the UDP. On Wednesday, Excite@Home's network policy manager David Jackson made a lengthy statement proposing "spam prevention initiatives."
According to Jackson, the source of @Home's backdoors have come from subscribers who have installed proxy software incorrectly.
"Unbeknownst to the customer," the statement reads, "this mis-configuration has allowed outside access to the @Home news servers, and has resulted in our subscribers becoming spam relays. Because these various IP addresses create holes in our network, spammers have taken advantage of this mis-configuration, and have posted thousands of newsgroup messages."
The statement continues, assuring Usenet that @Home will perform frequent scans to locate and close holes that can be used by spammers. If @Home finds a user that has a mis-configured proxy server, @Home will shut off their Usenet access until their connection is secure.
Jackson also requested an extension to the January 18 deadline and attempted to assure the Usenet community that @Home's security will improve.
Viasec, Elron team up on e-mail monitoring and security
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.