ad info




CNN.com
 MAIN PAGE
 WORLD
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
* TECHNOLOGY
   computing
   personal technology
 SPACE
 HEALTH
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 ARTS & STYLE
 NATURE
 IN-DEPTH
 ANALYSIS
 myCNN

 Headline News brief
 news quiz
 daily almanac

  MULTIMEDIA:
 video
 video archive
 audio
 multimedia showcase
 more services

  E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
Or:
Get a free e-mail account

 DISCUSSION:
 message boards
 chat
 feedback

  CNN WEB SITES:
CNN Websites
 AsiaNow
 En Español
 Em Português
 Svenska
 Norge
 Danmark
 Italian

 FASTER ACCESS:
 europe
 japan

 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 more networks
 transcripts

 SITE INFO:
 help
 contents
 search
 ad info
 jobs

 WEB SERVICES:

Computing

@Home threatened with discussion-group blackballing

Image

In this story:

Usenet gets spam, too

Spammers use ISPs to bounce messages

UDP requires broad participation

@Home responds to complaints

RELATED STORIES, SITES icon



January 13, 2000
Web posted at: 4:30 p.m. EST (2130 GMT)

By D. Ian Hopper
CNN Interactive Technology Editor

(CNN) -- Broadband Internet service provider @Home was threatened Sunday with the worst community-enforced punishment the Usenet newsgroup crowd can hand down: a Usenet Death Penalty (UDP).

  MESSAGE BOARD
Internet Society
 
  QUICKVOTE
Do you use usenet?

Yes
No
View Results

 

Unless the penalty is called off, it will take effect January 18 at 5 p.m. PST. The sentence under full force would effectively kick @Home off Usenet, preventing any @Home server from posting messages to any newsgroup, whether or not the poster is an @Home customer.

The @Home network, owned by Excite@Home, is the largest broadband Internet provider in the United States. Its chief cable access competitor, Road Runner, is partially owned by Time Warner, the parent company of CNN.com.

Usenet is a network of discussion groups called newsgroups and uses the Internet for transit. It is policed by news server administrators at each Internet provider -- at an ISP, government installation, corporation, educational institution or elsewhere -- along with self-styled "spam-cancelers" that have the ability to request network-wide deletions of messages determined to be junk.

Usenet gets spam, too

Just like private e-mail boxes, Usenet's thousands of discussion areas -- devoted to every topic from gardening to Sun network servers to more intimate pursuits -- are littered by messages peddling wares or inviting recipients into get-rich-quick schemes.

The administrators, along with the private cancelers, use automated programs known as bots to sift through those messages and get rid of the spam. Usenet Death Penalties are announced for the most egregious of offenders.

Without the watchdogs, the Usenet community would become useless. Before a UDP against monolithic ISP UUNet in August of 1997, 40 percent of all Usenet traffic was spam, and another 40 percent was requests for spam cancels, according to volunteer spam-canceler David Ritz, who called for the UDP against @Home. Only 20 percent of total traffic was legitimate discussion.

Ritz said the greatest drop in Usenet spam occurred when spam cancelers went on strike. When their bots no longer looked for spam, thousands of news servers around the world "filled up until they barfed," he said.

"People started making messages expire quicker, and run spam filtering software on their servers. This caused a drop in spam, and people became very aware of just how important these volunteers are to the network," Ritz said.

Spammers use ISPs to bounce messages

Just because @Home servers are pumping out spam, that doesn't necessarily mean that that @Home is spamming Usenet, or even @Home customers. In fact, most of the gripes that spam watchdogs have with ISPs is that they leave backdoors open so that spammers can bounce their messages through another ISP. This provides another layer protecting the sender or the sender's ISP from repercussion, leaving the target ISP -- in this case, @Home -- to take the fall.

Ritz asserts that @Home hasn't responded well enough to requests that the ISP disable open backdoors. "When I call @Home, the response is 'send a message to Abuse.'

"If I'm calling their network operations center on a Friday evening, I find out that there's been no one at their abuse desk since Friday morning. Last night I sent a notice of an open server targeted for abuse. I called three hours later after I got no response. Once I informed them of the call for a UDP, they closed it," Ritz said.

@Home responded to Ritz's concerns in a statement posted to Usenet. The statement said that the back doors were left open due to software errors, which the company will address. As to allegations about @Home response, the company said it was dedicated to "participating respectfully" on the Internet, and will commit to more user education.

UDP requires broad participation

The UDP certainly works as a threat to ISPs trying to keep from being blacklisted from Usenet. However, since there is no overarching regulatory body for Usenet, it takes local news administrators to enforce a UDP. An administrator honoring the UDP would delete messages for his or her servers exclusively.

According to the Usenet Death Penalty Frequently Asked Questions, "Whether [a UDP] is taken up by others is dependent upon several things: the reputation of the person making the request, the facts laid out as to the reasoning behind the call, the nature of the complaints, whether the site in question has been attempting to solve the problems, and many other factors."

Pathlink Technologies administrates Newsadmin.com, which keeps track of Usenet spam and publishes the popular UltraHippo program, a free server-side spam filter. Representatives from Pathlink said that although they believe Ritz to be sincere, they don't think @Home is one of the worst offenders, compared to their network size.

"@Home isn't generally a huge producer of spam compared to the huge numbers [of posts from @Home]," said Joe D'Alessandro, network technician at Pathlink. "The higher the traffic, the larger the geography, and the more servers you run, the more likely you're going to be used" as a conduit for spam, he said.

"I think that [Ritz] probably had a frustration issue with @Home, probably had one stubborn problem. We usually get pretty good support when we report spam."

Pathlink doesn't plan to enforce the UDP. However, that doesn't mean that no one will, or that @Home isn't at all at fault. The response to the UDP is "going to be mixed," D'Alessandro said. "But I think @Home will feel the impact. I'm not saying @Home is blameless."

"We think [the UDP] is unfair to the people that make legitimate posts, and it disrupts Usenet," he said.

Pathlink spokesperson Cindy Esco said the company has become a bit skeptical of UDPs.

"In general, we believe that anti-spam efforts are becoming very political and self-promoting. We noticed that one of the anti-spam associations has created a partnership with an advertising group," Esco said.

UDPs, or even threats of one, are still very effective at curbing spam and keeping ISPs on their toes. Many major ISPs, including CompuServe, Bell Atlantic, Erols and PsiNet have all had UDPs called against them. Usually within days of the declaration the ISP -- no matter how large it is -- takes notice and announces to the Usenet community active measures it plans to take.

@Home responds to complaints

@Home was quick to respond to the UDP. On Wednesday, Excite@Home's network policy manager David Jackson made a lengthy statement proposing "spam prevention initiatives."

According to Jackson, the source of @Home's backdoors have come from subscribers who have installed proxy software incorrectly.

"Unbeknownst to the customer," the statement reads, "this mis-configuration has allowed outside access to the @Home news servers, and has resulted in our subscribers becoming spam relays. Because these various IP addresses create holes in our network, spammers have taken advantage of this mis-configuration, and have posted thousands of newsgroup messages."

The statement continues, assuring Usenet that @Home will perform frequent scans to locate and close holes that can be used by spammers. If @Home finds a user that has a mis-configured proxy server, @Home will shut off their Usenet access until their connection is secure.

Jackson also requested an extension to the January 18 deadline and attempted to assure the Usenet community that @Home's security will improve.


RELATED STORIES:
Viasec, Elron team up on e-mail monitoring and security
January 7, 2000
Privacy groups ask FTC to close e-mail loophole
December 6, 1999
Consumer Net complaints up 39% last year
November 26, 1999
Feds Warn of Cram Scam
October 27, 1999
PC scam: Crossline takes the money and runs
October 25, 1999
Another spam bill headed for Congress
October 21, 1999

RELATED SITES:
@Home
Deja.com
Pathlink.com
Usenet Death Penalty FAQ
Usenet Death Penalty Notice against @Home Network
@Home Network Response to Usenet Death Penalty Notice
SpamHippo
NewsAdmin.Com
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.