It was easier nabbing bad guys in the old days. Tracking them down might have been tricky, but at least law enforcement could rely on physical evidence. Today, though, some of the worst criminals in the world operate on the Internet, and they’re quick to digitally cover their tracks when necessary. Many of them are spammers, of course, and Steve Linford, founder and director of The Spamhaus Project, has found himself their number one target because of his real-time, dynamic database of blocked IP addresses as well as ROKSO (Register of Known Spam Operations), a list that publicly names the worst offenders. But while enforcers in the old days carried guns for self-defense, Linford relies on a different weapon: his network of Macs.
“We need our computers to be impregnable,” he says, “something that Macs have always been famous for. We are so frequently under Denial of Service attack by spam gangs that everything on our network is designed around surviving it.
“With Mac OS X, we can flip vital services onto backup circuits and IP set-ups in seconds, trace attackers, and weather the storm without our services being interrupted. I don’t sit around wondering how many crackers and script-kiddies are hammering our servers; I know those Macs aren’t letting them in.”
Linford’s main servers are Power Mac G4s and Xserves, but the heart of his network is a G4 Cube that maintains his Spamhaus Block List (SBL), which involves feeding real-time database changes to 300 worldwide servers that help more than 200 million SBL users reject around 8 billion spam e-mails a day. He notes that, except for reboots required when installing or upgrading software, he hasn’t needed to restart the machine since 2001.
“It’s an amazing piece of hardware,” Linford says. “There’s something very special about Macs in general, which starts from the moment you unpack one and discover that every component is a work of art. And working in Mac OS X simply doesn’t feel like hard work; there’s a feeling of calm about the OS.”
Nowhere to be seen
Ironically, Apple doesn’t use the SBL, nor does the company employ the list to protect .Mac users, despite Linford’s overtures. He elaborates: “We think Apple is possibly set on Bayesian content filtering only, which is an arms race with spammers who constantly adapt spam content to get around the filters, and which has no fail-safe mechanism to automatically alert the sender when a message is flagged in error and trashed.
“In the fight against Internet spam, which is now 70 percent of all e-mail in the U.S., Apple is nowhere to be seen. In contrast, Microsoft, whose OS insecurities are at the root of most spam problems, is at every spam conference and law enforcement meeting we attend. They position themselves as saviors, but in reality they’re very much the silent conveyor of the problem: 70 percent of all spam comes from hijacked Windows machines.”
Proof is hard to come by
Many of those hijacked computers are the result of W32.SoBig.E, a Trojan Horse virus that infected machines all over the world last year, creating a network of “zombies” that send billions of spam e-mails anonymously, unbeknownst to their owners. Linford’s ROKSO list publicly identifies 200 of the worst spammers, many of whom now use this method to continue their dirty work. But like an old-school enforcer, Linford is working on bringing them down.
“Proving who physically sent a spam is very difficult as most of it comes from anonymous proxies, and showing who owns that Viagra site hosted in China is equally difficult since the spammer will have used a fake name to open the account,” he explains. “However, the Federal Trade Commission and a number of state Attorneys General offices are working with us on putting together cases on the major spammers. This year we should see quite a few spammers arrested.”
But that could do little to stem a spam flood that Linford projects will account for 80 percent of all e-mail by the end of this year and 90 percent by next summer. He views the recently passed CAN-SPAM Act as one that “legalizes spamming and therefore only makes it worse.”
The answer to the problem, he says, involves making spamming illegal “and then using effective spam-blocking technology so that spammers find it very difficult to get mail servers to accept spam in the first place. The first line of defense should always be a block list, as that will more than halve any ISP’s incoming mail stream, leaving a small amount to be mopped up by second-level content filters.
“However,” he adds, “with each spammer sending an average of 80 million spams per day and relying on returns as low as 1 in 1,000,000, which is still 80 sales on a bad day, anything that stands in their way is going to be attacked with force.”
Which means that there will always be a need for The Spamhaus Project. Linford makes a living running a UK-based ISP and application developer called Ultradesign, but the ever-rising spam tide causes him to devote more and more personal resources to the battle. Because Spamhaus is run by volunteers like himself, he expects that he may soon have to transition part of its services to a funded model. He’s currently seeking sponsorship within the computer industry.
“Even if we do end up with a ‘Sponsored by Microsoft’ logo on our site,” he says, “unless someone starts making computers as good as Apple’s and an OS as secure and stable as OS X, you’ll be able to peel back any Microsoft logo to reveal a ‘Powered by Xserve’ one underneath.”