1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

‘Like Cutting Off a Limb to Save the Body’

Discussion in 'KrebsonSecurity' started by RSS, Aug 3, 2015.

  1. RSS

    RSS New Member Member

    This author has spent many years chronicling the exploits of black hat spammers who use hacked computers to relay junk email. But I’ve dedicated comparatively little time delving into ways of email marketers who technically follow U.S. anti-spam laws yet nevertheless engage in spammy practices. The latter is able to ply their trade because there are thousands of Internet hosting companies operating on thin profit margins that are happy to host spammy but lucrative clients. This is the story of how one hosting company heroically kicked out all of its email marketing customers at great expense and ended up building a stronger, more profitable company in the process.

    [​IMG]A serial entrepreneur as a young teenager, Peter Holden founded several online companies by the time he turned 20 and started Tulsa, Okla.-based hosting firm HostWinds. The company grew modestly but steadily — relying on more than two dozen servers and bringing in revenues of about $15,000 per month.

    That is, until Holden got his first email marketing client who offered to double HostWind’s monthly income in one day.

    “I remember driving down from Tulsa to Oklahoma City to visit this client,” said Holden, now 25. “It was July 2012, and it was super hot in the car because I didn’t have air conditioning. But I remember thinking it was really cool to have a client who was local and interested in using our services.”

    That one client’s business would not only double HostWind’s income, but it gave the company much-needed funds to invest in building out the firm’s technical infrastructure. Good thing, too, because the email marketing client soon referred more e-mailers to HostWinds, which was forced to petition the American Registry for Internet Numbers (ARIN) for thousands of additional Internet addresses to accommodate its new clientele.

    “Fast forward about two years, and we now have a lot of mailers on our network,” Holden said. “Throughout all of this, one client introduced me to another client, and another.”

    All of them swore up and down that they were following U.S. anti-spam laws to the letter. The CAN-SPAM Act was intended to make it more expensive and difficult for email marketers and spammers to send unsolicited junk email, but critics say it is essentially toothless and rarely enforced. Under CAN-SPAM, commercial emails can’t be spoofed (i.e., the address in the “from;” field can’t be faked or obfuscated), and the messages must give recipients a simple way to opt-out of receiving future missives.

    “Legally speaking, we didn’t have any client on our network who broke the law. My dad was a lawyer and we’d routinely terminate anyone who violated our policies,” Holden said. “Ultimately, I think the fact that these clients were able to pay their bills on time — and their bills were massive — gave them some sort of air of legitimacy.”

    HOW MANY SPAMS CAN A SPAMMER SPAM IF A SPAMMER CAN-SPAM SPAMS?

    From the perspective of anti-spam groups, the main problem with the CAN-SPAM act is that it doesn’t require marketers to get opt-in approval from people before spamming them. Also, many large-scale junk email operations are not too dissimilar from spam campaigns run by cybercrooks — except instead of routing the mail through PCs that have been seeded with malware, commercial emailers send email from huge numbers of distinct Internet addresses that they rent from a vast network of hosting companies.

    Eventually, large tracts of HostWinds’s Internet addresses wound up listed by The Spamhaus Project, an anti-spam service used by many ISPs. Networks that find themselves listed on Spamhaus’s various blacklists or “blocklists” soon discover their customers are unable to deliver email reliably. That’s because hundreds of ISPs route or deny email traffic based in part on Spamhaus’s blacklists of known, cybercrime-friendly hosts.

    After HostWinds attracted the attention of Spamhaus, Holden said he and his team began taking a much closer look at the company’s email marketing clients.

    “We started terminating customers who were pretty blatant spammers, where we’d take a look at the messages they were sending and say, ‘Wow, I wouldn’t want to receive this,'” Holden recalled.

    Most of the marketers HostsWinds terminated were sending messages for marketing programs that try to sign customers up for various products or services that bill monthly and can be very difficult for consumers to cancel.

    The Spamhaus listings were bad enough, but soon AOL began wholesale blocking email from HostWinds Internet addresses.

    “That was really the turning point, because none of these email marketers wanted to be with us if they couldn’t reach AOL users,” Holden said. “We started getting listed massively by Spamhaus at that point, and we went to the anti-spam community and said, ‘Why are you guys picking on us?’ They said, ‘We’re not picking on you: You’re harboring an army of spammers.'”

    CUTTING OFF A LIMB TO SAVE THE BODY

    Holden said he remembers exactly what he was doing when he made the difficult to decision to remove virtually all email marketers from his company’s network, a costly decision that he likened to cutting off a limb or two to save a patient from a lethal gangrenous infection.

    “I was in Dallas to visit our data center, and was in my hotel room doing planning in a notebook, and decided this was unsustainable,” he recalled. “The only [mailers] who were left were those with zero abuse complaints, and most of these were just doing regular newsletters. We gave up or lost about $150,000 in monthly revenue from that a decision, a huge portion of our business.”

    As painful as it was monetarily, the company reinvented itself over 2014 and 2015, and is now more profitable and sustainable than ever, Holden said. HostWinds now terminates mailers after a single abuse complaint, and Holden said he can now spot an email marketer from a mile away.

    “We rebuilt the business focusing on core infrastructure, hosting enterprise Web sites and keeping them online,” he said. “We now have a sustainable business that is not going to blow up in our faces in two to three years.”

    Holden said these days the only spammers who host malware or blast junk email out of his networks are those that do so for only a very short time before they’re found out and terminated. Holden said there are some very persistent phishing gangs from Egypt that try using stolen credit cards to register new host services to set up phishing scams. Other scammers will set up a new hosting arrangement using stolen cards and then blast as much as spam as they can until they’re shut down.

    To combat the latter problem, HostWinds is now working with MailChannels, a Canadian anti-spam firm that scours customer networks for outgoing spam, and then helps the customer quickly identify and terminate spammy accounts.

    MailChannels co-founder Ken Simpson said Holden’s turnaround story is rare but encouraging.

    “It seems like there’s two different kinds of hosting companies,” Simpson said. “Those who are redeemable and those that are just support services for spammers. If you decide you want to be the latter, you can make decent money for a while, but at the end of the day you’ll wind up with this burning husk of a company with all this [Internet address] space that is completely blacklisted by everyone and useless.”

    Continue reading...
     

Share This Page