« Links Roundup | Main | new pats posted - 20091005 (maintenance pats release) »

October 2, 2009

The Impact of the new Spamhaus CSS "snowshoer" List

Evan Burke, who works for an email service provider (ESP) in Minneapolis doing deliverability compliance, asked an interesting question via Twitter: he said that he was trying to figure out what the new Spamhaus CSS list will mean to his company as an ESP. The new list will likely result in a lot of spam being blocked, which is a good thing - so-called snowshoe spam (definition here) has been an increasingly large component of the spam we see here and in the trap feeds we monitor. In one sense, it's a return to old-school statically-hosted spamming, the sort that Spamhaus SBL was created to solve - but representing an evolution in tactics and new levels of obfuscation.

Having no small amount of experience with these snowshoe spammers, I replied that I expected it to mean the more legitimate clients of the sneakier grey- and black-hat spammers would migrate to more legitimate ESPs - suggesting that it was, in the long run, a good thing, because ESPs with transparency and a reputation to protect will educate their new clients. His reply was essentially that this would be a problem for them in the short run, because it would swamp their new customer vetting processes and so on. It's a glass half full/half empty sort of question, though, I think.

You can pretty well divide the world of email into a few categories:

• legitimate email (personal, corporate, etc.)
• unsolicited mail sent by corporations directly
• unsolicited mail sent by corporations via legitimate ESPs
• unsolicited mail sent by corporations via snowshoe spam operations
• unsolicited mail sent via "spambots" and botnets
• unsolicited mail sent via chickenboners and other individuals using spam software

The differences between each category are a matter of transparency, competence, and sophistication. Botnet operators are not at all transparent, but competent (mostly) and sophisticated (mostly). Chickenboners are sometimes transparent (mostly not) but their lack of competence and sophistication are enough to make their messages easily identifiable as spam. ESPs occupy a spectrum from transparent, competent, and sophisticated to cloaked, competent and sophisticated to cloaked, incompetent and unsophisticated - but it is important to make the point that it doesn't imply that their respective clients match the profile of the ESP that they happen to choose for their business.

When a salesman at a company tries to promote a product or service by way of hiring what they believe to be an ESP, they may not have the sophistication to know the importance of transparency - they may be more focused on claims of success rates, or the sophistication of the ESP's tools for tracking, and other factors. Some of the more sophisticated snowshoe spam we've seen has been for recognizable brand name products and companies, like Sears and Brinks and LG and Kraft and Gerber and Dish Network and the AARP and so forth; some has been for the usual diploma mills, cheap insurance, work-from-home schemes, Acai berry nostrums and the like; some has been for the usual bottom feeder crap like ink cartridges and business cards. Very little of what we see has been what shows up via botnets, such as pharmaceuticals, fake watches, "OEM software", and body part enlargement snake oil.

This suggests that the various tiers of legitimacy of the vendors so represented do not align with the various tiers of legitimacy of the ESPs they hire. In my view, as those who were attracted to ESPs (or "email marketing agencies") who advertised excellent returns and low rates see those returns fall, they will move to ESPs whose reputations are based on transparency and responsible practices. What Evan is afraid of is that because of the same misalignment between sophistication of client and service provider, the legitimate ESPs will be swamped by the middle tier and lower, and this represents a threat to their ability to vet and police their clients. So be it.

I've taken the (unpopular on lists like SPAM-L) position for several years that ESPs represent an opportunity for those who wish to curtail spam, not a threat per se, akin to an Internet-wide hygiene and education campaign. Of course, the difference between a "good" ESP and a "bad" one boils down to reputation, transparency, and responsiveness to complaints about abuse (which you can't even measure without the first two, because if I don't know who to complain to, or know enough about you to bother, the third is a non-starter). Looks like here's an opportunity for ESPs wanting to maintain their legitimacy and good reputations, or for those who want to improve them. I'm looking forward to it.

Posted by schampeo at October 2, 2009 5:13 PM

Trackback Pings

TrackBack URL for this entry:
http://enemieslist.com/mt/cgi-bin/mt-tb.cgi/1034

Search Blog

Browse

• Archives
• Categories
  • antispam in practice
  • consortiae
  • gripes
  • history
  • legal
  • news
  • privacy
  • project
  • security
  • spammers
  • studies and statistics
  • tactics
  • tools
  • viruses and worms

Feeds

• RSS
• ATOM

Enemieslist

• Package Features
• Contribute