Boycott MCI/Worldcom for spam support

Note: This document was originally written in autumn 2002. That was before the break-up of WorlCom. However, after the breakup, MCI and UUNet are still part of the same company. Also note that although the specific spamming operation I discuss here appears to have moved on, UUNet still tops the lists as a spammer friendly provider.

UUNet is a Worldcom company, so is MCI. UUNet is a major Internet backbone provider. It connects other networks and companies to the Internet. Over the years UUNet has earned a reputation of acting extremely slowly against spammers on its network. In particular it appears to occasionally allow its customers to host sites advertised by massive, coordinated spam campaigns. Further information about the spammers that UUNet continues to host can be found at the spamhaus project's listings for UU.net.

This document discusses one ongoing case (October 2002) involving the UUNet hosting of a spam support company, Quixotik.

Quixotik spam

During the month of October (and now into November) I and others have been receiving several bits of spam per day to several of my email addresses (though this has changed a bit) all referring to sites hosted by Quixotik. These include both the basic sites advertised, redirectors to the sites advertised and tracking items (web bugs).

The sites hosted

The sites hosted by Quixotik which have been advertised by spam include: 
Name:    images.emailhello.com
Address:  63.111.25.33

Name:    click.impulsive.com
Address:  63.111.25.51

Name:    www.flashfunstuff.com
Address:  63.111.25.33

Name:    www.absolutefreesmut.com
Address:  63.111.25.33

Name:    www.thesurveyonline.com
Address:  63.111.25.33

Name:    banner1.mr-cash.com
Address:  63.111.24.120

Name:    redir.impulsive.com
Address:  63.111.25.90
All of these (at initial writing and months later) are hosted by Quixotik, which is a known spamming operation run by Eric Reinertsen according to Register of Known Spam Operations

Connectivity to Quixotik is via UUNet. Other than Quixotik (which clearly runs spam support services) and the spammer themselves, the entity in the best position to stop this spam and to make spamming costly for the spammer is UUNet.

The spam

In a separate document I list some of the subject lines of the spam. Warning: many of the subject lines contain explicit and possibly offensive sexual references. They aren't pleasant to see among your incoming mail, and probably aren't pleasant to read here. I provide them so that you can see whether you have been getting similar spam.

Report to UUNet

All of these have been reported to UUNet. Whether Quixotik has a special deal (AKA pink contract) with UUNet to provide "bullet proof hosting" or whether Quixotik has frightened UUNet sufficiently so that they continue to be connected to UUNet is not something I know. I know what I've been told by UUNet abuse desk people (which implied that UUNet must act carefully to avoid legal action from a customer), but I'm not certain that I believe that this is what is going on here. It simply doesn't matter whether UUNet is acting out of malice (knowingly and willingly providing a bullet proof services), is scared of lawsuits from Quixotik or is just plain incompetent. In either case, UUNet is the entity which we can pressure to do the right thing. Whatever their reasons for continuing to host such a massive spam hosting and spam support service, they should pay for it.

List washing

One apparent consequence of my complaints to UUNet appears to be some "list washing", that is the spammers remove the addresses of those who complain effectively. I started out receiving this spam to several of three of my addresses. After each of my telephone calls to UUNet (as follow-ups to detailed reports of the spam by email), one of my addresses would be removed as a recipient of the spam. I now no longer get the spam to any of the three addresses in the spam I've reported. However, my wife's address (which have not reported the spam) are receiving the spam with the same frequency. So I can assume that the spamming is continuing just as bad as ever.

Furthermore, this list washing means that one of the three things must be true

  1. Either I am lying,
  2. Or this is a remarkable coincidence
  3. Or UUNet is working with Quixotik to reduce complaints about spam, but not actually the spam itself.

I conclude that UUNet is working with spammers. If UUNet and WorldCom chose to have those who abuse and steal from the rest of the network as paying customers, they can make that choice. One consequence of that choice is that they will not have me as a paying customer.

I know that I could avoid this spam by filtering or really getting my addresses removed, but my goal isn't to stop seeing this particular batch of spam, but to reduce the amount of spam on the net.

Why MCI/Worldcom?

Is UUNet (the sister company to MCI) the worst offender? Are other telecom companies clean in this regard? Probably not. But I don't have the ability to do a global systematic statistical analysis and try to target the worst offenders. There are several reasons why it is worth focusing a boycott on MCI
  1. We have to focus on one or at most two at a time. The fact that few really have clean hands can't shouldn't be used as an excuse for inaction.
  2. UUNet has earned a truly terrible reputation in this regard in the past. While they improved over the past year or so, they need to know that earning such a reputation has serious consequences. There are steps that they could take well beyond what they've already done to convince the world that they act against network abuse.
  3. Worldcom companies are particularly vulnerable at the moment. A boycott now will have people sit up and take notice. They need every single customer the have. Trying to boycott them when their stock price was astronomical and their dodgy accounting led them to believe that they were invulnerable would have had no effect. Now that they are probably trying to find a buyer for MCI any threat to MCI's customer base must be taken seriously.
  4. By having a noticeable effect on a vulnerable company, it makes it crystal clear to other telecoms that consumers can punish their long distance carrier for bad behavior of their Internet wings.

Why Quixotik?

As you can see from the SBL listings for uu.net that UUNet hosts a large number of known spammer operations, and have done so for the very long time. So why do I pick out one of more than 50 to focus on? By picking one, I can follow the case. I can keep track of what UUNet is (or isn't) doing about them. I can call UUNet every few weeks to ask them what they are doing about this particular spammer. So that is why I focus on just one of the many spam operations that UUNet is happy to have among its customers. Why specifically Quixotik? Probably timing. Three of my addresses and two of my wife's addresses got blasted with several Quixotik spams a day late September and throughout October 2002. This is when I realized that reporting every spam was beyond me, and I would have to concentrate effort.

So what to do

If you are an MCI customer, switch to any of the others. Be sure to let MCI customer service know why you are switching. When I did this they lied to me and told me that MCI was no longer part of WorldCom. At this writing (November 2, 2002) that is a lie.

Whatever telephone company you do sign up with, let them know that you substantially base your choice of telephone company on how well (or poorly) their Internet divisions fight spam.

As I have said in other places, the only way to stop spammers is to make it more costly for them to spam. Right now the big Internet providers (almost all associated with long distances telecom companies) are in the best position to do that. Make them.

Spread the word. Linking to this site would be one way to do that.

If MCI isn't a choice for you

If MCI or no other WorldCom company is among the companies which you can chose from, then you are obviously in no position to boycott them. If you live in a place where some national telecom monopoly is your only option, you are not in a position to boycott MCI. All I can advise is that you do what you can. You can encourage others to boycott, you can encourage others to fight spam. You can put whatever pressure you can on your own telecoms monopoly or the politicians that keep it a monopoly to behave well.

You can link to this or other anti-spam documents, expressing your support.

How long to boycott

Once one switches to a different telephone provider, I don't anticipating switching back when the boycott ends. That is, customers lost during the boycott period are probably going to be lost for a long time.

But when should the boycott itself end? Well obviously not before UUNet terminates its agreement with Quixotik and any other known spammer it is serving. But it should go on longer. For sites like those hosted by Quixotik, they don't need to stay up long to do their business. Any positive response to a spam campaign is going to come in the first weeks if not day of it. So the fact that Quixotik has been able to keep its operations running for more than three weeks is probably more than they hoped for. The big danger in allowing it to go on so long is that other spammers will (correctly) see UUNet as a company that will let them carry on their spam campaign for long enough for it to work. Thus we need to make it clear to UUNet that every day they fail to take action against a spammer on their net is a day that will cost them dearly.

Thus, I will end the boycott no sooner than as many days after UUNet has taken care of the problem as it took them to take care of the problem. That is, if UUNet takes 25 days to deal with the problem then I will not call of the boycott until 25 days after they have dealt with the problem. This holds even if MCI is no longer associated with UUNet by the the end of that period. The purpose of this is to signal to anyone thinking of acquiring MCI that it is damaged goods.

It's been going on for a long time

In response to a posting about this document, "Dolphin" has informed me <news:slrnasb1n9.m70.usenet-nov+nanae@orca.dolphinwave.org> that Quixotik has been involved in spamming this way since at least May 2001. They've been keeping a record of reports about Quixotik. Clearly UUNet has no intention of acting against Quixotik without substantial additional pressure. If they haven't done anything about this in the past year and a half, then this boycott will run a long time.

What it would take to persuade me

Given the list washing described above and how long UUNet has been harboring Quixotik, it would take a great deal to persuade me that UUNet abuse desk people are telling me the truth when they say that they don't like providing connectivity for spammers. But there is something that they (and other providers) could adopt as policy that would help persuade a skeptical public that they don't like hosting spammers. UUNet could declare that any revenue collected for normal service since the first credible spam report regarding a site be donated to some anti-spam organization such as CAUCE. This would make it clear that they have no incentive for foot-dragging in getting rid of a spammer.

Other MCI/Worldcom boycotts

There are two other MCI/Worldcom boycotts that I know of. Neither one of which I specifical endorse. That is, I do not subscribe to "the enemy of my enemy is my friend" princple. You can easily find these and others with a simple search of the web.
[Best viewed with any browser] [Valid HTML 4.0!]

Version: $Revision: 1.7 $
Last Modified: $Date: 2004/03/02 05:40:23 $ GMT
First established November 2, 2002
Author: Jeffrey Goldberg