Note: This document was originally written in autumn 2002. That was before the break-up of WorlCom. However, after the breakup, MCI and UUNet are still part of the same company. Also note that although the specific spamming operation I discuss here appears to have moved on, UUNet still tops the lists as a spammer friendly provider.
UUNet is a Worldcom company, so is MCI. UUNet is a major Internet backbone provider. It connects other networks and companies to the Internet. Over the years UUNet has earned a reputation of acting extremely slowly against spammers on its network. In particular it appears to occasionally allow its customers to host sites advertised by massive, coordinated spam campaigns. Further information about the spammers that UUNet continues to host can be found at the spamhaus project's listings for UU.net.
This document discusses one ongoing case (October 2002) involving the UUNet hosting of a spam support company, Quixotik.
Name: images.emailhello.com Address: 18.104.22.168 Name: click.impulsive.com Address: 22.214.171.124 Name: www.flashfunstuff.com Address: 126.96.36.199 Name: www.absolutefreesmut.com Address: 188.8.131.52 Name: www.thesurveyonline.com Address: 184.108.40.206 Name: banner1.mr-cash.com Address: 220.127.116.11 Name: redir.impulsive.com Address: 18.104.22.168All of these (at initial writing and months later) are hosted by Quixotik, which is a known spamming operation run by Eric Reinertsen according to Register of Known Spam Operations
Connectivity to Quixotik is via UUNet. Other than Quixotik (which clearly runs spam support services) and the spammer themselves, the entity in the best position to stop this spam and to make spamming costly for the spammer is UUNet.
In a separate document I list some of the subject lines of the spam. Warning: many of the subject lines contain explicit and possibly offensive sexual references. They aren't pleasant to see among your incoming mail, and probably aren't pleasant to read here. I provide them so that you can see whether you have been getting similar spam.
All of these have been reported to UUNet. Whether Quixotik has a special deal (AKA pink contract) with UUNet to provide "bullet proof hosting" or whether Quixotik has frightened UUNet sufficiently so that they continue to be connected to UUNet is not something I know. I know what I've been told by UUNet abuse desk people (which implied that UUNet must act carefully to avoid legal action from a customer), but I'm not certain that I believe that this is what is going on here. It simply doesn't matter whether UUNet is acting out of malice (knowingly and willingly providing a bullet proof services), is scared of lawsuits from Quixotik or is just plain incompetent. In either case, UUNet is the entity which we can pressure to do the right thing. Whatever their reasons for continuing to host such a massive spam hosting and spam support service, they should pay for it.
One apparent consequence of my complaints to UUNet appears to be some "list washing", that is the spammers remove the addresses of those who complain effectively. I started out receiving this spam to several of three of my addresses. After each of my telephone calls to UUNet (as follow-ups to detailed reports of the spam by email), one of my addresses would be removed as a recipient of the spam. I now no longer get the spam to any of the three addresses in the spam I've reported. However, my wife's address (which have not reported the spam) are receiving the spam with the same frequency. So I can assume that the spamming is continuing just as bad as ever.
Furthermore, this list washing means that one of the three things must be true
I conclude that UUNet is working with spammers. If UUNet and WorldCom chose to have those who abuse and steal from the rest of the network as paying customers, they can make that choice. One consequence of that choice is that they will not have me as a paying customer.
I know that I could avoid this spam by filtering or really getting my addresses removed, but my goal isn't to stop seeing this particular batch of spam, but to reduce the amount of spam on the net.
If you are an MCI customer, switch to any of the others. Be sure to let MCI customer service know why you are switching. When I did this they lied to me and told me that MCI was no longer part of WorldCom. At this writing (November 2, 2002) that is a lie.
Whatever telephone company you do sign up with, let them know that you substantially base your choice of telephone company on how well (or poorly) their Internet divisions fight spam.
As I have said in other places, the only way to stop spammers is to make it more costly for them to spam. Right now the big Internet providers (almost all associated with long distances telecom companies) are in the best position to do that. Make them.
Spread the word. Linking to this site would be one way to do that.
If MCI or no other WorldCom company is among the companies which you can chose from, then you are obviously in no position to boycott them. If you live in a place where some national telecom monopoly is your only option, you are not in a position to boycott MCI. All I can advise is that you do what you can. You can encourage others to boycott, you can encourage others to fight spam. You can put whatever pressure you can on your own telecoms monopoly or the politicians that keep it a monopoly to behave well.
You can link to this or other anti-spam documents, expressing your support.
Once one switches to a different telephone provider, I don't anticipating switching back when the boycott ends. That is, customers lost during the boycott period are probably going to be lost for a long time.
But when should the boycott itself end? Well obviously not before UUNet terminates its agreement with Quixotik and any other known spammer it is serving. But it should go on longer. For sites like those hosted by Quixotik, they don't need to stay up long to do their business. Any positive response to a spam campaign is going to come in the first weeks if not day of it. So the fact that Quixotik has been able to keep its operations running for more than three weeks is probably more than they hoped for. The big danger in allowing it to go on so long is that other spammers will (correctly) see UUNet as a company that will let them carry on their spam campaign for long enough for it to work. Thus we need to make it clear to UUNet that every day they fail to take action against a spammer on their net is a day that will cost them dearly.
Thus, I will end the boycott no sooner than as many days after UUNet has taken care of the problem as it took them to take care of the problem. That is, if UUNet takes 25 days to deal with the problem then I will not call of the boycott until 25 days after they have dealt with the problem. This holds even if MCI is no longer associated with UUNet by the the end of that period. The purpose of this is to signal to anyone thinking of acquiring MCI that it is damaged goods.
Version: $Revision: 1.7 $
Last Modified: $Date: 2004/03/02 05:40:23 $ GMT
First established November 2, 2002
Author: Jeffrey Goldberg