Spamhaus: ISPs Fighting Fraudulent Sign-Ups

Make Love Not SpamSpam can be so frustrating that it’s often easy to forget that spammers, just like every other denizen of the Interwebs, need a place to hang their hats. Whether they’re looking for hosting solutions to create an email environment for spamming, hosting botnets for the purpose of command and conquer tactics, or providing a place for unsuspecting users to get their hurt on with malware, spammers need a place to call home. But would it surprise you to know that some ISPs are reporting that every other signup is fraudulent?

That’s what the venerable folks over at Spamhaus.org are reporting, and the figure is a little disturbing, to say the least. Spamhaus, champions of the war against spam, regularly flags spammers, creates blocklists, and has even taken an active role in the takedown of some nasty botnets, such as the high profile shuttering of Grum earlier this year. The hard work of this organization as it fights the nasty blight known as spam cannot be overstated, and in their capacity as a watchdog and educator, the organization recently published an article on their site entitled “How hosting providers can battle fraudulent sign-ups.”

Fraudulent sign-ups – customers whose only intent is to spam and perform illegal activities – are most prevalent with ISPs who offer automated registration, such as cheap VPS and cloud hosting. Because they’re likely violating the ISP’s Acceptable Use Policy (AUP), these spammers fully expect to have their accounts suspended when the illegal activity is detected, and they typically use stolen credit cards or compromised PayPal accounts, Spamhaus reports. This, of course, allows them to avoid using their own funds and maintain anonymity.

Recent trends identified by Spamhaus through various ISPs shows that there’s something amiss. They note that fraudulent sign-ups have increased dramatically in the past few months, with “some hosting providers report that 50% of all new subscriptions are fraudulent. They also point out that “no hosting company is immune,” from the very small to the very large.

The dramatic increase in recent sign-ups could suggest that there’s a new play out there, whether by existing spammers or some new faction. If that’s the case, what it is and how it will affect our inboxes remains to be seen. Then again, it could simply be that ISPs have gotten more efficient at detecting and terminating illegal subscriptions, but conspiracy theories are far sexier and go better with your morning coffee.

Spamhaus admits that it just doesn’t have the resources to take action through consulting or providing active abuse reporting. It does, however, want to help, and offers ISPs a few helpful tips that may assist them in detecting abusive activity.

Verifying personal information is a must. Even automated services can be configured to verify the user’s email address and phone number, which may go a long way in detecting the subscribers who have malicious or illegal intent. At very least, even if an ISP cannot provide this type of verification, it can certainly create a frozen account that won’t be activated until the new subscriber contacts the ISP to verify his identity. As Spamhaus points out, it’s much more difficult for crooks to use a phone number than an email address, and the risk of compromising his identity might be an effective deterrent.

The next natural step is to use a blacklist to record and identify abusive users by their identifying information, and use the blacklist to block abusers from signing up in the future. While it may seem like anti-spam 101, it’s conceivable that ISPs aren’t spending as much time as they probably should on maintaining a database of those who have violated their AUP. Spammers aren’t exactly the brightest lights on the Christmas tree, and as Spamhaus points out, they will probably trip-up when they try to re-enlist: “Blacklisted customers often try to sign up for service again under a new name and postal address, but frequently do not change the email address and often attempt to sign up from the same IP address.“

Without a good AUP, ISPs are “open to legal threats when [they] terminate services to abusive customers or refuse to allow a previously terminated customer to sign up again. Spammers specifically seek out hosts with weak AUPs, or hosts who are known to be lax on spam/security issues.” As wrong as it seems, criminals have rights too, and Spamhaus warns that an ineffective AUP not only gives the criminals the right to abuse an account, it also gives them the ability to sue if their service is terminated.

Spamhaus has other tips there, so click on over if you’re interested.

Leave a Reply