October 21, 2015

This author has long sought to shame Web hosting and Internet service providers who fail to take the necessary steps to keep spammers, scammers and other online ne’er-do-wells off their networks. Typically, the companies on the receiving end of this criticism are little-known Internet firms. But according to anti-spam activists, the title of the Internet’s most spam-friendly provider recently has passed to networks managed by IBM — one of the more recognizable and trusted names in technology and security.

In March 2010, not long after I began working on my new book Spam Nation: The Inside Story of Organized Cybercrime, From Global Epidemic to Your Front DoorI ran a piece titled Naming and Shaming Bad ISPs. That story drew on data from 10 different groups that track spam and malware activity by ISP. At the time, a cloud computing firm called Softlayer was listed prominently in six out of 10 of those rankings.

In June 2013, Softlayer was acquired by IBM. (Update: Oct. 31, 11:43 p.m. ET: As reader Alex and others have pointed out, another ISP listed prominently in this chart below — ThePlanet — is now also part of IBM/Softlayer).

The top spam-friendly ISPs and hosting providers in early 2010.

The top spam-friendly ISPs and hosting providers in early 2010. Softlayer and ThePlanet both listed prominently in the top 10, and both are now owned by IBM/Softlayer.

Original story:

Softlayer gradually cleaned up its act, and began responding more quickly to abuse reports filed by anti-spammers and security researchers. In July 2013, the company was acquired by IBM. More recently, however, the trouble at networks managed by Softlayer has returned. Last month, anti-spam group Spamhaus.org listed Softlayer as the “#1 spam hosting ISP,” putting Softlayer at the very top of its World’s Worst Spam Support ISPs index. Spamhaus said the number of abuse issues at the ISP has “rapidly reached rarely previously seen numbers.”

Contacted by KrebsOnSecurity, Softlayer for several weeks did not respond to requests for comment. After reaching out to IBM earlier this week, I received the following statement from Softlayer Communications Director Andre Fuochi:

“With the growth of Softlayer’s global footprint, as expected with any fast growing service, spammers have targeted our platform. We are aggressively working with authorities, groups like The Spamhaus Project, and IBM Security analysts to shut down this recent, isolated spike. Just in the past month we’ve shut down 95 percent of the spam accounts identified by Spamhaus, and continue to actively eliminate this activity.”

top10spamhausBut according to Spamhaus, Softlayer still has more than 600 abuse issues still unaddressed. Spamhaus says it is true that Softlayer has been responding to its abuse complaints, but that the scammers and spammers are moving much faster.

In a blog post published earlier this month, Spamhaus explained that the bulk of the trouble appears to have come from cybercriminal customers in Brazil who have been rapidly registering large numbers of domain names daily tied to fake but plausible-sounding companies or organizations.

“This Brazilian malware gang was so active that many listed [Softlayer Internet] ranges were being reassigned to the same spam gang immediately after re-entering the pool of available [Internet] addresses,” Spamhaus explained. “After observing the same [Internet] address ranges being reassigned repeatedly to the same spammers, Spamhaus contacted the SoftLayer abuse department and told them that [Spamhaus listings] for these specific issues would not be removed until SoftLayer was able to get control of the overall problem with these spammers.”

Spamhaus said it doesn’t known why Softlayer is having this problem, but it has a few guesses.

“We believe that SoftLayer, perhaps in an attempt to extend their business in the rapidly-growing Brazilian market, deliberately relaxed their customer vetting procedures,” the organization posited. “Cybercriminals from Brazil took advantage of SoftLayer’s extensive resources and lax vetting procedures. In particular, the malware operation exploited loopholes in Softlayer’s automated provisioning procedures to obtain an impressive number of IP address ranges, which they then used to send spam and host malware sites. Unfortunately, what happened to Softlayer can easily happen to any ISP that makes certain unwise choices.”

IBM/Softlayer did not comment on those allegations. But as I show in my book, Spam Nation, spammers and malware purveyors continuously seek out and patronize ISPs and hosting providers which erect the fewest barriers to rapidly setting up massive numbers of scammy sites simultaneously.

It is true that if you make it harder for spammers to operate, they don’t just go away; rather, they move someplace else where it’s easier to ply their trade. But there is little reason that these Internet bottom feeders should have made a home for themselves at a company owned by IBM, which bills itself as the fastest growing vendor in the worldwide security software market. Physician: Heal Thyself!

Update, 10:39 p.m. ET: Since this story was published, I heard from Cloudmark, another company which tracks global spam activity. According to Cloudmark, SoftLayer’s network (Autonomous System Number AS36351) was the largest source of spam in the world in Q3 2015. Cloudmark researchers also observed that a whopping 42 percent of all outbound email from SoftLayer was spam. “Current spam layers from SoftLayer are 600 percent higher than they were one year ago,” the company said in an email to KrebsOnSecurity. “Legitimate email volume is also up 180 percent, indicating an overall rapid growth in terms of outbound email.​”

Update: 1:00 p.m. ET, Nov. 5: Looks like Softlayer has finally dropped off the Spamhaus Top 10 list. Here’s hoping this article helped in some small way to speed up that process.


54 thoughts on “IBM Runs World’s Worst Spam-Hosting ISP?

  1. Mike Hunt

    I can tell you from past dealings with Softlayer, they are a big problem when it comes to spam

    1. Bill Johnson

      Lets call this company who they are …IBM
      softlayer is 100% IBM owned and Warren Buffet owns 7% of IBM
      maybe some calls to Warren would help.

      1. meh

        With all the layoffs they have a dangerous mix of business units in disarray plus thousands of disgruntled former employees.

  2. David

    SoftLayer’s been the biggest source of spam making it past our filters. Almost a new IP for every email, rarely ever appearing on blocklists. They host too much legitimate stuff to block outright.

  3. Chris Nielsen

    Not sure if I agree with this post. I’m no SoftLayer Lover. One of my clients had used them for several years, but cost and support issues drove them away.

    Just this morning I reported some p 0 r n spam that came in for a second time which originated with SL.

    But from my experience I think there may be some level of unfairness in this post. I have never seen unending spam from SL’s networks once spam has been reported. Given the huge numbers of machines, accounts, and subaccounts under their wing it doesn’t surprise me that they are spam-infested. I suspect that their clients have clients selling reseller accounts and the level of control is diluted because of this structure. It takes time to notify your client who has to notify their client.

    I wish you had tried harder to get SL’s side of the story but I think it would be something close to what I have said.

    I think a more worthwhile cause for spam fighters to take up would be the blocking of non-US sites from those of us that have no interest or need in customers or traffic from outside the US. One of my clients fits this profile and we have taken steps on the server and site level to exclude known sources of spam. You know the most common of countries so I don’t have to name them. Contact form spam had gotten way out of control but by blocking non-US sites it was reduced to a manageable level. We still get contact form spam from US locations, but we also block a lot of those as well. I should mention that the client has never resorted to CAPTCHAs. With our blocking, he doesn’t have to.

    Lastly, my personal email at our company domain has been published on the web since 1999. I used to get 400-600 spams a day but today I get perhaps 10 if it’s a bad spam day. Most of this spam freedom was accomplished via IP range blocking and CCTLD blocking. If you are not shackled to non-US communications, it is possible to have real freedom from spam.

    1. BrianKrebs Post author

      I think you should probably re-read the story. The issue appears to be related to the rapidity with which the bad guys are able to register new spammy domains and map them to accounts registered with Softlayer.

      The SH people think this has to do with the company’s expansion into a new region and with relaxed vetting rules for new customers there. I don’t know if that’s the case, but of course the company had the opportunity to comment on that as well.

      1. Spam Fighter

        Exactly, they gotta take responsibility for their network. They should’ve implemented better monitoring tools to detect bad activities, there is no excuse for that

      2. Chris Nielsen

        So the vendor is blamed because the spammers are more active?

        Maybe they are slacking off, but I don’t see anything that indicates they are not making an effort to stop spam on their networks.

        If you are going to sham providers (a great idea by the way) I would prefer to see it for those that are either super-slow or don’t seem to take any action. And that includes vendors that host a site but not the domain, yet they refuse to contact their client when the domain is involved with the sending of spam, or spamvertised sites.

        I use spamcop.net on a daily basis to report spam. I thought I would be able to stop reporting spam, but some still gets through. And those are the ones that really need to be reported.

        How many of you out there hate spam, yet just complain about it and don’t report it??? It makes me sick. If everyone would just report one spam a day, we would have much less of a problem.

        I started blocking non-US sites because after 10 years of reporting spam I was just treading water. Now I not only report the spam, but I use the links in the spam to find out what the end target is that they are promoting. Then I report that site as well. Needless to say, I don’t see a lot of repeat spam over a period of a few days. You report an affiliate spammer to the program they are promoting and generally they get their account closed. And you know that hurts them where it counts!

        I still think the way the article comes off is unfair. Providers that have an active anti-spam program should not be blamed about the effectiveness of that program – they could be encouraged to do better. And they should get help from all of us as well. Thanks!

        1. Robert Allen

          Yes, the ISP…..IBM is to blame. They should be able to manage and control their servers and network and enforce the terms and conditions of service. Even small ISPs can do this.

          1. Andrew Nambudripad

            Former IBM employee here (10 years ago now..).

            Even then the company had so many arms one hand had no idea what the other was doing. I’d imagine it’s even worse for acquisitions. Imagine them as a multinational conglomerate like Berkshire-Hathaway at this point with a bunch of holdings in tons of different industries. The z/OS mainframe guys in upstate NY have no idea what the IBM Consulting Indian team is doing, the DASD storage team trying to compete with low-end NAS’ have no idea what SoftLayer is doing.

            Just because it’s coming from their netblock (they own an entire class A, or did, not sure if they returned it to ARIN), doesn’t really mean too much. This is how it almost certainly happened: (any current IBMers correct me if you were on either team) — IBM’s PaaS division came to SL and said “hey you need to give us a way to provision real time servers”. PaaS had no idea how to deal with rampant spam. SL is used to dealing with high end customers who are vetted with mostly valid credit card numbers and long-term corporate clients (as they operate in the same realm as Rackspace and other hosts like that), so they didn’t have anti-spam policies in place that say 1and1 and other lower-price-barrier to acquire an account hosts have in place.

            The PaaS division ran a promotion that allowed anyone with an IBM account could use their cloud services, trying to promote Watson and other services. This included free Softlayer accounts. All that was required was a free IBM Passport account which only required a valid email. Spammers quickly found and exploited this. SL now has to deal with an unfamiliar spam threat.

            Not speaking in defense of either company. This folly could have been anticipated (and probably was anticipated by engineers on both teams, but their managers ignored the complaints because they had corporate targets to hit.)

            1. Joseph Jones

              Pretty much everything you said in the last two plus paragraphs just reinforces the article.

              I am quite sure the technical professionals saw it for what it was, a big hole waiting to be exploited, and reported this to the powers-that-be who then ignored in an effort to hit some “numbers” goals.

              But that is still 100% on the company. Some piss poor decisions and corners cut led to this big fustercluck.

      3. Andrew Nambudripad

        It doesn’t help that IBM is running a promotion with no-verification one free month of BlueMix (their cloud provider) which includes a dedicated host with its own IP on Softlayer with no credit card verification. It was intended to promote their PaaS (Watson/Predictive Analytics/dashDB) but spammers obviously have figured out the way to exploit this. I’d bet my 401k that a bulk of the spam is coming from people who are just bulk-registering IBM accounts then abusing the SL account until it gets termed, rinse, repeat.

        On the other hand, SL’s team has been nothing but top notch when I’ve had to deal with them. They’re expensive but even on their unmanaged dedicated hosts, I’ve had consistent 15 minute response times for tickets with continuous live chat and no ‘getting past level 1 tech support’ idiots. Their support team is either really well trained or actual engineers. (And it’s not like we’re a big name customer, we only spend a few hundred a month on dedis to host one WebSphere app).

        This is a huge PR blunder and I hope they can recover from it quickly. My knee jerk reaction would be blocking SMTP traffic out for new accounts is what I would do to fix it, but I’m sure that has a set of other implications.

      4. Allan Jude

        I know what OVH has done, is implement a throttle on outbound connections to port 25. And they have implemented some outbound email scanning, and if the email you are sending looks like spam, they null-route the IP address automatically. This has caught be a few times with a personal address that I forward to gmail.

    2. well...

      Somehow, the “Look at how hard a job they have to do!” -defense just doesn’t ring that terribly sympathetic with me. They wanted the job. And if they are avoiding answering questions, I don’t see why they merit pity for their side of the story not being represented. No answer IS an answer.

      They are cashing checks for hosting spam. Bringing in money is their primary reason for existence. They will only do the right thing when it starts having an effect on the check cashing.

      It just seems a little silly to me to assume the best intentions of a company in spite of their behavior.

  4. GS

    Not the same thing as this article but related to spam.. what’s the deal with Comcast? They automatically give you an email address, one I have never used at all. Yet it has dozens of spam messages from the get go.

    1. Rober

      I have been using Comcast for decades and NEVER had a problem with SPAM. I can count the number of times I’ve found unsolicited messages in my inbox on one hand.

      1. WTKJD

        I’ve used Comcast for years as well and never received SPAM until the last year or so. Several of the messages were from Comcast Xfinity advertisers and were listed as Xfinity ‘sponsored content.’ Probably 2-3 messages a day.

      2. GS

        I have never used this email for anything, yet the spam is there, including one phishing one telling me my bank account has been locked (a bank I have no relationship with).. Not that I care actually as I said, I don’t actually use that email account anyway. Random names attached to random email providers?

        1. EstherD

          Probably a recycled email address. Some spam-ridden user once had the address you now have, but gave it back when they terminated Comcast service. That user is now gone, but the address still appears on actively-circulating spam lists, so the spam continues unabated. Now you get it, rather than the original owner, but the spammers couldn’t care less.

          Generally not a good practice, but many (most?) ISP’s now routinely recycle email addresses. Only way for a latecomer to have a chance to snag one of the more-desirable properties typically gobbled up by the early adopters.

          Almost as much fun as getting a recycled mobile phone number, along with all of the debt collector leeches that were attached to the prior owner.

        2. Wharrgarble

          > Random names attached to random email providers?

          More likely probable names attached to major email providers. If the address is a fairly common name with a number, fairly common first and last name, first initial-fairly common last name, spammers will take a shot at it. It’s less like Spam than it is spaghetti, as they (metaphorically) throw a lot of stuff against the wall and make use of what sticks.

  5. JCitizen

    IBM better get on the stick – because they’ve a reputation to uphold – perhaps things like this are why their stock is slipping badly on the NASDAQ!

    1. Mikey Doesn't Like It

      FWIW, IBM is on the NYSE, not NASDAQ. And frankly, the stock’s downward spiral reflects the total ineffectiveness of the new CEO, Rometty. (14 quarters on the job, and each quarter down from the quarter before.)

      Of course this situation is a sad reflection on IBM. But if Rometty were serious about turning the company around, one phone call (or email) from her could put an end to SL’s loopholes and lax management and address a glaring embarrassment for what was once a great tech giant. What is she waiting for?

      Time will tell if IBM can regain its credibility and rebuild its reputation. This may be just one small part of the overall picture at IBM, but it may be a symptom of much larger problems.

      1. Femtobeam

        “This may be just one small part of the overall picture at IBM, but it may be a symptom of much larger problems.”

        Yes, like being half owned by the Chinese.

  6. Mookie

    Referencing Spamhaus is funny to me as it’s just about as impossible to get an IP removed from their archaic blocklists as it is to get a reply from an abuse@ report from many ISP’s.

    1. Spam Eater

      Spamhaus are awesome unless you’re a douchebag network operator who doesn’t take care of spam properly. I think that’s fitting.

    2. NotMe

      Don’t stop reporting even if you get no reply. If we all reported stuff there would be fewer places for the bad guys to hide.

  7. Bill Johnson

    IBM is making money on both sides of this equation by selling security tools.
    This once great company is sliding quickly into desperation and oblivion.

  8. Alex

    Note that Theplanet.com is now also part of IBM/Softlayer. They are listed on 7 of your spam ISP lists from 2010.

  9. MedicalQuack

    Well if you saw the IBM earnings news, things are not good with sales for them, 14 quarters of losing money, stock buy backs bigger than most anyone else instead of re-investing in their company and this story kind of says that. Price of their stock dove deep this week. Then they have IBM Watson, their data mining and selling technology, but the computer scientist who created IBMWatson, left a couple years ago and went to work for a hedge fund…kind of says what direction this company has taken overall.

    http://ducknetweb.blogspot.com/2014/06/ibm-computer-scientist-leaves-ibm.html

  10. Adam

    If memory serves me well, ThePlanet IPs have been a sizeable source of spam for a long while. I’ve not managed any corporate mail systems in nearly 10 years but I certainly remember this provider from those days. I cannot draw conclusions without reviewing historical data but IBM may have bought into something with some baggage.

  11. StephenB

    As the server admin a small hosting provider, this is very nice to see – I don’t have exact numbers on spam my servers have received from Softlink, but I report 40-60 spam per day & the volume has been high that the name stands out.

    One mail host that I would loooove to see name-and-shamed for their lax attitude towards policing spam is (drumroll)… GOOGLE. GMail is one of the largest sources of spam received by my servers – and probably the largest source of spam that tends to slip through filters. Mainly because of the amount of legit EMail that comes from GMail, making them effectively “too big to blacklist” – and combined with their horribly lax enforcement, this has made GMail extremely attractive to spammers.

    The overwhelming majority is spam from Indians hawking sweatshop web development & SEO snake oil, most of whom start their EMails with the curiously-consistent “Greetings of the day” broken-English salutation. It finally got reached the point where I started keeping a record of all the spam I’d received from GMail accounts – all of which I reported to them directly (and through Spamcop… at least once they stopped rejecting spamcop complaints, but that’s another rant) – and every few weeks, I’ve sent out a test message to the list of GMail spammer address to see which ones bounce (indicating that the account was turfed by Google).

    The results were even worse than I’d expected. Out of a sample of at least 300 obvious examples of spam, more than 75% of the addresses were still active more than a month after being reported – and of the 25% addresses that weren’t active, it took at least 3 weeks before they started bouncing test messages. So it appears that Google typically ignores over three quarters of the spam complaints received, and even then it takes them nearly a month to address spam complaints.

    The only anomaly? The stats were dramatically different for addresses where I had checked the “Did this EMail appear to be from someone impersonating Google” option when reporting the spam – of those addresses, 100% were inactive when sent test messages 3 weeks later. So unless you’re actually impersonating Google, it looks like you can use GMail to send all the spam you want – with only a 1/4 risk of the account getting terminated.

  12. Tim

    I’d just like to point out how spammy the title of your book, “Spam Nation: The Inside Story of Organized Cybercrime, From Global Epidemic to Your Front Door”, is. I’m hoping that’s suppose to be ironic.

    1. meh

      How is that ‘spammy’? Its a book that dives into causes and financial incentives for Spam. What would you have called it instead?

  13. Andrew Conway

    Thanks for breaking this story Brian. For Q3 this year Softlayer’s ASN was the largest source of spam in the world detected by Cloudmark. Spam levels from Softlayer are up 600% from Q3 2014, while legit email is up 180%. Softlayer is indeed growing very fast, but a disproportionate amount of this growth is spam.

    It’s worth noting that the founder and CEO of Softlayer, Lance Crosby, left IBM in January of this year. He is someone who knows the importance of keeping the spammers out.

  14. Mark W.

    Our anti-spam appliance has trouble with IBM cloud spam. They build their own cloud services tied in to other cloud services…. our users can’t tell if they’re legit or not either. To interact with one of their latest offerings:

    You get an email from noreply@icm.ibmcloud.com but it’s coming from bounces-*******@email.varicentcloud.com and to act on the message you’re asked to click on huge link

    https://*********.sendgrid.net/wf/click?upn=…..

    this site has a legit cert but it just redirects you to:

    https://*******.icm.ibmcloud.com/ICM/login.html

    … this site gets you to finally sign in but the “new” service is using SHA1 in the cert and uses only TLS 1.0 so Chrome rightfully complains.

    We tell users to look for the “green” address bar, watch for suspicious links in email, etc. then this comes along and you have to tell them to ignore all the issues as IBM can’t change it in their “agile cloud”.

  15. Scott D.

    I’m not surprised at all that softlayer is in the top ten, but I am very surprised that Theplanet isn’t even higher on the list. And of course, amazon’s cloud operation is increasingly a problem as a spam source as well as for hosting.

    1. Brian Fiori (AKA The Dean)

      Isn’t Theplanet part of Softlayer, now?

  16. Rabid Howler Monkey

    Put Watson on it! Identify the bad sites (there should be lots of internal monitoring data available along with spam-related emails from external sources) and shut them down. Rinse and repeat …

  17. Michael Iger

    I’m sure the parent IBM is impressed with the revenue growth from Softlayer and everyone there is up for a big bonus. I’m sure controlling spam is not one of their performance criteria or it wouldn’t be so bad.

  18. Ron G.

    Just a few brief points…

    1) To be clear, it ain’t just those sleezy Brazillians that have sneaked onto Softlayer (to do spamming) of late. I also caught… and reported to various relevant parties… one particular well-known U.S. spam gang that also managed to get a whole buch of small allocations recently on Softlayer. (I haven’t seen any more spam from them lately, so I think that the Softlayer abuse team must have turfed them already.)

    2) Up until really quite recently, if you had asked me, I would have said that the Softlayer abuse team was doing a fine and very proactive job of nuking spammers off their net. But clearly, something changed in the past few months… most probably as an unfortunate side-effect of the layoffs/reorg (which I myself only even learned about from the comments here today). But I’m fairly sure that the old head of the SL abuse team is still there, so this suggests that the whole problem is down to some idiotic management tomfoolery, perhaps at some level above him. If allowed to do their jobs, I feel sure that the abuse staff @ SL could bring things back from the brink in no time.

    3) I mostly agree with the fellow who noted the issues/problems with Google/Gmail. Over time, I’ve gotten plenty of crap from their, and Google… if it even has any abuse people, doesn’t seem to be letting them do much. And really, this is a MUCH bigger problem than anything coming out of soflayer, because, just as the other fellow noted, anyone who runs a mail server can easily blacklist the various provably dirty Softlayer IP ranges, but the spam out of Google/Gmail comes out of their main servers, which are indeed TOO BIG TO BLACKLIST. So this is a MUCH worse problem and I wish that Google would get its corporate head out of… ummm… the sand.

    4) The guy who said that perhaps IBM should apply Watson to their own outbound spam problem is a genius. And if IBM ever actually did this, they would be geniuses too. WHY DON’T THEY? Spam is a known hard problem. It is exceptionally diffcult for ANY automated system to correctly detect actual spam most of them time while still manitaining an acceptably low (i.e. near zero) false positive rate. If Watson really if so great a conquering problems confined to rather narrow knowledge domains… well… STOPPING ALL SPAM COMING OUT OF SOFTLAYER would provide one of the most compelling real-world demonstrations of Watson’s prowess and usefulness I can imagine. And there are one helluva lot of service providers who would be happy to buy a Watson-based solution to the outbound spam problem if they (IBM) could make it work. (The fact that, as it appears, they haven’t even tried, says something about current management. The phrase “a failure of imagination” comes immediately to mind.)

  19. Ron G.

    Oops! Forgot to click the button to get e-notified of replies/follow-ups. My bad. Done now.

  20. Shannon Jacobs

    When can I read your book on spam?

    Suspect that this blog may be related to a current Bluemix problem? However, in discussions of the spam problems, I wish that I could DO something to hurt the spammers. You know, hit them in their only sensitive organ: Their wallets. Hard.

    For example, how about an iterative spam-analysis and confirmation tool? I think it’s more in the scope of the google or MS, but the basic idea would be to return the analyzed spam as a webform, and the human volunteer (AKA wannabe spam fighter) would confirm or correct the analyses and targeting. It might go back and forth a couple of times, but the final result would seek to disrupt ALL of the spammers’ infrastructure, pursue ALL of the spammers’ accomplices, and help and protect ALL of the spammers’ victims. Not just the few suckers who directly feed the spammers, but even the corporations who want to protect their reputations and their customers who trust their brands.

    I’m NOT saying that everyone should do it. I am just saying that if a small fraction of the people who hated spam wanted to chip in once in a while, they could completely overwhelm the few suckers. The critical number is NOT the marginal cost of more spam, though it is low. The critical number is the ratio of spam haters to suckers.

    Nor am I saying we can convert the spammers into decent human beings. I’m just saying that if we reduce the money, many of them will crawl under less visible rocks.

    Let me close with a little concrete example just to show how it could work: Link shorteners. With a bit of help from server-side analysis, a human being can identify that a shortened link is being used to route suckers to a spammer. After five or 10 confirmations, the host would be notified, along with the votes on recommended countermeasures, most likely the website to replace the spammer’s. For example, a Internet drug website could be repointed and LOCKED to point to a police website explaining the harms of fake drugs, and suddenly all of the spam is changed from sucker bait to educational material (with the side effect of perhaps even scaring some suckers who are looking for dangerous drugs).

    Don’t you want to help make the Web a better place? I sure wish I could use such a tool.

    1. Shannon Jacobs

      Whoops. Meant to set the reply notification… Will this do it?

  21. MichaelG

    Hey Krebs,

    Be fair.

    They did respond to your article and now block port 25 on new accounts, and btw thanks for that now new customers will have to work around this thanks to your pointless finger pointing.

    Here are the facts you either didn’t consider or deliberately left out –

    a) maybe spammers chose it for the versatility of the network and the powerful physhical hardware servers that can be provisioned using the api?
    b) maybe spammers to the most part thrive on evading provider verifications so there really isn’t much to improve in that department?
    c) does softlayer respond to spam reports well? are they not doing anything their competition is doing ? it seems to me this is the kind of question you should ask , given the respectable nature of your site.
    d) how is what you are doing any different than …say … blaming a vehicle manufacturer for speeders and criminals because they like to use it’s brand?

    The fact is , the softlayer platform has good reputation and gives it’s users a great deal of flexibility in both price and performance, that is why spammers gravitate to it. it is the same reason so many AD networks and online gaming companies love it as well.

    But like it or not your article has caused a change, now the users of softlayer will have to use or buy a third party “cloud” email provider to send emails from their servers.

    I happen to think security regardless of it’s intention should never restrict or reduce the productivity and efficiency of legitimate usage of the system or network. that’s what security professionals are paid so well for, to secure systems and networks without their security impeading legitimate usage. after all anyone can secure a network , just shut it down lol.

    See, My problem with your article is that you use this publicity to corner them into impeding their own users service experience, sure it gets the job done,but it’s simply not the right way of solving the problem. sacrificing liberty,efficiency and productivity in the name of security is the wrong approach. and to that end , I do not see any solutions to the problem you pointed out. I mean I’m sure a security professional you very well know nobody wants to hear you point out problems, they want to hear solutions from you.

    In summary, I don’t think your article is fair since it only points at what’s happening , not enough of why it’s happening. and does not provide a good solution to the problem.

    We live in a society where there are endless lists of laws,taboos,regulations and restrictions that exist just because someone or a group of people abused their liberty. in every aspect of society I observe liberties being sacrificed becasue of “so and so has abused this” , my question to you and your readers here is , do we really need to blame the person providing a good service for the abusive nature of it’s users? I don’t think that’s the right approach, of course an ISP is responsible for the activity that goes on it’s network , but for both data center and residential ISP there is a certain amount of privacy and liberty their users expect.

    The level of spam from an ISP is only relevant from the perspective of the responsiveness and efficiiency of the abuse department in question.

    is it fair to say IBM is the #1 spammer ISP if the next ISP down the list has a comparatively terrible abuse department with horrid response times? I mean are we all not smarter than considering raw numbers only? why are so many other relevant factors not taken into consideration in this ‘list” ?

    I hope you can read/consider my comment without offense, I only posted here out of respect for your blog.

    1. Ted

      “the softlayer platform has good reputation”

      Thanks for the laugh!

    2. Marilson

      Here are the facts, Michael, you unknow or deliberately left out:
      a) Spammers usually choose the hosts that hide them and protect them, as SoftLayer does.
      b) I’m just a victim reacting to this indecency and I know the spammers by name. They are the same for years. If an ISP say not know them is lying. As for the new spammers, just attend to complaints.
      c) This is the kind of question for which I have a lot of evidence. The denounce is not considered and they lie. You inform the name, domain and IP of spammer… they open a ticket and say… “the IP was suspended”. Three days later, the same spammer, with a new IP, is back. You denounce again, and again and again, and it’s useless. Without any doubt I can say that they are accomplices and protect spammers. Pure greed where the end – profit – justify the means – irritate people to the detriment of their anti-spam policies bogus.
      d) I know another similar point of view said by arms manufacturer: my gun does not kill who kills is who pulls the trigger.
      The fact is, for the good of truth, the softlayer platform has bad reputation and gives to users anonymity and protection that they need to the practice of crime, that is why spammers gravitate to it. Excuse me Michael due use your words reversing the context.
      Michael, to provide a good solution to the problem it’s necessary exactly what you’re condemning – another law. Criminalize spam. In the case of Softlayer the problem is not “the abusive nature of it’s users”, is the fact it refuses to suspend your customer and promote the increase of spam to enlarge the internet traffic.
      In fact the solution is very simple, just meet the complaints and fulfill its anti-spam policy

  22. Marilson

    Spamhaus was very condescending or confuses greed with carelessness.
    I’m committed to a crusade against ISPs and Registrars who are protecting and encouraging the spammers for increased traffic on the internet. I made several complaints with evidence to Softlayer and IBM. They refused to suspend the spammers denounced and their answers just incriminate themselves. I filed all spam, phishing, complaints, abuse-team tickets and answers.
    As a rule, besides to refusing to suspend spammer denounced, ISPs have reacted with anger and flooded my mail box with spam, phishing and viruses. In retaliation. All filed. Already received dozens of ticket, all the same, opening by abuse-team of the Enzu Inc. The champion in retaliation was the Lomadee/Buscape of Napster – 167 spam equal in four days.
    Of what use are those beautiful privacy policies and anti-spam that this company, hypocritically, flaunt on their own websites?
    No one needs to be an ontological hermeneut to interpret that reality. And without epiphany and without pride. The behavior of all this company passes an axiological dimension that leads us to a consideration of moral and ethical values of our globalized economy.
    The latest example came from Volkswagen – although controlled by the government (the Lower Saxony region) and by the private sector (Porsche family) proved to be a company run by sociopaths, where the end justifies the means, and the goal is profit at any price – “let’s cheat and try not to get caught”. And I’m not talking about damage to consumer health. I’m talking about premeditated attitude to deceive, to adulterate mechanism for transmitting false information to get more profit.
    Corporations have become so powerful that governments feel powerless. And this power has facilitated the loss of integrity, loss of ethics that was generated by common sense and good manners. The agenda is “cheat if you can, the only thing that matters is not to get caught.”
    This laissez faire nonsense of such company who consider themselves above the law is a reality that was very well portrayed by Volkswagen.
    Excuse my bad English.
    Greetings from Brazil

Comments are closed.