This author has spent many years chronicling the exploits of black hat spammers who use hacked computers to relay junk email. But I’ve dedicated comparatively little time delving into ways of email marketers who technically follow U.S. anti-spam laws yet nevertheless engage in spammy practices. The latter is able to ply their trade because there are thousands of Internet hosting companies operating on thin profit margins that are happy to host spammy but lucrative clients. This is the story of how one hosting company heroically kicked out all of its email marketing customers at great expense and ended up building a stronger, more profitable company in the process.
A serial entrepreneur as a young teenager, Peter Holden founded several online companies by the time he turned 20 and started Tulsa, Okla.-based hosting firm HostWinds. The company grew modestly but steadily — relying on more than two dozen servers and bringing in revenues of about $15,000 per month.
That is, until Holden got his first email marketing client who offered to double HostWind’s monthly income in one day.
“I remember driving down from Tulsa to Oklahoma City to visit this client,” said Holden, now 25. “It was July 2012, and it was super hot in the car because I didn’t have air conditioning. But I remember thinking it was really cool to have a client who was local and interested in using our services.”
That one client’s business would not only double HostWind’s income, but it gave the company much-needed funds to invest in building out the firm’s technical infrastructure. Good thing, too, because the email marketing client soon referred more e-mailers to HostWinds, which was forced to petition the American Registry for Internet Numbers (ARIN) for thousands of additional Internet addresses to accommodate its new clientele.
“Fast forward about two years, and we now have a lot of mailers on our network,” Holden said. “Throughout all of this, one client introduced me to another client, and another.”
All of them swore up and down that they were following U.S. anti-spam laws to the letter. The CAN-SPAM Act was intended to make it more expensive and difficult for email marketers and spammers to send unsolicited junk email, but critics say it is essentially toothless and rarely enforced. Under CAN-SPAM, commercial emails can’t be spoofed (i.e., the address in the “from;” field can’t be faked or obfuscated), and the messages must give recipients a simple way to opt-out of receiving future missives.
“Legally speaking, we didn’t have any client on our network who broke the law. My dad was a lawyer and we’d routinely terminate anyone who violated our policies,” Holden said. “Ultimately, I think the fact that these clients were able to pay their bills on time — and their bills were massive — gave them some sort of air of legitimacy.”
HOW MANY SPAMS CAN A SPAMMER SPAM IF A SPAMMER CAN-SPAM SPAMS?
From the perspective of anti-spam groups, the main problem with the CAN-SPAM act is that it doesn’t require marketers to get opt-in approval from people before spamming them. Also, many large-scale junk email operations are not too dissimilar from spam campaigns run by cybercrooks — except instead of routing the mail through PCs that have been seeded with malware, commercial emailers send email from huge numbers of distinct Internet addresses that they rent from a vast network of hosting companies. Continue reading
![The Web site exposed[dot]su featured the personal data of celebrities and public figures.](https://krebsonsecurity.com/wp-content/uploads/2013/09/ssndob-tor.png)
