Spamhaus, an authoritative force against the unwanted e-mail that accounts for more than half of all mail sent on the Internet, sounded an alarm this week over the problem of Internet service provider (ISP) e-mail relays being used by spammers.
The so-called "proxy" spam -- which is sent by machines compromised by malicious software, sometimes without computer owners' awareness -- has long been considered a main culprit in spam proliferation. But Spamhaus's prediction this week that a spam meltdown will occur by mid-2006 has produced a backlash.
"I think that Spamhaus has been hyping what really amounts to a trick that allows spammers to take advantage of ISP mail servers, [which has] an equally simple fix," Basex CEO and chief analyst Jonathan Spira told TechNewsWorld.
Meltdown in the Making?
"[There is] no doubt that it is easier to block mail from PCs infiltrated by zombies which become servers in their own right, compared to an ISP's mail server. Although [Spamhaus official Steve Linford] wrote that we're on the 'verge of collapse,' there are many steps that responsible ISPs can take to minimize the impact of the new threat."
Spamhaus reported that the sources of spam are changing. The company said AOL was among the first ISPs to notice that 90 percent of spam was coming from other ISP mail relays.
The spam watcher blamed the problem on new versions of proxy spamware packages released by Russian spammers operating in the U.S., who can now reportedly instruct hijacked proxies to send spam via ISP mail relays.
Calling attention to the issue, Spamhaus warned that it foresees spam rising to 95 percent of all e-mail by mid-2006, at which point delivery systems, queues and filters would all become overloaded in a "slow meltdown."
Serious, But No Crisis
Spira, whose firm has estimated that spam costs businesses worldwide more than US$20 billion a year, said that zombies -- computers compromised by attackers and then used for spamming or other criminal activity -- were a significant reason for the spam problem. He added that the issue is serious in both the case of individual PCs that are assembled into so-called "bot armies," and in the case of more powerful, service provider e-mail relays.
However, Spira downplayed the Spamhaus contention that the rate and percentage of spam is climbing out of control.
"I disagree. I don't think we're going to go much further than where we are," he said, indicating that between 70 and 80 percent of e-mail is spam at present.
Spira said some AOL figures have had spam accounting for only 50 percent of its e-mail. He also disagreed with the Spamhaus warning that ISP proxy spam will be extremely difficult to identify.
"Stating that the new threat will make spam 'undetectable' is simply an overreaction," Spira said.
Substantial Spam Source
Ken Dunham, director of malicious code intelligence at
security firm iDefense 
, told TechNewsWorld that the
zombie issues raised by Spamhaus reflect a real spike
in the use of compromised machines and servers --
including those from ISPs -- used to send spam.
"This is not some unsubstantiated thing," Dunham said. "This is definitely how the game works. There are literally millions of computers that are completely owned by bot users."
Dunham said although they are less noisy than
computer virus or worm outbreaks, malicious programs
called Trojans and bots accounted for most of the
increased activity last year.
The security expert also indicated it would not be simple for ISPs to shut off access to the spamming on its servers without impacting legitimate customers and traffic.
"That's a tough one to track down, and good luck
trying to do that," he said. "It's complicated."
Talkback: 
