The most trying part of Louis Rush's job is confronting scofflaws, some of whom are hardened criminals, to inform them they've been caught. Often defensive, sometimes cocky, these would-be felons threaten Rush and dare him to stop them. "I already have," is Rush's response, as he cancels their account with ISP EarthLink.

Rush, an investigator with EarthLink's abuse team at the company's headquarters in Atlanta, wields the power to disconnect spammers and other offenders from their lifelines by canceling their accounts. Rush learns about abusers from complaints submitted to EarthLink's Web site; from computer logs that show how many e-mails users sends out at once (an excessive amount is a telltale sign of spamming); and even from federal investigators, in the case of offenses such as fraud or child pornography. His job is to contact suspects over the telephone, if possible, alert them to the problem and determine whether an account should be cancelled.

Rush has spent his career working for ISPs, originally in the technical support department of now-defunct SpryNet in his hometown of Seattle. A series of company acquisitions landed him at EarthLink, where he's been for two years.

"Network abuse has always been an interest of mine," Rush says. Unlike his brother, a cop in a small Texas town, Rush chose a career keeping the peace on the Internet. At 31 years old, he feels like he's heard it all.

The customers he contacts come up with all sorts of responses when told of a complaint, ranging from denying the charge to claiming entitlement. "You'll get someone who says, 'I have a constitutional right to do what I want,'" Rush says. "Fine, just not on our network."

Sometimes they just hang up and never log on again.

Spam and phishing have become such headaches for ISPs that most major providers have established an abuse team to monitor users' behavior. With spam accounting for as much as 70% of the traffic on the Internet, ISPs such as EarthLink have begun trying to take control by monitoring the e-mail flow going out of their networks and filtering the messages coming in.

Often suspected spammers are clueless of the network abuse they're committing. Maybe a virus took over a customer's PC and secretly started blasting spam, or perhaps a computer-addicted teenager holed up in his bedroom is sending out bulk e-mail, unbeknown to his parents. "I usually ask if there's a young male in the house," Rush says.

A short conversation with a suspected abuser often reveals whether spamming was intentional. If it appears the user's PC is infected with a zombie, Rush will offer instructions for cleaning up the computer. If the customer becomes defensive or abusive, that's usually a sign of a spammer. While sending spam is not against the law in most cases, it does violate EarthLink's use policy; not only can Rush terminate the account of a spammer, but he can also charge a $200 cleanup fee.

Yet canceling a spammer's account doesn't always solve the the problem. Serial spammers who have been kicked off the EarthLink network once will often jump back on, creating as many as four or five fraudulent accounts per day using stolen credit cards. This elevates the abuse from nuisance to fraud, which is a federal offense.