Quick fix is no fix for spam

My cable modem provider, Charter Communications, responded to the Blaster virus last summer by turning off UDP on the network. Sure, this stopped the Blaster virus from spreading on its network. But in Charter’s infinite wisdom to protect me from the viruses, the company also disabled my Trend Micro virus-protection software’s ability to update itself over the network.

Every time I see a government official or someone on CNBC talk about improving U.S. productivity, I immediately think of the obvious solution – find a way to stop spam, and you’ll see productivity increase tremendously.

I’m not advocating a governmental or legislative answer; what we need is a technology breakthrough. But what we’re getting are quick fixes that might create more problems than they solve. What I’m specifically against are the easy, blanket answers to which many large providers resort because they can’t move fast enough to really deal with the problem in a more technically advanced way.

Take Time Warner’s Road Runner service. I’ve had problems with Road Runner blocking various domains associated with some of my clients. Road Runner says it uses outside lists to manage its spam attacks and even offers up whitelists it accesses to find legitimate e-mailers. However, Road Runner also will block ranges of IP addresses from ISPs that have allowed spam to come from any server in their subscriber base. That definition of “spammer” pretty much covers every ISP in the U.S.

My company uses two ISPs, InterNap and Media3, and both have the same problem with Road Runner: They are regularly being classified as spam sources, and they have to undertake about a two-week process to get the specific IP addresses of non-spamming clients cleared up. And in that time frame, no e-mails from any of the IP addresses in their IP ranges can get through to Road Runner subscribers.

Right now, we’re having to work through just this issue with Road Runner to get e-mail turned back on so we send e-mail on the Road Runner system. So despite its claim to a high level of sophistication, Roadrunner takes the “throw the baby out with the bathwater” approach by cutting off the ISP and the IP range altogether. This Road Runner problem hits us every two or three months, and each time it takes two weeks to resolve. The most irritating part about all this is that Road Runner does not notify the sender that it is deleting the inbound e-mails; it just sends an admin-class e-mail to the originating server, so you never know your e-mails are not arriving.

The same problem exists with network-based virus protection, something we all agree we need. My cable modem provider, Charter Communications, responded to the Blaster virus last summer by turning off User Datagram Protocol (UDP) on the network. Sure, this stopped the Blaster virus from spreading on its network, because the Blaster virus used UDP to find other potential hosts across the network. But in Charter’s infinite wisdom to protect me from the viruses, the company also disabled my Trend Micro virus-protection software’s ability to update itself over the network. So I found myself cut off from Internet resources with no notification and no clue why.

At some point, such an approach crosses the line from being a valid response to a problem to interfering with business. It’s one thing to cut off the ability to send out blasts of e-mail, but another to stop all other e-mail. The same is true with turning off protocols to deal with viruses.

Such actions substantially affect business operations and cause financial damage. Until recently, there’s been some degree of tolerance, as people recognize the overwhelming issues involved in dealing with the sheer volume of spam and viruses. But it’s time to force those who claim to be protecting us from spam to apply the same principles internally. Yahoo would scream all sorts of things to Washington if AOL decided to cut off all e-mail from Yahoo subscribers on the grounds that one Yahoo server was sending out spam.

This is a class-action lawsuit waiting to happen. ISPs cannot indiscriminately throw away e-mails – e-mail is too important. Those practicing such sweeping solutions need to reassess the impact they are having or be ready to defend against a range of legal action.