O'Reilly logo

Spam Kings by Brian S McWilliams

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Shiksaa and the Pink Contracts

One morning in late October 2000, Shiksaa's phone rang, and the twangy New Orleans voice of Rokso-denizen Ronnie Scelson was on the other end of the line. Shiksaa had exchanged instant messages with him several times in the past. Scelson had dropped out of school after eighth grade, and it showed in his messages, which were full of misspellings and tortured syntax. But Scelson had the gift of gab and a rare trait among junk emailers: a tendency to tell the truth about his spamming tactics. So despite her revulsion for his line of work, Shiksaa found herself enjoying their online and telephone conversations.

"How would you like to see a pink contract?" Scelson asked her cheerfully that morning.

Taking its name from the color of the Hormel luncheon meat (and thus from spam), a pink contract was a tacit deal by ISPs to allow spammers to use their networks as long as too many complaints weren't generated. Scelson had previously boasted that big ISPs, despite their public posturing about opposing spam, were perfectly happy to provide services to him and other high-volume bulk emailers. Indeed, the previous June a spam fighter had reported on Nanae that a supervisor at AT&T admitted that the big company did business with spammers. But spam opponents had no hard evidence to prove the existence of such deals.

That was about to change with Scelson's offer to Shiksaa. He said he had a copy of a pink contract signed in February between AT&T and Nevada Hosting, a Delaware company run by one of Scelson's partners in spam. The contract would show, he promised, that AT&T was aware that Nevada Hosting would be providing web sites to spammers and that AT&T had agreed to look the other way.

Shiksaa was wary of Scelson's generosity and suspected there were strings attached. The previous April he had tried to blackmail anti-spammers into leaving him alone. If antis didn't back off, he threatened, he would give away his custom-made mailing program to other spammers for free. He claimed the program was able to squeeze messages past filters at AOL and pump spam out onto the Internet at the rate of eight million messages per hour.

"I would much rather find a way to work together than have this software all over the Web. Due to its power I've never sold it or given it away, but if the antis play unfair then so will I," Scelson had threatened.

When Shiksaa asked Scelson why he was willing to leak the AT&T pink contract to her, he told her the big ISP had "screwed over" Nevada Hosting—and, indirectly, him—by canceling the deal early and yet requiring that Nevada Hosting pay the remaining balance. Scelson's revenge would be to expose AT&T's secret collusion with spammers, and he could think of no one better than her to do it.

After Shiksaa agreed to examine the contract and share it with other Spamhaus volunteers, Scelson faxed it over. The one-page document had a title across the top that read, "Agreement Concerning the Operation of Bulk Hosted Web Sites" and was signed by a general manager at AT&T. Under the arrangement the two parties mutually agreed that Nevada Hosting would not send any spam through AT&T's gateways and that doing so would result in termination of services. But the contact specifically stated that AT&T knew Nevada Hosting would be operating web sites "spammed from other gateways" and that it would not terminate Nevada Hosting for hosting such sites.

Finally, anti-spammers had the smoking gun they needed. Shiksaa placed the contract in her scanner and made a digitized file of the document. Then she attached it to an email message to Linford. The next day, October 31, Linford put the contract up at the Rokso section of Spamhaus.org and sent email to AT&T's abuse department notifying the company that he was making the information public.

"This fax proves that AT&T knowingly does business with spammers," he stated, and requested that his message be forwarded to AT&T management. Linford also posted a copy of his letter on Nanae.

Within twenty-four hours, word of the pink contract was making front-page headlines at CNET.com and other technical news sites across the Web. In the articles, an AT&T spokesman tried to explain away the legal agreement as an aberration, stating that it was inconsistent with corporate policy and the work of a rogue salesperson. In a message on Nanae, a company official assured spam opponents that AT&T was making efforts to ensure that such deals never occurred again in the future. But the pink contract proved an embarrassment for AT&T as it propelled Spamhaus into the limelight for the first time. (While most of the news accounts quoted Linford, there was no mention of Shiksaa or Scelson, or how Spamhaus came into possession of the contract.)

Just as the furor over AT&T began to die down, the story gained new legs. An anti-spammer provided Shiksaa with a copy of a contract between top-tier backbone provider PSINet and a Scelson-run spam service called CajunNet. To Shiksaa and her cohort, this second contract was even more revealing of the profit-driven, backroom deals between ISPs and spammers.

Virginia-based PSINet, struggling financially at the time, had agreed to sell CajunNet a high-speed DS3 line, capable of data speeds over forty times greater than a cable modem or DSL line. The contract said CajunNet would use the line to send commercial emails "in mass quantity," with the exception of ads for pornography. In addition, PSINet would not be required to handle any complaints of spams originating from CajunNet's leased line; instead, the big ISP would forward all complaints to CajunNet. In recognition of the deal's high risk, CajunNet agreed to pay PSINet a nonrefundable deposit of $27,000.

Armed with a big pipe such as a DS3, a bulk emailer could pump out devastatingly large amounts of spam in a short time. Chickenboners who routed their spam through proxies and open relays were limited to sending a couple million emails per day. But with a dedicated DS3 circuit, a big-time spammer could crank out over 200 million spams in a twenty-four-hour period without breaking a sweat. The price was steep, however: Scelson reported to Shiksaa that he paid $40,000 per month for a DS3 circuit.

Shiksaa knew she could blow another spam-friendly ISP out of the water. But she and Linford were hesitant to publicize the PSINet contract. For one thing, the document was not signed, so there would be questions about its authenticity. Secondly, the spam fighter who obtained the contract admitted he stole it from one of Scelson's PCs. As Shiksaa understood it, Scelson had configured the computer to allow file sharing with others on his network. Using a Microsoft Windows command called Nbtstat, the anti-spammer was able to view the remote machine's networking apparatus over the Internet and proceeded to access its hard disk. (Shiksaa had learned how to use Nbtstat as a tool for viewing the names spammers had assigned to their computer networks, but she felt it was unethical to go the extra mile and access files left exposed by the spammers.)

Shiksaa couldn't bring herself to tell Scelson about how she got the CajunNet-PSINet contract. So Linford decided to provide a copy to a reporter and see whether he could confirm its authenticity. Amazingly, both the ISP and CajunNet fessed up to the deal. PSINet issued a statement that blamed the contract on a junior salesman who overlooked the company's network abuse policy. And a CajunNet spokesman freely admitted that the company was a bulk emailer and previously had contracts with AT&T, Sprint, and UUNET. Seeing blood in the water, other news outlets picked up the story. Most quoted a letter Linford had written about the incident in a message to SPAM-L, an email list for discussing spam: "I think the ISP community as a whole needs to reexamine its ethics."

Pink contracts, however, would remain a big source of income for ISPs. In 2004, deals with known spammers would earn UUNET (renamed MCI Wholesale Network Services) the top position in Spamhaus's list of the most spam-friendly ISPs.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required