Staff Reporter

"We've got a live spam here!" announced Aaron Higbee, a "network abuse administrator" at Earthlink Network Inc. in Pasadena. "This guy is sending batches of 40 messages every couple minutes. Like we wouldn't notice."

Higbee grabs the phone to call the spammer's Internet service provider. Within seconds, the account has been shut down. The sender tries to reconnect to the Internet, and Higbee's computer shows the "access denied" message now blinking on the mass e-mailer's computer screen.

"He'll be back as soon as he can open another account," said Lisa Hoyt, Earthlink's information security administrator. "All it takes is another credit card, another name or another way to sneak by us. This is a real cat-and-mouse game."

Higbee and Hoyt are spam catchers, Earthlink's frontline defense against the unsolicited commercial e-mail that floods customers' e-mail boxes. The vast majority of junk e-mail advertises pornography or get-rich-quick schemes.

Spam is more than just annoying, it's costly. Internet users have to pay the phone bill and sometimes their service provider for those extra minutes spent online wading through junk mail. Harder hit are the service providers, which, to keep customers happy, allocate manpower and equipment to fight spam, not to mention the wear and tear that mass e-mails cause to service providers' server computers. (Servers can crash when hit by a large incoming spam.)

"We've lost hundreds of thousands of dollars due to lost services, staff time and now legal fees incurred because of spammers," said Steve Dougherty, director of Internet operations at Earthlink. "Our server has to slow down to process the high quantity of mail, and nobody is happy."

The legal fees spoken of by Dougherty went toward Earthlink's victory in court last week against Philadelphia-based CyberPromotions Inc., one of the nation's highest-profile spammers. Earthlink won a $2 million settlement prohibiting the mass-marketing company from sending mail to Earthlink's 500,000 customers, setting a legal precedent in the escalating online spam war.

CyberPromotions defended its actions by citing a constitutional right to free speech, but the judge sided with Earthlink's charge of trespassing and misappropriating computer resources.

Spam is a growing problem for both Internet service providers and e-mail users. An America Online Inc. spokesman said that at any given time, up to 30 percent of its e-mail traffic is spam. For Earthlink, spam constitutes about 5 percent of its e-mail volume, down from 10 percent a year ago when the spam-catcher department was first officially launched.

Earthlink now has three full-time spam catchers and another half dozen or so employees who help out, allowing the company to monitor for spam activities 14 hours a day. Over the last year, Earthlink's spam catchers shut down 3,000 attacks. Dougherty said he hopes to hire three more full-time spam catchers to keep pace with the problem.

While there are software tools used to cut down on spam, the most effective means of patrolling is human monitoring.

"When we look for spam, we never look at the content of the e-mail. Instead, we look at the sending patterns of a spam mailing," Dougherty said. "So far, the best machines we have to recognize patterns are the human eye and human brain."

This means that the spam catchers spend the majority of their time watching the master e-mail logs scroll across their computer screens.

"Most of the e-mail we see goes only to a few recipients," said Trevor Hawthorn, another network abuse administrator at Earthlink. "When we see mail being sent to large groups, we obviously notice the clumps going by on our screen. If we don't recognize the header (the address from where the e-mail is sent) as a known spammer, then we check it out to see if it is a legitimate mass mailing, which a lot of companies do."

Legitimate mass mailings such as newsletters, press releases or corporate announcements are not considered spam because they are sent to a willing recipient list.

Hawthorn said that if he finds an Earthlink customer sending out spam, the account is immediately shut down for good. If the spam is sent out from another Internet service provider, he notifies a fellow spam catcher at that company so it can shut the account down from its end. A similar cooperative procedure is followed if an Earthlink member is caught spamming another e-mail service.

The next-most-effective method of catching spammers is customer complaints. Dougherty said his team spends time hunting down leads on spammers provided by disgruntled customers.

Not all spam defenses are of the low-tech, human-initiated kind.

Earthlink and other service providers also use high-tech means of deflecting unsolicited mass e-mails. Earthlink and most other providers have "relay blockers" that prevent spammers from shielding their identities by bouncing e-mail off another provider's computer system.

Bouncing e-mail works like this: a spammer sending from his AOL account, for example, could bounce his spam off Earthlink's server and then on to Compuserve customers' e-mail boxes. A Compuserve spam catcher would incorrectly conclude the spam came from an Earthlink customer rather than from an AOL customer. Because they effectively prevent such bouncing, relay blockers have become standard protection for Internet service providers.

Some spammers' headers such as "hot girls" or "Mr. Email" are so well known that they are immediately recognized by spam catchers. In those cases, systems can be programmed to recognize mail coming in under these names, and automatically return the spam to its sender.

"The headers keep changing, so we always have to look out for new ones," Dougherty said. "Spammers are like roaches: As soon as you get rid of them in one place, they'll swarm the house next door."

As an added deterrent, Earthlink levies a $200 fine to a customer's credit card if he is caught abusing the network by sending spam. The company has plans to increase the amount of the fine on subsequent offenses, going up to $500 for a second spam violation and $1,000 for a third.

"Some spammers consider the fine a cost of doing business." Hoyt said. "It's amazing. We busted one guy 26 separate times, and the next day he'd be back with a new account and a new mailing list."

Dougherty estimates Earthlink has recouped about $150,000 of its spam-related losses through the fines, pointing out that the company does not always successfully collect the $200 fine.

According to Earthlink's spam catchers, the only way to effectively end this problem would be through legislation. There is a grass-roots push to add a clause to the 1991 federal Telephone Consumer Protection Act, which prohibits junk faxes, to also prohibit junk e-mail. Until that happens, however, stop-gap state legislation is moving forward.

The California State Assembly Consumer Protection Committee approved unanimously last week a bill that would allow companies to sue spammers for civil damages. The anti-spam bill will also allow service providers to sue for $50 per piece of junk e-mail, up to a total of $15,000.

For reprint and licensing requests for this article, CLICK HERE.