The incident illustrates a growing problem on the Net: figuring out how to filter spam without thwarting what some users called legitimate email communication. (Spammers disagree with that assessment.) In this case, users became frustrated when the Hotmail email was refused.
Free email providers such as Hotmail increasingly have become tools for spammers, largely because it is so easy to sign up for accounts. That comes despite reminders that the services are not "anonymous" (IP addresses are attached to outbound messages, for instance) and despite promised enforcement of any violations. To compound matters, when the email is forged, as occurred in this case, it is hard to control, the companies concede.
Late Friday, Netcom started seeing a "huge influx" of unsolicited messages from the "hotmail.com" domain, many of them destined for America Online members, according to Craig Clemens, vice president of operations for the national ISP. But he said AOL didn't accept the spams for some unknown reason, so they started piling up on Netcom's computers--one of the midway points on the mail's delivery route. Because they couldn't be sent, the messages were queued, creating a load on the Netcom system. (AOL didn't return calls seeking an explanation on its end.)
"The only way we could keep this from becoming an 'event' was by blocking incoming mail from Hotmail," Clemens said. "We were getting stuck in the middle." The blocking was confined to so-called "shell users," an estimated 15,000 Netcom dial-up customers who aren't directly connected to the Internet, he added. By Monday morning, "everything was stabilized" and Netcom removed the block on emails from Hotmail.
But some users were angry. "Netcom shell users cannot receive email from addresses in the 'hotmail.com' domain," complained one to CNET's NEWS.COM. "They have failed to let users know if any other domains have been banned. I have legitimate contacts with Hotmail addresses and have had to set up alternative ways for them to contact me. My main gripe is that I had to find this out by mail being refused and people complaining to me."
Netcom's Clemens said other domains had not been blocked and that last weekend's spamming helped make the ISP better prepared for similar incidents in the future. He considered the episode a success compared with past incidents because its network didn't get overloaded, slowing down service for everyone.
Hotmail and Netcom executives both confirmed that, in this case, the email was forged. Hotmail will investigate the matter and close the offender's account if necessary, said Rex Smith, its chief operating officer. "We're working hard to catch up with them."
The company routinely investigates such matters, which includes sharing the log files with ISPs if necessary to catch the perpetrator, he added. Remedies include closing the account and notifying law enforcement authorities if any crime is suspected.
Hotmail recently drew complaints about junk email from a pornography site that bore a Hotmail address. That too was deemed a "spoof," Smith said, and the account was closed.
Other free email services are coping with this problem, which comes amid a rapid growth spurt in the market. "There are cases where a person spamming or sending junk email doesn't use NetAddress but sets the 'reply-to' field in their mail software to point to a NetAddress," says a posting on that company's Web site. "We have limited control in these cases, but we will investigate the 'reply-to' address to evaluate if this subscriber is the true sender of the spam."
But Smith conceded: "Right now, most of the measures are reactive. There is more technological expertise that needs to be brought to bear" and perhaps legal remedies. The Federal Trade Commission has said it will crack down on spammers who are deceptive in their messages as well.
Some ISPs think they have a technical solution to help: Get the free email services to add specific header information that can be added only when their servers process the mail. If the mail doesn't have the ID from their servers, it can be rejected. They hope that the services can work with email and software companies to form a standard, but that takes time and money.