AT&T admits spam offense after contract exposed

The company acknowledges that it violated its own spam policy by providing Web-hosting services to a purported sender of unsolicited commercial email.

Paul Festa Staff Writer, CNET News.com
Paul Festa
covers browser development and Web standards.
Paul Festa
3 min read
AT&T acknowledged Thursday that it had violated its own spam policy by providing Web-hosting services to a purported sender of unsolicited commercial email.

The admission came after an English anti-spam organization publicly posted what it termed a "pink contract" between AT&T and the alleged spammer, Nevada Hosting. AT&T had been hosting the group's Web site.

"This proves that AT&T knowingly does business with spammers and shows that AT&T makes 'pink' contracts with known spammers to not terminate the spammers' services," Steve Linford of The Spamhaus Project wrote in an email interview.

AT&T confirmed Thursday the authenticity of the contract and said it had been discontinued.

"That document represents an unauthorized revision to AT&T's standard contract and is in direct conflict with AT&T's anti-spamming policies," wrote AT&T representative Bill Hoffman. "The agreement has been terminated, and the customer has been disconnected."

AT&T's spam policy specifically rules out contracts like the one it signed with Nevada Hosting.

Nevada Hosting could not be reached for comment.

Anti-spam groups have long suspected the existence of pink contracts that allow spammers to promote their Web sites provided they send their unsolicited emails through other Internet service providers, according to Linford. The AT&T contact confirmed those suspicions.

The Spamhaus Project's success comes as anti-spam groups increasingly bypass spammers themselves and instead target those who facilitate the dissemination of unsolicited commercial email. Those groups--mostly ISPs and server administrators--are relatively few and are easier to hold accountable than spammers.

Meta Group says spam, like junk mail on paper, is an annoyance that people will have to live with. However, Meta Group research shows that spamming is not effective marketing and can alienate customers.

see commentary

Another such pressure group is the Mail Abuse Prevention System (MAPS), which maintains the Realtime Blackhole List (RBL). The MAPS RBL blacklists servers left open to abuse by spammers. While the group's stated goal is to pressure server administrators to close avenues for spammers, the MAPS RBL has weathered criticism that it has limited effectiveness in actually blocking spam.

The Spamhaus Project, based in London, positions itself as kind of spam Purgatory on the way to the MAPS RBL. Spamhaus targets entities that send spam with forged addresses and the ISPs that do business with them.

"When it finds a 'stealth' spamming service, or an outfit selling stealth spamware, The Spamhaus Project sends a notice to the ISP and requests the service or site be terminated," Linford wrote. "Ninety-five percent of spam sites are terminated this way, and those that aren't are then escalated to the MAPS RBL team.

"MAPS are very much our heroes."

AT&T representatives have taken to Internet discussion forums in an attempt to placate spam foes and reassure them that the company's stated anti-spam policy will be enforced in future contracts.

"Our sales agents have been instructed as to the correct procedure to follow and have been reminded of our existing anti-spamming policies," AT&T customer care manager Ed Kelley wrote in a posting to the "news.admin.net-abuse.email" newsgroup. "AT&T is making every effort to ensure that this does not occur again in the future."