In November 2008 the antispam community collectively cheered as the McColo ISP, a major source of the spam on the internet, was disconnected by its network providers effectively shutting it down.

At the time global spam levels dropped by about 75%.  Since then spam has steadily risen in volume and returned to similar levels again.  Some might wonder why more spam network shutdowns similar to McColo are not occurring again.

The problem is highlighted in a recent monthly report by a security vendor.

McColo has taught botnet owners a lesson.  Botnet control centres have become more distributed, spanning many networks in many countries. The loss of a big hosting provider today would prove only a minor inconvenience – as opposed to a major defeat – for spammers.

I’ve written in the past about the international nature of spam fighting.  Microsoft’s Terry Zink described the problem very well in an analysis of a spam message he received.

Here’s how it works: A malware author infects a machine in Canada (1) that relays spam to a machine in the United States (2), which contains payload that points to a machine in Spain (3) registered by a guy in the United States (4) using a registrar in France (5), which is resolved by a name server in the Czech Republic (6).

And thats not all.

The guy in Texas is using name servers that look like they are located in Russia, but they are not.  The one name server which resolves the spammy site is exploited (the one sitting in the Czech Republic) and then the top domain cn8.ru, sitting on a machine in China…

So for this one item of spam, which is probably one of many from an organized spam network, the authorities of Canada, USA, Spain, France, Czech Republic, Russia and China would all need to cooperate to shut the spam network down.

While there may be some international cooperation in place for spam it is nowhere near the level that would be required to beat that guy.  And if only one or two countries take action he can simply relocate those particular components elsewhere with little difficulty.

Any business waiting for “the government” to “do something” about spam is unfortunately going to be waiting a very long time.  Businesses need to take control of these risks themselves and put appropriate and effective measures in place to prevent spam from costing them time and money.

A good first step would be conducting an evaluation of antispam products.  Either evaluate an on-premises solution that you install on your own servers or trial a hosted antispam service.  Avoid the temptation to cobble together a freebie option that will be less effective and more effort to maintain in the long run.

Spammers may operate across borders at will, but you can stop them at your own network borders with a good antispam solution.