Best Practices Spamhaus Responds To SoftLayer’s Brazilian Problem By Ken Simpson | 3 minute read Spamhaus, the world’s leading IP reputation advisory service, today released an analysis of an ongoing spamming issue at IBM’s SoftLayer web hosting subsidiary. According to Spamhaus, spammers have been targeting weak security measures at SoftLayer to obtain large numbers of IP addresses from which to send spam targeting Brazilian recipients. As a result of the spamming activity, Spamhaus has listed several hundred IP addresses owned by the provider under the common heading “Massive source of malware-distribution spam”. Spammers routinely target web hosting providers like SoftLayer in an effort to obtain new resources from which to send spam campaigns. As Spamhaus and other IP reputation outfits block the offending IP addresses, spammers are hard at work exploiting any weaknesses in the provider’s security posture to obtain more. In the present situation, according to Spamhaus, the provider is not doing enough to get ahead of the problem. In Spamhaus’ own words: We believe that SoftLayer, perhaps in an attempt to extend their business in the rapidly-growing Brazilian market, deliberately relaxed their customer vetting procedures. Cybercriminals from Brazil took advantage of SoftLayer’s extensive resources and lax vetting procedures. In particular, the malware operation exploited loopholes in Softlayer’s automated provisioning procedures to obtain an impressive number of IP address ranges, which they then used to send spam and host malware sites. Why do spammers love large web hosting providers? SoftLayer is certainly not alone in being targeted and successfully exploited by spammers. Spamhaus lists the top ten “spam support networks”, and among these are major web hosting brands such as BlueHost (unifiedlayer.com) and SoftBank. Why do these networks have such a difficult time stamping out spammers? Many of the larger providers perceive that there is nothing they can do to prevent or block spamming activity without spending millions on infrastructure, or sacrificing the self-signup processes and reseller channels that enable their continued revenue growth. In order to maintain existing customers, organizations must pay attention to abuse from spammers, lest they risk feeling the wrath of organizations like Spamhaus who – through their widely adopted blocklist advisory data – can prevent email delivery to most of the Internet. But until the wrath is felt, many providers choose to put off any spending to solve the problem. This is a market failure that must start to be addressed by large hosting providers. What can providers do to stay ahead of spammers without sacrificing revenue? Fortunately, solutions exist and are cost effective. That wasn’t always the case, but innovation by companies like MailChannels is enabling even large providers to deploy scanning technology at-scale across their entire network to detect and prevent outgoing spam. For example, MailChannels Transparent Filtering software can centrally examine up to 30M messages per hour on a single node. A deployment involving less than $100,000 worth of server hardware can inspect multiple gigabits of outgoing email traffic originating from tens of thousands of servers. Software license costs are reasonable and tailored to provide an excellent return on investment by reducing the consequences of IP blocklisting, government investigations and the like. MailChannels is working hard to get the word out, and we are hoping that blog posts like today’s post by Spamhaus will encourage senior web hosting executives to finally allocate some budget toward technical solutions to outgoing spam. If the entire industry begins to see better outbound email security as a strategic advantage (reducing the problems associated with outgoing spam improves customer satisfaction and reduces churn), we may collectively start to get an edge on spammers, which would be a huge win for the Internet.