Spamhaus: ISPs Fighting Fraudulent Sign-Ups

Spam can be so frustrating that it’s often easy to forget that spammers, just like every other denizen of the Interwebs, need a place to hang their hats. Whether they’re looking for hosting solutions to create an email environment for spamming, or hosting botnets for the purpose of command and conquer tactics, spammers need a place to call home. But would it surprise you to know that some ISPs are reporting that every other signup is fraudulent?

That’s what the venerable folks over at are reporting, and the figure is a little disturbing, to say the least. Spamhaus, champions of the war against spam, regularly flags spammers, creates blocklists, and has even taken an active role in the takedown of some nasty botnets, such as the high profile shuttering of Grum earlier this year. The hard work of this organization as it fights the nasty blight known as spam cannot be overstated, and in their capacity as a watchdog and educator, the organization recently published an article on their site entitled “How hosting providers can battle fraudulent sign-ups.”

Fraudulent sign-ups – customers whose only intent is to spam and perform illegal activities – are most prevalent with ISPs who offer automated registration, such as cheap VPS and cloud hosting. Because they’re likely violating the ISP’s Acceptable Use Policy (AUP), these spammers fully expect to have their accounts suspended when the illegal activity is detected, and they typically use stolen credit cards or compromised PayPal accounts, Spamhaus reports. This, of course, allows them to avoid using their own funds and maintain anonymity.

Recent trends identified by Spamhaus through various ISPs shows that there’s something amiss.

They note that fraudulent sign-ups have increased dramatically in the past few months, with “some hosting providers report that 50% of all new subscriptions are fraudulent. They also point out that “no hosting company is immune,” from the very small to the very large.

The dramatic increase in recent sign-ups could suggest that there’s a new play out there, whether by existing spammers or some new faction. If that’s the case, what it is and how it will affect our inboxes remains to be seen. Then again, it could simply be that ISPs have gotten more efficient at detecting and terminating illegal subscriptions, but conspiracy theories are far sexier and go better with your morning coffee.

Spamhaus admits that it just doesn’t have the resources to take action through consulting or providing active abuse reporting. It does, however, want to help, and offers ISPs a few helpful tips that may assist them in detecting abusive activity.

Verifying personal information is a must. Even automated services can be configured to verify the user’s email address and phone number, which may go a long way in detecting the subscribers who have malicious or illegal intent. At very least, even if an ISP cannot provide this type of verification, it can certainly create a frozen account that won’t be activated until the new subscriber contacts the ISP to verify his identity. As Spamhaus points out, it’s much more difficult for crooks to use a phone number than an email address, and the risk of compromising his identity might be an effective deterrent.

The next natural step is to use a blacklist to record and identify abusive users by their identifying information, and use the blacklist to block abusers from signing up in the future. While it may seem like anti-spam 101, it’s conceivable that ISPs aren’t spending as much time as they probably should on maintaining a database of those who have violated their AUP. Spammers aren’t exactly the brightest lights on the Christmas tree, and as Spamhaus points out, they will probably trip-up when they try to re-enlist:

“Blacklisted customers often try to sign up for service again under a new name and postal address, but frequently do not change the email address and often attempt to sign up from the same IP address.”

Without a good AUP, ISPs are “open to legal threats when [they] terminate services to abusive customers or refuse to allow a previously terminated customer to sign up again. Spammers specifically seek out hosts with weak AUPs, or hosts who are known to be lax on spam/security issues.”

As wrong as it seems, criminals have rights too, and Spamhaus warns that an ineffective AUP not only gives the criminals the right to abuse an account, it also gives them the ability to sue if their service is terminated.

Spamhaus has other tips there, so click on over if you’re interested.

Written by Malcolm James


  1. Richard Ramirez · November 14, 2012

    Basically, ISPs don’t have that many options to detect spammers in advance. You can’t blacklist a customer only because you have the gut feeling he or she is a spammer. What was alarming was that there were spam-friendly ISPs. Probably now they are gone or at least their number has been greatly reduced and this is why spammers are looking for holes in other providers to fill the gap.

  2. Malcolm James · November 14, 2012

    I hope the spam-friendly ISPs are gone, but as long as there’s a buck to be made, there will be immoral people who take advantage.

  3. Becky Shatner · November 15, 2012

    When spammers are able to get through the deeper parts of the hierarchy, you know that the problem is on its way to be getting out of hand. Though I definitely salute the efforts of all the Internet service providers, the story also leaves me gravely concerned. Just imagine if at least one or two of these ISPs fall to a few of these sign-ups, and the smart hacker or scammer is able to break in to the system. That basically leaves all other member accounts vulnerable to phishing and more spamming. Of course, these scammers mean a huge financial loss for ISPs.

  4. Amanda Spencer · November 17, 2012

    I also commend the efforts of these ISPs. I know it’s scaring them shitless. I for one am frightened having learned about this. If these ISPs, which are known for their incredible technologies and security (I hope), are susceptible to them, then what does that make me? It also makes me think that this is just the start. They will do more in the future, and their actions may eventually cost these business millions and a lot of accounts at a huge risk of being stolen and used for evil purposes. Yes, I may sound so morbid, but hey, isn’t spamming and phishing getting worse?

  5. Amanda Spencer · December 3, 2012

    Hmm.. any update on this? It seems like I’m the last one to comment here, so I’m wondering if I am the last one to truly care about this. I’ve been searching for some news related to this but couldn’t find any. I really hope that ISPs are able to deal with this issue effectively and quickly. Otherwise, I may have to think about ending my contract with an ISP for a while until this gets resolved. I don’t think I can risk the possibility of having my personal information stolen and be used by cybercriminals.

Leave A Reply