Earlier this week we mentioned that a range of IP addresses we use for mail delivery wound up on a level 2 blacklist operated by SPEWS.org. The entire "collateral damage" debate over the ethics of such tactics resulted in a long thread in our forums, numerous discussions in newsgroups, and a subsequent thread over at Slashdot. For the sake of keeping this dialogue in the open, we've posed a series of questions to the CEO of NAC.net Blake Ellman, who addresses the efforts his organization will be making to eliminate spammers from their network.

Our situation is certainly not unique. An exploration of the NANAE newsgroup shows this discussion has occurred literally hundreds of times over the years between SPEWS supporters and those impacted by their efforts. It was the center of a public (and rather ugly) dispute between the Something Awful humor website and SPEWS last summer.

The story generally goes like this: A provider makes it onto the SPEWS blacklist after SPEWS determines they've been hosting a spammer and have proven non-responsive to numerous complaints. A company representative or a disgruntled customer of said company finds their way to the newsgroups via the SPEWS FAQ. Participants there (SPEWS members don't identify themselves) suggest that the solution is simple; remove the offending spammers and the blacklist is lifted. In the opinion of the newsgroup residents, no other dialogue is necessary.

In our quest to resolve the situation to the satisfaction of all parties involved, we've decided to make our dialogue with our host public. Below is an interview with NAC.net CEO Blake Ellman.

BBR: SPEWS supporters argue NAC is being blacklisted (in part) because of their ongoing relationship with Pegasus Web Technology (considered notorious spam hosters by many), can you clarify this relationship?

Blake: Pegasus has been a customer of NAC for many years. Their business has changed in the last year to include a large number (1,500+) of low-end dedicated servers. I know the ownership of Pegasus well and I disagree that they are a "notorious spam hoster". A small percentage of their customers have spammed. In each case that I am aware of, we have notified them of their customer's breach and they have terminated service to that customer. Part of the SPEWS complaint is that Pegasus does not respond quickly enough to meet the "SPEWS Standard".

To my knowledge, there have been no spammers that have persisted as Pegasus customers ever. I would be happy to review any evidence to the contrary, and if I am wrong I will take corrective action with Pegasus which could include suspension or termination of services.

We have made it very clear to Pegasus (and our other customers) that we will not tolerate spam, and if they don't police and keep their customer base free of spammers their service will be terminated.

BBR: Why are the 11 or so ROKSO listed spammers, 3 of which the US Government is taking to court for Illegal activities, still able to use NAC.NET as a home? Also see this Spamhaus list used by forum members to suggest you "don't care". What's your response to the claim NAC is a "spammer friendly" organization?

Ellman: I am still in the process of researching each item on the list however I can report the following updates:

Since I received contact from you we have been in regular contact with Spamhaus and we have already had 3 of the listings removed. 2 of the entries were old or incorrect data, and 1 was a customer that was spamming that we were unaware of (his account was terminated). We are working on the other items on the list, and I expect to have the rest of them resolved within the next week.

BBR: One user in our forum says he "sees 1,970 listings in News.admin.net-abuse.sightings alone for NAC that they have done nothing about, after 1000s of complaints?" Legitimate question?

Ellman: It is a legitimate question, however they need to realize that we have tens of thousands of customers, so even if a very small number of our customers spam, we are going to receive many complaints. It is untrue for them to say "we have done nothing", we are in constant contact with our direct customers, and resellers and many accounts have been terminated due to spamming activity.

BBR: A comment from SPEWS alongside their listing reads: "Hey DSLR/BBR - maybe you guys can help clean up NAC? No one else has been able to." Thoughts?

Ellman: While I think the tactics of SPEWS are very unreasonable, this entire process has caused me to personally become more involved with the issue of spam, and I am very happy to work with others in the Internet community (even SPEWS) to help reduce spam on the Internet. This is a problem that causes major problems for all ISPs (including us). I welcome the chance to actually have some sort of conversation with SPEWS.

BBR: Can you elaborate on your past experiences with SPEWS? Have you engaged in successful two-sided dialogue with the organization?

Ellman: This is my main problem with SPEWS. It is very difficult to engage in any dialog with SPEWS. They have no phone number, no email address. According to their own FAQ Q41: How does one contact SPEWS?

"One does not. SPEWS does not receive email - it's just an automated system and website, general blocklist related issues can be discussed in the public forums mentioned above. Note that posting messages in these newsgroups & lists will not have any effect on SPEWS listings, only the discontinuation of spam and/or spam support will."

Another example of their ridiculous attitude towards communication can be found at A43 of their FAQ:

"If you are a spammer host, be prepared to be educated about the error of
your ways by the people who post here. And a word of warning, most of the people in these forums, like SPEWS administrators, have heard every excuse in the book - if making excuses; please be original. Do note that if you are still spamming or hosting spammers - it's probably best not to post any messages at all, it serves no purpose."

With this type of policy it is very difficult in engage in a any sort of two-sided dialog. They need to understand we have a large volume of customers and we do our best to try and police their activities, but there may be many occasions where we are unaware of something, or where we are simply delayed in taking action.

BBR: Are there any specific actions you'll be taking to assist us to resolve the blacklist issue?

Ellman: I am taking very specific actions to review all issues relating to us being listed on SPEWS and Spamhaus and being thought of as a "spam friendly" organization. I have discovered that there are several customers that have been involved in spam that I was unaware of. They have since had their services terminated.

I will be personally be taking a more active role to make sure that my entire organization is cooperating and investigating to the fullest of our ability to prevent and remove spammers from our network.

I was not personally aware of the Spamhaus organization, but now that I am, I am going to ensure that their SBL advisory list is checked on a regular basis to ensure we are investigating any of our customers that are showing up on their list.

BBR: Can you comment on how you approach spam complaints once received?

Ellman: Complaints are reviewed by our abuse personal. If the offense is committed by a direct customer, (such as a customer on one of our shared hosting servers) then we deal with them directly (which would include termination if appropriate). If they involve a customer of our customer, then we forward the complaint information on to our customer so they can deal with their customer. If our customer does not take corrective action with their customer, then their entire range of services (which may be hundreds or thousands of customers) would be threatened with suspension or termination.

We want to send out a clear message to the Internet community that we will not tolerate spam, and we are happy to work with any legitimate organizations that want to work with us in a cooperative fashion to help reduce spam in the Internet.

I would also make to make some additional comments:

Spam is a very large problem for us. In addition to the large hosting business that we run, we provide email services for many access customers (dial-up, DSL, T1, etc.). By my current estimates our email servers are receiving over 2 millions spam messages a day. It has caused us spend significant amounts of time and money to upgrade our mail systems and provide the maintenance to deal with the current spam epidemic we are all suffering from.

I abhor the typical criminal actions of spammers who steal resources of other people's mail servers and conceal their true identity with forged information. In addition I have serious problems with the content of many of the emails that they send. Besides the MLM, Scams, and other garbage, hard core porn is sent indiscriminately to all email address which potentially exposes many children to inappropriate material for their age, and gives the whole Internet industry a bad name.

We are one of the oldest (we are going on our 9th year) independent ISPs, still in business and we have a long tradition of cooperation and assistance both in our local area, and with the overall Internet community. Our reputation is very important to us. It is my goal to stamp out the perception that Net Access is a supporter and collaborator of spammers. I believe this can be accomplished by taking a more aggressive stance towards spam activity and communicating our beliefs to those in the anti-spam community.

We will not run and hide from this battle, but we will face it head on with both the spammers and anti-spammers.

---

In our efforts to ensure this is more community dialogue than one sided spin-control, we have spoken to Mr. Ellman, and he has agreed to field additional questions/criticism as they are presented below in our comments section. We will then publish the replies to those questions next week in a second interview.