From: Sheeman, Frank
Sent: Tue 8/31/2004 12:29 PM
To: McCormick, Jonathan S.; Caulfield, Tim
Cc: Mori, Jim; Costantino, Dale; DiMemmo, Vincent; Bertier, Don;
Kistler, Kris; Hoff, Debra; Grabow, Lou; Moran, Caryn; Hancock, Bill;
McCormick, Rob
Subject: Blockage/black listing of Savvis.net by anti-spam
organizations
Email from Savvis.net is now blacklisted by Spews and other anti-spam
organizations. This is being done as part of a campaign in the
anti-spam community to force Savvis to fire all customers engaged in
email marketing. Many email administrators use the blacklists from
such organizations. The effect is that email from any Savvis.net
address (e.g. Jim.Mori@savvis.net or support@savvis.net ) will be
discarded by the email servers at that organization. Usually the
sender receives no response and the intended recipient has no
knowledge that the discard occurred.
There is no easy resolution to this issue. The role we are playing is
quite similar to the role Sony Records plays in the recording
companies versus Napster et al. Being right or wrong is not
necessarily relevant to the debate. Lou Grabow's organization is
working with me and my Infosec/Abuse team to manage this issue.
Our potential strategies and outlook:
1. Contact our customers and prospects to get them to white list
Savvis.net.
a. This may be the only feasible option.
b. This opens a conversation thread that will be very difficult to
manage positively.
c. Lou Grabow is working with my team to draft such a notification.
2. Fire the customers as Spews et al wishes.
a. While our AUP gives us some power to do this it could develop
into breach of contract issues.
b. It is not clear that even a mass firing would satisfy Spews.
c. Revenue loss ranges from $250k MRR to $2 million MRR depending
on judgments about where to draw the line.
3. Frequently change the IP address under Savvis.net.
a. This is whack-a-mole. As fast as we change IP addresses the
blacklisters will update their lists.
b. This could lead down the negative publicity path.
4. Legally pursue Spews, et al
a. Spews is a volunteer vigilante organization with a diffuse
international existence. While the actions most probably involve
libel, blackmail and interference with a contract there is no clear
target for legal action. Caryn Moran in legal is working with us on
this issue.
b. Again, whack-a-mole. Even if successful we would receive
substantial negative publicity and other elements would quickly
emerge.
Related: While this message deals with the immediate issue of the
blocking of Savvis.net email, Spews is also overblocking customer IP
space. This causes innocent bystander customers to find their ip
space black listed. Overblocking is particularly problematic in our
Dallas, Orange County, and Miami IDC's. Spews is doing the
overblocking intentionally as a means to generate customer pressure on
Savvis. Spews response to innocent customer complaints is to advise
the customer that the block will not be removed and that they should
^Óchange their ISP.^Ô Spews does not work with Savvis representatives.
Background:
Savvis hosts a number of customers in the email marketing business
including customers such as Sheck Media, High Performance
Broadcasting, Bluestreak, Subscriberbase, etc. The top 10 alone
represent approximately $200k MRR. Overall the business brings in
$250k to $2million MRR.
There exist a number of volunteer antispam operations (eg Spews,
Spamhaus). Many of these organizations do not distinguish between
legal email marketing operations and the many illegal spammers using
stolen bandwidth, hacked servers to market questionable and/or illegal
propositions. Their goal is to eliminate any form of advertising or
3rd class mail from the Internet. To the best of our ability to
monitor, our customers in this business, email marketers or spammers
depending on your viewpoint, operate entirely with the law (CanSPAM)
and the relevant stronger FCC guidelines.
My abuse organization manages complaints and helps insure that
customers are well disciplined.
The current policy was set by Rob McCormick a few months back. Any
change to that policy will involve Rob's approval. However, at this
point in time, there is no obvious effective change to resolve the
issue. Meanwhile, Lou Grabow's team and my Infosec team will
cooperate to manage the issue.
Contacts:
1. Frank Sheeman: VP Security Services
2. Don Bertier: Sr. Director Security Operations
3. Kris Kistler: Director, Infosec
4. Debra Hoff: Abuse Team Lead
5. Bill Hancock: VP Security Practice and Strategy, Chief Security
Officer
Frank W. Sheeman, CISSP
VP, Security Services
Savvis Communications
frank.sheeman@savvis.net
(512) 231 9984
(512) 633 3864 Mobile