The Customer Perspective: Blacklisted

It's not just newbies who are victimized by net-dwelling viral nasties. Consultant Max Smetannikov, who has been covering the ISP space since 1992, shares a disturbing tale of infection with career-compromising consequences.

by Max Smetannikov [April 2, 2004]

My job is doing fundamental research into disruptive business processes aided by technology. In other words, I am one of those industry analysts reporters call when they need to interpret an event, and I am online a lot. I had no idea I was about to set off what appears to be an irreversible chain of events when upon departing for a family vacation to Moscow I stuck my laptop into my bag, on an odd chance I'd have to write something.

It started pretty innocently: The long-term rental where we were staying was being connected to broadband. Since 90 percent of residential real estate in Moscow consists of multitenant units—9 to 16 story apartment buildings—the most common way to get broadband is through a building LAN. In a way, this is a swell setup; for something like $10 a month you get an RJ-45 jack put in, and you are off to the races.

The two guys who were putting the fat pipe in explained their roles as being a software engineer and a hardware installer: the hardware guy came with a drill. Upon seeing my laptop they asked if it had virus protection. "Sure," I said, I've got Norton. "Is it up to date?" they asked. I assured them I don't want them installing anything on my laptop. In an hour, I was browsing at 10 Mbps. What I didn't know that other people sitting on this LAN were probably using every hacker tool imaginable to break into my machine.

Upon arriving back to D.C. I hooked up my machine to the family cable modem and got to work. Things were moving slowly after the holidays so I was putting in long hours, and one night in January I was too tired to switch the laptop off.

The guy who manages all analysts at my firm e-mailed me the next morning. I probably should digress and mention that I hardly use the phone anymore, and neither does anyone else in tech-heavy industries like IT and telecom. E-mail has effectively replaced fax and voice, and is the main vehicle for me to gather information. Telephone conversations are now called "live" information exchanges, and are carefully scheduled.

"Max," the e-mail read. "Our tech guy says you are blacklisted with most international spam engines. You should probably look into this."

Just why I should look into this dawned at me a couple of days later. A startup that I have been studying for a couple of months stopped returning my e-mails. Let me qualify that—the spam filtering software that they had installed would return my mail with a curt note saying that my kind of netizens were not welcome there.

That's when I got the first call from the Comcast, the friendly local cable monopolist that supplies my suburban D.C. homestead with broadband. "We have registered several instances of you spamming," said 'Dave.' One more strike, he said, and you are out.

Wow. Now not having broadband in the house would basically mean I would have to live at a local Starbucks or alternatively commute into downtown Manhattan every day—from Maryland. Neither prospect sounded even remotely realistic.

Changing ISPs was not an option: I am too far away from the central office for DSL, and satellite uplink or putting in ISDN or a T1 for residential use is considerably more expensive than a cable modem. Changing my e-mail address was also not an option—it has almost as much brand equity as my name—plus it's not the e-mail, it's the IP address sub-mask assigned to me by Comcast that ended in some blacklists, so changing my e-mail (and losing my business contacts) would have changed nothing.

I called Dave back to figure out what the heck was going on.

Turns out that my machine got one of those viruses that turn hosts into spam relay. I still am not sure exactly which one it was. I actually wrote a story about hackers setting up Trojans that spam automatically a couple of years ago for Interactive Week. Where I got infected is anybody's guess. I am almost certain it was in that Moscow high-rise since I have an antivirus engine on my machine that somehow got circumvented.

Comcast's Dave didn't sound sympathetic at all. He suggested I should buy software from a couple of virus cleansing vendors and informed me that I will be cut off if I don't clean my machine which is solely and entirely my responsibility. I downloaded all the stuff he suggested, only to get another call from Comcast, this time an automated message informing me there was another instance of spamming from my IP address, and this is my last warning. Dave stopped returning my phone calls.

Beggars can't be choosers. I went and bought a new laptop, for $1,500. It has every firewall, virus filter and parasite detector known to man. I am still online and Comcast has stopped calling.

However . . . I am still blacklisted.

Since managing these lists is an entirely voluntarily effort, and guys doing this on their own time and their own nickel essentially are in trench warfare with real spammers, I am not at all sure that there is a mechanism that would clear my good name on the Net. Nor do I seem able to get any meaningful answers from anyone.

Calls to Comcast corporate relations (surely I am not the first customer with this problem) and e-mails to MAPS, Spamhaus, and other prominent international anti-spam bodies generating blacklists went unanswered. Hey, maybe they got rejected as spam? I don't know whom I can reach via e-mail anymore.

My educated opinion is that this is a serious problem. I can't do my job without being able to e-mail, and if I am branded a spammer because my machine got cracked there has got to be a mechanism just like there is with identity theft to clear my record. As a consumer and as a professional I need to know who has access to my Internet profile, who can alter it, and whom I can call (besides Dave) to complain about this entire mess.

As to ISPs, cable monopolies, and the RBOCs with their DSL services, I would advise them to figure out this set of legal and customer service issues before misguided legislation gets written. For example, the anti-spam bill solves next to nothing. What would politicians do about the rights of people who have become spammers without their will or consent?

—End