Spam Trips Symantec Hosted Services

Anti-spam service SORBS blacklisted Symantec's hosted email service after Symantec customer's webmail was hacked by spammer.
Slideshow: Cloud Security Pros And Cons
Slideshow: Cloud Security Pros And Cons
(click image for larger view and for full slideshow)

Hacked corporate webmail accounts that sent spam led to a range of IP addresses belonging to Symantec's Hosted Services business unit -- formerly known as MessageLabs -- being blocked last week by the Spam and Open Relay Blocking System (SORBS), according to iTnews in Australia.

The incident, involving customers of Symantec Hosted Services, points to the difficulty of correctly identifying spammers -- or for that matter, intent -- as well as the fact that both blacklisting (blocking) and whitelisting (approved email addresses only) can be rather blunt approaches to controlling spam, which constitutes 87% of email traffic.

On the other hand, the accounts were sending spam, which highlights the balancing act faced by email recipients. Namely, at what point -- and to what degree -- should you block email addresses that send spam, regardless of who owns or manages them?

Symantec downplayed the incident. "Our hosted service filters email for spam and viruses for over 30,000 businesses worldwide. From time to time, one of our clients will send mail that is considered to be spam by us or one of the block list providers," said a Symantec spokesperson via email. "We have mechanisms in place to immediately remedy any actual spam sending from our clients' domains; however, some of the block list providers have very aggressive rules and may occasionally add a block based on a single email that is deemed spam-like."

The Symantec spokesperson added that "we work very closely with block list providers like SORBS and Spamhaus who generally play a very positive role in the fight against spam."

This incident follows a dustup earlier this year between Symantec Hosted Services and SORBS. In support messages to customers, Symantec recommended they avoid "unhelpful" services prone to producing "false positives," singling out SORBS, Backscatterer and the now-defunct SPEWS. Instead, Symantec suggested that customers work with "legitimate" anti-spam services.

The leader of SORBS fired back that, yes, it was aggressive, "but considering that SORBS receives more than 30 billion lookups per day by tens of thousands of users, it is patently obvious that SORBS is a legitimate list."

The two sides apparently reached a detente in August.