Leaked memos link spammers to ISP Savvis

Internal e-mail messages from Savvis Communications Corp. have surfaced on the Internet that show that the St. Louis-based ISP (Internet service provider) catered to online e-mail marketing companies it suspected of sending out unsolicited commercial ("spam") e-mail, even using "subversive business methods" to help spammers stay online after their Internet address was blacklisted.

A company executive acknowledged that Savvis may have aided spammers, but said the company was a victim of poor organization and internal communication about a mushrooming spam problem following the March 2004 acquisition of competitor Cable & Wireless PLC, and is now taking steps to kick spammers off its network and mend fences with the antispam community.

However, the leaked e-mail messages between senior IT officers provide a unique glimpse into a raging debate within Savvis, which found itself caught between a lucrative business hosting what it terms "e-mail marketing" businesses and increasing pressure from antispam blacklists for the company's spammer-friendly tactics, which at least some executives acknowledged were sinking the company's reputation.

Three-mail messages appear on http://www.savvis.info, a Web site run by Alif Terranson, Savvis' former manager of operations for the security engineering group, who was fired by Savvis in April because of disagreements with management over the company's spam policy, Terranson said.

Terranson received the e-mail messages through an anonymous e-mail forwarding service but does not know who within Savvis sent the messages, which date from late August 2004.

Frank Sheeman, Savvis' vice president of security services, acknowledged the leaks, but said the company does not know who leaked the e-mail or how Terranson obtained copies of them. He said that Terranson was fired from Savvis, but for "human resources" reasons, not for disagreements over his position on spam.

The e-mail messages, which circulated among senior executives and IT employees at Savvis, discuss the decision by spam blacklists (SBLs) to block a wide range of IP (Internet Protocol) addresses belonging to the ISP, which hosted a number of Internet domains linked to spam campaigns.

"We are already having several legitimate customers suffering and complaining due to their IP space just being near the spammers' space," wrote Kris Kistler, Savvis' director of Infosec and Abuse in an e-mail dated Aug. 30. "This problem grows larger every week and will continue to get worse."

Kistler declined to comment on the leaked memo, citing company policy.

The memos also reveal growing concern within the company about the impact of a recent audit by the American Registry for Internet Numbers (ARIN) that was prompted by the transfer of IP addresses from C&W to Savvis after Savvis purchased C&W's assets for US$155 million, according to an Aug. 24 memo to Kistler and others from Thomas Armstrong, Savvis' senior manager of IP provisioning.

According to Armstrong's memo, the audit revealed a large number of unused blocks of IP addresses assigned to Savvis, which ARIN requested Savvis to return. Armstrong did not respond to requests for comment.

The loss of that extra IP space put a squeeze on the company and its customers, because "much of (Savvis' IP address) space is already blacklisted and unstable," Kistler wrote.