Home
 

Spam from
Rackspace Cloud

Since July 2009 I have received a number of unsolicited advertisement e-mails addressed to "VIP Member" from IP addresses in the 174.143.128.0-173.143.255.255 range. This range belongs to Rackspace Cloud, a subsidiary of Rackspace Inc.

I've brought these messages to Rackspace's attention, spoken with a Rackspace representative on the telephone, and been repeatedly reassured that the problem has been alleviated.

Within a few hours of receiving notification that the spammer's account had been terminated, fresh instances of the same spam have resumed.

Repeatedly.

I've contacted abuse@rackspacecloud.com, abuse@rackspace.com, and the telephone number listed on ARIN.NET for the sending IP address--which turned out to be the Network Operations Center at the parent company Rackspace, instead of the subsidiary, Rackspace Cloud.

Perhaps it is technically difficult to keep a single spammer from repeatedly re-invading a cloud-computing environment. Or perhaps the spammer has help inside Rackspace. I really cannot tell.

The experience made me look up cloud computing, to try to understand it.

Unlike grid computing, which some of us know from SETI@home, in which the customer may offer their own resources for others' use in exchange for gaining the ability to perform calculations on shared resources that are beyond the capability of their own resources, cloud computing is apparently a way of offering bulk computing resources for dynamic lease-as-needed from a central point without any sharing of customer resources. The difference is apparently as much in business model as in technology.

The consequences for resource security might be tricky. If that understanding is correct, it means that a spammer may appear to have a continuously roving IP address. If the spammer figures out a way to install back doors on random nodes within the cloud-vendor's resources, the spammer might only exploit these hacks after the vendor believes they have kicked the spammer off their servers.

Receivers of spam have a new problem. In pre-cloud times, a particularly agressive spammer would typically have a small number of IP addresses, so recipients could simply refuse connections from those addresses. Software for blocking those unwanted connections is generally not architected to suddenly block upwards of 16000 or 32000 consecutive IP addresses in an efficient manner. This new phenomenon potentially entails an escalation of the arms race between ordinary net users and exploitive freeloaders.

I have continued to report "VIP Member" spams from 174.143.128.0-173.143.255.255 to Rackspace and Rackspacecloud, in the hope that they some day discover a way to enforce their Acceptable Usage Policy.


 

Matthew H. Fields