Cisco Systems' IronPort division says that though there have been some brief spikes in , spam is still down significantly from where it was prior to the McColo takedown. McColo could not be reached for comment on this story.

But two weeks after McColo was dropped by its network providers, the company's data center remains untouched. That frustrates some security researchers who say that the servers used to control these operations could provide a treasure trove of evidence about cybercriminals.

"It doesn't surprise me, although it does disappoint me," said Richard Cox, CIO with the antispam group Spamhaus. Cox, who works with law enforcement on spam cases, says that while federal investigators may understand how an operation like McColo works, getting their bosses to agree to take action can be difficult. "The people in the trenches are being directed by people who think they're politicians," he said.

McColo was on the federal government's radar, as are dozens of other service providers worldwide that are known providers of so-called bulletproof hosting services, which are never taken down, despite complaints, according to a source in a federal law enforcement agency who spoke on condition of anonymity because he was not authorized to speak to the press.

While researchers may feel they have a case against McColo, it's another thing entirely to convince a U.S. Department of Justice attorney to ask for a warrant to seize hundreds of servers, and even harder to get a federal judge to authorize this. "There's a reason why we didn't just go and grab all the servers," he said. "If you want a warrant for hundreds of servers... that's very difficult."