On Futureproofing Spamhaus
BMcWilliams writes "Spamhaus director Steve Linford announced a new funding plan Tuesday. According to Linford's announcement, large ISPs and big corporate users of the Spamhaus zone transfer service (renamed the Spamhaus Data Feed Service) will be required to pay an annual subscription fee ranging between $190 and $14,500.(The free public-query mirrors will continue to exist.) The point of the new plan is to ensure that 'the millions of users who rely on our anti-spam systems can be assured we'll be here for as long as spammers plague the Internet'."
Is this a Self-Elimating Business Model?
The point of the new plan is to ensure that 'the millions of users who rely on our anti-spam systems can be assured we'll be here for as long as spammers plague the Internet
As they eliminate spam, spam becomes less profitable, thus decreasing the need for them. Not only that, but the less spam, the less people will request their services, as they can do it in-house. What do you guys think?
Lets get it out of the way now....
1. Block spam
2. ????
3. Profit.
There. Are you trolls happy?
Since when has this country used intellectual elite as a pejorative term?
This story makes me think of GRsecurity. Remember? It's dying because the developer didn't have any funding? Maybe Spamhaus caught wind of this, and is trying to avoid a similar fate.
Only the purest of souls seek enlightenment. Everyone else just wants power.
I'll admit that I don't know how Spamhaus operates. However, it doesn't detract from what I said. Costs will still be forced upon me for something that I may have no use for. The government does it, but now it may be done from the private sector?
Wheel in the sky keeps on turnin'.
Spamhaus advises organizations set up a zone transfer if they're receiving 200,000+ e-mails per day. I doubt the average user (or small organization, corporation, etc.) will be receiving that much e-mail in a day (at least for now...)
SMTP has a security hole: any connecting client can assert any sender address. This flaw has been exploited by spammers to forge mail. The result: your mailbox fills up with bounces to messages that you didn't send.
Yea, right. My mailbox isn't filling up with messages I didn't send. It's just plain filling up. This method is no more difficult to defeat that the current content-based anti-spam methods and requires major upgrades to both DNS and MTAs.
Of course this is a Microsoft idea. Rather than improve the system, in typical Microsoft fashion they want to employ a new standard indigenous to their systems. Another marketing ploy that promises an amazing improvement that would never materialize.
While some improvements to DNS authentication could prove helpful, they're not worth the trouble because in the end, this idea is little more than another flavor of whitelisting, which has proven to be most effective by a small config change to most MTAs and services like Spamcop, Sorbs and Spamhaus's RBL.
What you're proposing is that the burden be switched from MTA to MTA+DNS. The problem is that it's not that much more difficult for spammers to forge additional DNS records in most cases.
Yes, this scheme might address zombie proxy armies, BUT that presupposes that the major ISPs would actually properly manage their DNSes, which they DON'T NOW, so why would they update the new DNS records properly? They WOULDN'T. It's better to have the DNS records managed by an independent third party such as Spamhaus or Spamcop, that sysops can choose to use that are more responsible and more accurate in determining which hosts are allowed to deliver SMTP traffic.
One can wonder whether additional funding will have the effect of actually having the records reflect the realities. The trouble is that I know of at least one record (SBL6024) that is filled with errors and despite several attempts at having Steve correct them, all that happened was a bunch of insults in response.
/29 belonging to Wild Rhinos nameserver moved to their record (SBL14379) - or similar. I know it would not delist anything (that's not the issue) but it would correct the information and that's what's important here.
All content in that record except *one* line is completely wrong and/or severely outdated. The bad content reflects an old customer long gone (booted late 2002) whose IP-ranges were mixed up with Dynamic Pipe. All that remains valid is a single nameserver (freya.wildrhino.com) belonging to a different customer/alledged spammer: Wild Rhino.
If the info should be correct that entire record should be removed and the
But Steve does not want to admit his mistakes here, and one can wonder just how many other records in his system are equally flawed, mislisted or plain false. If the incorrectness is rampant throughout, one can wonder just what these businesses would be buying. I think Steve needs to learn a bit about humility and responsibility before he starts making money big-time on this. Because making money off lies and false pretenses has always been the domain of those he claims to hate the most: SPAMMERS.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --