Slashdot Mirror
On Futureproofing Spamhaus
BMcWilliams writes "Spamhaus director Steve Linford announced a new funding plan Tuesday. According to Linford's announcement, large ISPs and big corporate users of the Spamhaus zone transfer service (renamed the Spamhaus Data Feed Service) will be required to pay an annual subscription fee ranging between $190 and $14,500.(The free public-query mirrors will continue to exist.) The point of the new plan is to ensure that 'the millions of users who rely on our anti-spam systems can be assured we'll be here for as long as spammers plague the Internet'."
Is this a Self-Elimating Business Model?
The point of the new plan is to ensure that 'the millions of users who rely on our anti-spam systems can be assured we'll be here for as long as spammers plague the Internet
As they eliminate spam, spam becomes less profitable, thus decreasing the need for them. Not only that, but the less spam, the less people will request their services, as they can do it in-house. What do you guys think?
Lets get it out of the way now....
1. Block spam
2. ????
3. Profit.
There. Are you trolls happy?
Since when has this country used intellectual elite as a pejorative term?
This story makes me think of GRsecurity. Remember? It's dying because the developer didn't have any funding? Maybe Spamhaus caught wind of this, and is trying to avoid a similar fate.
Only the purest of souls seek enlightenment. Everyone else just wants power.
Just as soon as this $54Mil bank transfer goes through for this poor Nigerian widow.
Heh... I love it, it shows that not too many folks understand about how Spamhaus operates, and may be relying on distant memories of the Mail Abuse Prevention System (MAPS). Both organizations, Spamhaus and MAPS, have operated on a free-to-all, volunteer-run system, accepting donations where they could be had to fund themselves. Back in July 2001, MAPS moved to a fee-based for all (except for educational and single operator systems, which could sign a waiver and have free access) model, while Steve Linford kept MAPS in its free-for-all state, where it continues to operate today.
However, several large users, including world governments, have voiced their opinions that they love what Spamhaus has done, however, how can they rely on a free service that may not be in operation in a year or two due to legal shenanigans like what Richter is pulling against Spamcop??
That, in a nutshell, is what's happening here. No one has ever paid to use Spamhaus other than through voluntary contributions. This changes nothing, the blocklist service and website will still remain free to all comers, and those that have large userbases that want to depend on Spamhaus as a going concern can help by paying a fee for use of a zone transfer service to their own database or dns servers.
Simple, ain't it?? The little guys win, the big guys win, the spammers lose.
If Spamhaus eliminated Spam, Steve Linford would be the first one dancing. He'd probably get a knighthood, but I think he'd prefer a good night's sleep.
MS claims that Hotmail receives 2 Billion spams a day. (That's 2x10^9 to you friends across the puddle). I don't see that going away, more's the pity.
********* sig: If you don't like the law, get filthy stinking rich, and buy a better one.
I'll admit that I don't know how Spamhaus operates. However, it doesn't detract from what I said. Costs will still be forced upon me for something that I may have no use for. The government does it, but now it may be done from the private sector?
Wheel in the sky keeps on turnin'.
Yeah I am really worried the 15 grand is going to be passed onto me from my multi-billion dollar ISP.
I expect I will need to refinance my house to keep my internet connection.
Spamhaus is providing a service that cuts costs for ISP's (due to savings in resources not needed for the handling of spam) so it only makes sense to throw some cash thier way in return.
Penny pinching of the magnitude you are posting is ammusing. Next you will be saying the free coffee provided to the programmers at most ISP should be cut due to the large toll it provides on the cost to end user services (which is much more than 15 grand) or workers should provide for thier own toilet paper and soap. Cut the company softball team too! The 35 dollar's I pay for broadband is too high!
I miss the Karma Whores.
Spamhaus advises organizations set up a zone transfer if they're receiving 200,000+ e-mails per day. I doubt the average user (or small organization, corporation, etc.) will be receiving that much e-mail in a day (at least for now...)
Don't they mean, as long as e-mail exists; in it's current form, anyway?
Even then a lot of businesses may actually save money through reducing bandwidth costs due to spam. I hope they don't force those savings onto you... :)
Q.
Insert Signature Here
You raise a good point, and yet I doubt that the cost of subscribing to SpamHaus will be passed down to you. The article mentions the maximum price as $14,500. Which would be for a company say (in relation to your example), the size of AOL.
:P
Even if a small ISP who can't afford to simply swallow the cost passed it down to customers, you'd only be seeing a tiny increment on your monthly bill . And by tiny I am thinking in the figure of 10 or 20 cents. Do the math.
Small ISP "FooNet" has 1000 customers. They qualify for the lower brackets of SpamHaus subscription. Lets say the subscription costs $190 (from the article). Each user will only be paying $0.19cents more a month. Multiply that by 12, and thats an addition of $2.28 dollars a year for some very good spam protection.
Now that I think about it, where do I sign up?
--
The last digit of pi is four.
Are you suggesting that ISP customers are entitled to a service for nothing?? If customers are unhappy with a (probably tiny) increase in ISP charges to address the problem, they can always switch to a cheaper ISP ... and
learn to enjoy their spam.
I get maybe one spam e-mail a day.
And how many extra spam e-mail do you think you would you receive if AOL stopped using the Spamhaus RBL?? (If AOL doesn't use the RBL the question is moot anyway.)
If a corporate IS department is running their own mail servers, it would be wll worth the money. Transfer the lists into the server and check all incoming mail instantly instead of the latency caused by going to Spamhaus. The bandwidth and time saved for someone like GM, GE, Siemens,..... Thats a lot of money saved. $14,500 is pocket change to them anyway, and if it saved $50,000 over a year, thats a good return. I'd bet it would save a lot more than 50K though.
The fact that it keeps Spamhaus a viable concern is another plus.
Professional Politicians are not the solution, they ARE the problem.
I may be an idiot, but it seems to me that most organisations could justify any of the amounts listed by doing some simple cost benefit analysis.
My understanding is that Spamhaus allows you to blackhole IP blocks that are known to tolerate\encourage spam.
If you step back and work out the cost of bandwidth to accept all of that spam, versus the cost to pay Spamhaus to blackhole it, it probably works out in favour of paying for Spamhaus.
Here in
"$190 and $14,500"
This takes the sound bite "prices may vary" to a new level.
the byproduct of years of oppression by the white man
You are confusing Spamhaus with SpamCop...
Spamhaus has no affiliation with IronPort!
This will be fine if/when everyone upgrades their DNS & MTA software to accept and use those standards. In addition, there are competing standards/proposals too, so which is the right one to choose?
As an aside, I don't think that making it an RFC necessarily makes it patent free.
Complexity is Easy. Simplicity is Hard.
SMTP has a security hole: any connecting client can assert any sender address. This flaw has been exploited by spammers to forge mail. The result: your mailbox fills up with bounces to messages that you didn't send.
Yea, right. My mailbox isn't filling up with messages I didn't send. It's just plain filling up. This method is no more difficult to defeat that the current content-based anti-spam methods and requires major upgrades to both DNS and MTAs.
Of course this is a Microsoft idea. Rather than improve the system, in typical Microsoft fashion they want to employ a new standard indigenous to their systems. Another marketing ploy that promises an amazing improvement that would never materialize.
While some improvements to DNS authentication could prove helpful, they're not worth the trouble because in the end, this idea is little more than another flavor of whitelisting, which has proven to be most effective by a small config change to most MTAs and services like Spamcop, Sorbs and Spamhaus's RBL.
What you're proposing is that the burden be switched from MTA to MTA+DNS. The problem is that it's not that much more difficult for spammers to forge additional DNS records in most cases.
Yes, this scheme might address zombie proxy armies, BUT that presupposes that the major ISPs would actually properly manage their DNSes, which they DON'T NOW, so why would they update the new DNS records properly? They WOULDN'T. It's better to have the DNS records managed by an independent third party such as Spamhaus or Spamcop, that sysops can choose to use that are more responsible and more accurate in determining which hosts are allowed to deliver SMTP traffic.
I was just about to blast you for your apparent refusal to spend a whole five seconds thinking this through, but I see that you have an AOL address, so I'll assume your question was asked with all sincerity.
There are several ways you benefit from this:
- First is that you might already be benefiting. Since you currently get spam, that means that spammers have your address. Getting only one a day probably means that your ISP already is using spam filtering. How do you know that Spamhaus's databases aren't part of it?
- Good spam filtering helps keep costs down, lowering your bills. A network engineer at a major ISP told me that if they removed their spam defenses, they'd promptly crash; they don't have the capacity to handle the doubling or tripling of mail traffic that would result. $15k per year is nothing compared to tripling your ISP's mail handling and storage capacity.
- People will see your messages. If I turned off my filters, less then one in ten of the items in my inbox would be real mail. Without good filtering, I'd accidentally delete a lot of real messages, especially ones from unknown correspondents.
- The people you want to communicate with will still use email. Some people, especially marginal internet users like grandparents and small children, are already starting to abandon email as a medium, despite our best efforts at keeping the spam out. Without good tools like Spamhaus's lists, more and more people will just give up on their spam-choked inboxes.
So basically, if you use email at all, it's worth supporting the fight against spam, even if you don't personally get any at the moment.One can wonder whether additional funding will have the effect of actually having the records reflect the realities. The trouble is that I know of at least one record (SBL6024) that is filled with errors and despite several attempts at having Steve correct them, all that happened was a bunch of insults in response.
/29 belonging to Wild Rhinos nameserver moved to their record (SBL14379) - or similar. I know it would not delist anything (that's not the issue) but it would correct the information and that's what's important here.
All content in that record except *one* line is completely wrong and/or severely outdated. The bad content reflects an old customer long gone (booted late 2002) whose IP-ranges were mixed up with Dynamic Pipe. All that remains valid is a single nameserver (freya.wildrhino.com) belonging to a different customer/alledged spammer: Wild Rhino.
If the info should be correct that entire record should be removed and the
But Steve does not want to admit his mistakes here, and one can wonder just how many other records in his system are equally flawed, mislisted or plain false. If the incorrectness is rampant throughout, one can wonder just what these businesses would be buying. I think Steve needs to learn a bit about humility and responsibility before he starts making money big-time on this. Because making money off lies and false pretenses has always been the domain of those he claims to hate the most: SPAMMERS.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Gee, I leave my tinfoil hat off for just one lousy week and there's not just one but multiple world governments. I was just getting to grips with overthrowing a few national governments.
Do I get to choose which world government I'm under? Given the choice I, for one, would like to welcome my new illuminati overlords.
Recycle PCs and build a wireless community network www.hillsborough.org.nz
SPF is not a Microsoft technology. Caller ID is the Microsoft solution (similar but different). SPF was designed by pobox.com. Microsoft and pobox.com recently agreed to make SPF and Caller ID compatible, but they are still different methods:
1. SPF is text based; Caller ID is XML based (even though no other email header or DNS record is).
2. SPF verifies the envelope sender; Caller ID verifies the From header of the email. While both will be the same in many cases, they do not have to be.
SPF isn't flawed, the application is flawed. Put in a trouble ticket to the company that makes BlackBoard group learning systems and tell them they need to add outbound SMTP gateway support. That's a seriously misbehaved application if it just assumes it can send mail directly out. We haven't allowed users to send mail directly out for 12 years.. everyone has to relay through a central mail gateway for logging purposes.