One Last Spamhaus Warning Before The End

← Back to Stories (view on slashdot.org)

One Last Spamhaus Warning Before The End

Posted by ryuzaki0 on Tuesday October 10, 2006 @03:03AM from the going-down dept.

kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"

10 of 632 comments (clear)

Min score:

Reason:

Sort:

The IP Address by eldavojohn · 2006-10-10 03:06 · Score: 4, Informative

Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling.
Ok, so we might be making a bigger deal of this than we should. I mean, after a simple ping:
Pinging www.spamhaus.org [216.168.30.71]: Ping #1: Got reply from 216.168.30.71 in 79ms [TTL=57] Ping #2: Got reply from 216.168.30.71 in 84ms [TTL=57] Ping #3: Got reply from 216.168.30.71 in 79ms [TTL=57] Ping #4: Got reply from 216.168.30.71 in 79ms [TTL=57] Variation: 5.0ms (+/- 6%)
Doesn't that mean that for all applications referencing Spamhaus, they need to push out patches that use 216.168.30.71 instead of http://www.spamhaus.org/ ?

I mean, if we can get the word out to 650 million Internet users to use IP address 216.168.30.71, what damage is done? It will just take a while for people to tell ICANN how stupid they are. Maybe this is a good thing? Maybe this will cause the community to complain about ICANN and the American control of the internet?

--
My work here is dung.
1. Re: The IP Address by Jaseoldboss · 2006-10-10 03:25 · Score: 5, Informative
  
  They could also get a .de name. Something beyond the jurisdiction of a US. Court.
  
  Why would they want to do that? From the article;
  
  Executives at the U.K.-based Spamhaus Project...
Re:Shoulda seen this coming... by Bog+Standard · 2006-10-10 03:10 · Score: 3, Informative

you mean spamhaus.org.uk
Re:Shoulda seen this coming... by doctor_nation · 2006-10-10 03:14 · Score: 5, Informative

The #1 reason they didn't defend themselves is because they are a UK company and not under US jurisdiction. The #2 reason is that if they were to spend the money to defend themselves, they would open a precedent for any other spammer to sue them the same way. I think it's perfectly reasonable for a foreign company to ignore a US court order in this case. A US court can't order a spammer in Russia to stop spamming, so why should they be able to order a spam-blocker to stop blocking spam? The whole internation commerce thing is pretty fuzzy to me, so I don't really understand what a US court CAN do to a foreign company that sells its services to a US company.
they are spammers, see here by crayz · 2006-10-10 03:33 · Score: 4, Informative

Google groups

(from http://www.spamhaus.org/legal/answer.lasso?ref=3)
Re:Missing the underlying problem by SCHecklerX · 2006-10-10 04:05 · Score: 4, Informative

There was a presentation at Blakhat and Defcon last year about this subject. The fact is that there *ARE* groups who actually do use SPAM to transmit covert messages.
Re:Now,now by Anonymous Coward · 2006-10-10 04:59 · Score: 3, Informative

Also:
while true; do curl -s -N -o /dev/null http://www.e360insight.com/; echo -n "."; done
Re:Minor nit-pick. by tinkerghost · 2006-10-10 05:25 · Score: 3, Informative

I have a static IP. For whatever reason, it is listed as a Dynamic IP.
Oh, I know this one.
Whoever your ISP is, gets their IP addresses in blocks, which they designate as Dynamic. Certain subnets get marked as static - and are generally reserved for loops - T1 etc. When you get a 'static' IP address from your ISP, they create a DHCP block for you with only 1 IP address in it. So your 'static' IP address is really a 'dynamic' IP address drawn from a pool of 1 possibility.
Spamhaus is popular *because* they're good by billstewart · 2006-10-10 07:52 · Score: 4, Informative

Spamhaus is popular because they run a good, well-maintained list, and are very conservative about only putting people on there who belong there, and not doing the heavy-collateral-damage approach that some other lists do. Additionally, they're focused on taking the big high-volume spammers and tracking them down, as opposed to blocking the ISP of every zombie out there.
They can and presumably do make mistakes, but they're about the best out there.
Most ISPs need more protection that just burning CPU on Spamassassin - diverting obviously untrustable email at the SMTP handshake instead of accepting the message is pretty critical, and the way the SMTP protocols work, if you refuse the message then, any correctly-configured legitimate email sender will get feedback, as opposed to if you accept the message and then dump it. (You can do milter-things to process the message body before accepting the message, but there are enough known-bad sources that you can kill before they get that far that it saves you a lot of CPU and transmission.)
Simply greylisting mail kills off a surprising fraction of spam, including mail from most zombies and most of the unused-address-space-BGP-hacking senders. You could certainly use Spamhaus, and for that matter just about any RBL, to drive a greylist harder (e.g. 1 hour delay for listed sites, 5 minutes for unknowns.)

--

Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Re:I will explain this because I'm tired of this a by Panoramix · 2006-10-10 10:38 · Score: 3, Informative

I think you should wait before changing anything. I don't think spamhaus.org.uk, or any other name besides spamhaus.org, will ever resolve the Spamhaus RBLs.

From Spamhaus' response to the proposed order (proposed, people, by the spammer's counsel, no judge has ordered ICANN anything), it seems they'll intend to contest this. They mention they don't think that ICANN suspending them can actually happen, for reasons I in fact agree with (go read them at their site). They also mention that "one U.S. government agency has begun working on a response."

However, if worse comes to worst, they probably won't switch to any other domain name. They state: "... if Spamhaus gets around the court order by switching domain to maintain the blocking, the judge would very likely then rule us in criminal contempt. We don't want a criminal record for the sake of fighting spam. We normally help fit the spammers with criminal records, not the other way round."

Which I read as, if this order is enforced, and ICANN caves in and all that, there will be no more Spamhaus, period.

Which would really piss me off. The whole episode already already seems like a bad dream to me. To see Spamhaus destroyed by some spammer scum would be just depressing. One thing's for certain, though: it'll be a cold day in hell before any site I manage will exchange traffic with this spammer.