One Last Spamhaus Warning Before The End

kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"

The IP Address

[eldavojohn]

Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling.

Ok, so we might be making a bigger deal of this than we should. I mean, after a simple ping:

Pinging www.spamhaus.org [216.168.30.71]:

Ping #1: Got reply from 216.168.30.71 in 79ms [TTL=57]
Ping #2: Got reply from 216.168.30.71 in 84ms [TTL=57]
Ping #3: Got reply from 216.168.30.71 in 79ms [TTL=57]
Ping #4: Got reply from 216.168.30.71 in 79ms [TTL=57]

Variation: 5.0ms (+/- 6%)

Doesn't that mean that for all applications referencing Spamhaus, they need to push out patches that use 216.168.30.71 instead of http://www.spamhaus.org/ ?

I mean, if we can get the word out to 650 million Internet users to use IP address 216.168.30.71, what damage is done? It will just take a while for people to tell ICANN how stupid they are. Maybe this is a good thing? Maybe this will cause the community to complain about ICANN and the American control of the internet?

Re: The IP Address

[Jaseoldboss]

They could also get a .de name. Something beyond the jurisdiction of a US. Court.

Why would they want to do that? From the article;

Executives at the U.K.-based Spamhaus Project...

Re:Shoulda seen this coming...

[doctor_nation]

The #1 reason they didn't defend themselves is because they are a UK company and not under US jurisdiction. The #2 reason is that if they were to spend the money to defend themselves, they would open a precedent for any other spammer to sue them the same way. I think it's perfectly reasonable for a foreign company to ignore a US court order in this case. A US court can't order a spammer in Russia to stop spamming, so why should they be able to order a spam-blocker to stop blocking spam? The whole internation commerce thing is pretty fuzzy to me, so I don't really understand what a US court CAN do to a foreign company that sells its services to a US company.

they are spammers, see here

[crayz]

Google groups

(from http://www.spamhaus.org/legal/answer.lasso?ref=3)

Re:Missing the underlying problem

[SCHecklerX]

There was a presentation at Blakhat and Defcon last year about this subject. The fact is that there *ARE* groups who actually do use SPAM to transmit covert messages.

Spamhaus is popular *because* they're good

[billstewart]

Spamhaus is popular because they run a good, well-maintained list, and are very conservative about only putting people on there who belong there, and not doing the heavy-collateral-damage approach that some other lists do. Additionally, they're focused on taking the big high-volume spammers and tracking them down, as opposed to blocking the ISP of every zombie out there.
They can and presumably do make mistakes, but they're about the best out there.

Most ISPs need more protection that just burning CPU on Spamassassin - diverting obviously untrustable email at the SMTP handshake instead of accepting the message is pretty critical, and the way the SMTP protocols work, if you refuse the message then, any correctly-configured legitimate email sender will get feedback, as opposed to if you accept the message and then dump it. (You can do milter-things to process the message body before accepting the message, but there are enough known-bad sources that you can kill before they get that far that it saves you a lot of CPU and transmission.)

Simply greylisting mail kills off a surprising fraction of spam, including mail from most zombies and most of the unused-address-space-BGP-hacking senders. You could certainly use Spamhaus, and for that matter just about any RBL, to drive a greylist harder (e.g. 1 hour delay for listed sites, 5 minutes for unknowns.)