Slashdot Mirror
Dutch ISP Files Police Complaint Against Spamhaus
judgecorp writes "Dutch ISP A2B has filed police complaints against anti-spam project Spamhaus, calling its CEO 'nuts' and accusing him of blackmail. Spamhaus added all A2B's addresses to a spam blacklist, when A2B did not obey the letter of its demands in blocking a spammer."
A2B DID block the spammer, they blocked his ip. What Spamhaus wanted was stop routing traffic for the whole CyberBunker (who route traffic for The Pirate Bay etc) who are not spammers. They had a single customer that spammed, and A2B as upstream provider blocked that ip instead. What they didn't do was block the innocent CyberBunker completely, and after that Spamhaus added A2B - completely third party - to their blacklist. That's complete bullshit and blackmail.
I'm not particularly sure who's more nuts. Spamhaus for over-reacting, or A2B for being a-holes and ignoring the initial complaint. Both seem to have handled this poorly.
Seems to me that spamhaus should be allowed to destroy its own credibility without law enforcement intervening.
The stories and info posted here are artistic works of fiction and falsehood.
Only fools would take it as fact.
GO!
Seriously, anti-spam organizations tend to be as self righteous as born-again and on the wagon alcoholic evangelists.
Isn't it time to kill email?
Spamhaus publishes their Opinion about who are spam problems. It's a lot like Slashdot posts, which are the various contributor's Opinions. You can individually choose to believe, or not believe, any post(s) that you wish. And other ISP's can choose to accept, or reject, Spamhaus's Opinions about who and where troublesome spammers are. An Opinion is a very long way away from the accusation of Judge, Jury, and Executioner and only a fool would have made that unwarranted leap.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Yes, ISP's need to be responsible and take action against spammers, and yes, ISP's who continually fail to do so on a significant scale over a long period of time are fair game to block, but in this particularly instance it sounds like Spamhaus's actions may have been abusive and rather arrogant. I use Spamhaus's blocklist myself, but organizations like Spamhaus and Cisco SenderBase need to take some responsibility to ensure that they are not unduly effecting legitimate businesses and networks. Taking large-scale blanket actions that effect many legitimate sites undermines the anti-spam industry as a whole, because it makes it more difficult for people to rely on anti-spam products/services.
Every time you post an article on Slashdot, I kill a server. Think of the servers!
Three quarters of the postings to the eternal flamewar that is news.admin.net-abuse.email accuse Spamhaus of being wild-eyed fanatical zealot nutjob high-handed Nazi thug blackmailers. And two thirds of them are correct.
SpamHaus and CyberBunker have a history and even if no spam, Spamhaus holds a grudge.
With power comes accountability.
seems like an interesting question here. Spamhaus in essence can withhold an ISP's goodwill in the community, which is arguably a part of an ISP's "property" (and of any business, really). if that theory holds up, what Spamhaus is doing could be considered extortion. A2B could also seek some sort of libel claim against Spamhaus, but how likely would such a claim be enforced over international borders?
is there anyone watchdogging Spamhaus' watchdog efforts?
What once was a great idea has turned into a monster that can destroy a company before it starts. easy to get blacklisted damn near impossible to get off
spamhaus is the de facto standard in extortion now
Choosing to use and trust Spamhaus is a completely voluntary activity by companies that don't wish to receive spam. It is usually only one of many strategies people use to try to block spam. Most use it simply as advice for scoring, some us it to block smtp from hosts completely. Whatever.
If spamhaus gets it wrong too often (and they do make mistakes) then people will stop using it. There's little any authority can do about it though. Spamhaus publishes its opinion and others choose to follow it. Are they going to make laws against publishing opinions? The only way really to fight this would be to show that spamhaus is failing somehow in its mission. Personally, I suspect that if spamhaus says it's a spam haven, that it very probably is. If it is not, they'll eventually get delisted. End of story. My ISP has been listed before. It was not a mistake on their end, but on mine. It was a simple matter to fix the problems and get delisted. At the end of the processes I was thankful for the free opinion publishing service they provide.
Imagine if you weren't allowed to use roads because a bus company complained about your driving 3 times. --skunkpussy
ARE there alternatives?
They are hugely annoying to deal with if you send any volume of mail at all. I worked at a job in which we sent tens of thousands of order status emails per day (were there upsell attempts? Of course there probably were, but the thrust of the mail was "thanks for ordering, have a confirmation number"), and all it takes is a couple of people marking them as spam to get Spamhaus to start blacklisting you, your upstream ISP, your dogwalker's busdriver's cousin's hairdresser, etc.
I know they claim that they only blacklist IPs which send to honeypot email addresses, but I find that claim to be dubious at best, considering the IPs I've had blacklisted in the past.
I like music
The ISP should block spamhaus.
I would love to hear from Cyberbunker on why they are providing hosting to a spammer. Oh wait, I just found their AUP that's linked from their website:
I'm sure glad they are up front.
Spamhaus seemed like one of the less shady and even more trustworthy blocklists(blacklist, whaterver). I have seen some (maybe it was backscatter) that wanted $100 to get off the list sooner than the standard 30day TTL, usually you don't have to worry about anybody using these lists. However, one time I did run into somebody that subscribes to a service that enlists multiple blocklists and was using one of these shady ones, luckily it was only a single client.
Whatever, it's good to see some kickback here. I never asked for Spamhaus to be my Internet Mommy. As far as I'm concerned, they're no more than a bunch of low-lives, just as bad as the spammers themselves, and for *exactly* the same reason -- they're screwing with my inbox without my permission.
The correct way to deal with spam is legislation, legal enforcement, and more secure operating systems. Not by screwing with the mail system mechanism itself.
I've fallen off your lawn, and I can't get up.
Spamhaus don't list people unless they've got a very good reason - that's why the majority of email providers, and likely your mail feed is using SBL. Steve is not crazy, and incidentally, business details are not subject to data protection provisions under the EU directive, so it is absolutely fine to say you kicked a spammer.
Lie down with the dogs, get up with the fleas. Woohoo, you made your sales quota, but don't expect me to accept your email.
If you think spamhaus are bad try bumping into SORBS and see what happens......
Hint you better have deep wallets if you want to resolve any form of false positive or caught in crossfire. It's all about the donations baby!
It was just their opinion that the toxic loans were AAA+ quality, but their opinion carried a lot of weight.
In the end they did not pay once cent for being instrumental in the recession (as most others got away too).
Here's what these people seem to say.
When it comes to piracy - "ISPs shouldn't be policing the internet!"
When it comes to spam - "ISPs should be policing the internet!"
You're blaming the wrong entity. If you're concerned with this, you should be complaining to your ISP _whom_you_pay_ that they use Spamhaus. You have control of your service, go buy it from someone who doesn't use Spamhaus. Spamhaus isn't screwing with your Inbox, your ISP _whom_you_pay_ is screwing with your Inbox by their choice to use Spamhaus.
Don't get me wrong, I think Spamhaus is one of the best things since sliced bread. Why does your ISP _choose_ to use Spamhaus? Because the extra cost and resources involved with NOT using Spamhaus would impact their bottom line and they would have to charge you more.
Before all the botnet takedowns, RBL's used to account for blocking about 80-85% of inbound connections. Now it's down to less than 50%.
$ emailstats
Webmail System Statistics for 2011-10-12
TotalIncoming: 187662
RBL: 100601
Spams: 19439
Viruses: 192
Accepted: 67430
LocalDelivered: 53243
Forwarded: 14187
PercentGood: 35.9316
Considering only the information readily available via. summary and article, how is this any different from what the DHS are/were doing with ICE, taking out ... was it 86,000 sites to hit one target? When that happened Slashdot was up in arms about the insanity, was that just because DHS is loathed and Spamhaus generally isn't? Am I missing some important detail (other than DHS = Government, Spamhaus = vigilante freelancers) that puts this all in perspective?
-=This sig has nothing to do with my comment. Move along now=-
If Cyberbunker refuse to terminate spammers, then it should be blocked. This is like the porn affiliate program PerfectGonzo who ignored spam lawsuits, did not terminate a spamming affiliate until over a year after being brought to their attention, and only terminated one account of the spamming affiliate, not the 14 others. If Spamhaus blocked 1 IP address, how long would it take to change to another IP address? The failure to show Cyberbunker's record for dealing with spam is very telling -- if they promptly terminated spammers, it would have stated so.
Fight Spammers!
This story really rubs me the wrong way. They make it sound like Spamhaus has their fingers on the Internet's routing tables and at any whim can block or unblock networks that they don't like. This is simply not the case.
Spamhaus is no different from an op ed journalist or a food critic: All offer opinions about varying matters of public interest. Spamhaus, in this case, publishes an opinion in the form of a list of IP network ranges. In their opinion these networks can or may be responsible for transmitting spam or malware on the Internet.
PEOPLE ARE FREE TO USE OR NOT USE THIS INFORMATION AT THEIR DISCRETION.
But why is it that when the nutters at the Westboro Baptist church want to prance up and down the street and hold viotriolic hateful signs that all of a sudden we're so quick to point out that free speech is so vital for our society? Instead of bikeshedding over whether someone has a right to form an opinion about some Dutch ISP, how about instead we talk about how the spammers are themselves infringing on the propery rights of others by crapping on the internet? Lets stop pretending that the Internet is a public resource, it's a collection of private networks.
In any case, I have been a Spamhaus subscriber for scoring mail on my network and I appreciate the work that they do. I'd hate to imagine what the spam fighting landscape might look like today without Steve Linford and Spamhaus' efforts.
It's true no man is an island, but if you take a bunch of dead guys and tie 'em together, they make a good raft.
Almost everyone running a website, including me, has run into problems with spamhaus. Spammers change IP addresses and move on. Spamhaus does not monitor their block list to determine whether an IP is no longer a source of spam. The result is, every time I upgrade my server, being assigned a new IP address, I must once again lose hours of my time appealing to Spamhaus and their ISPs to unblock my IP address. Well, I'm done with it.
My website publishes public information. Every month, thousands of business owners create an account so they can update the information related to their business. When an account is created, my system sends a verification email. If that email is blocked, the business owner is unable to activate the account and, consequently, can not update their information. Currently, that is exactly what happens to everyone in ATT territory (everyone in several southern states). And as far as I'm concerned, it's not my problem. They chose ATT, which chose to use an inaccurate block list. Let them spend their time fixing their problem.
If you use an ISP with an inaccurate block list, don't be surprised if the only mail being blocked is legitimate mail. The spammers move on to other IP addresses, it's the legitimate business owners who don't have the time or inclination to do so for the few customers that don't get their mail.
Just a point of clarification.
Spamhaus runs several DNSBLs: SBL, PBL, XBL.
I use their XBL. It works great. Don't be confused thinking there's just one "spamhaus list", saying things like "anyone who uses spamhaus is a <insulting term>".
People should know what they're getting into when they subscribe to a DNSBL. DNSBLs are best used as part of a scoring system, rather than as an ultimate authority.
Regarding Spamhaus's SBL:
I believe Spamhaus knows what they're doing, and it's not simply escalating netblocks to create and enlist collaterally damaged networks to bring pressure. I bet Cyberbunker is complicit in providing a haven to spam operations. And -- this needs confirmation -- I hear that A2B gave Cyberbunker new addresses after Cyberbunker was listed, which makes A2B complicit.
Spamhaus released a news article about this in which they say A2B Internet is lying. "A2B Internet's tale of being "extorted" and hit with a "DoS attack" was a lie spun by an ISP whose financial interests rest with the rogue spam and crime hosts he sells transit to."
The Spamhaus news article entitled "Exposed Dutch ISP Attempts False Police Report" (http://www.spamhaus.org/news.lasso?article=673) is quite long and detailed, some choice bits:
"Per Spamhaus policy, on October 6th, after notifying A2B several times since June without results, an SBL listing which A2B had been ignoring was escalated to the SBL's "providing a spam support service" category and increased to include one of A2B's IP ranges. The escalated SBL record SBL112638 listed 178.249.152.0/21 for providing routing "knowingly and for profit" to a rogue host known as "CB3ROB" or "Cyberbunker", an outfit which Spamhaus has long seen involved in hosting cryber-crime and spam outfits. SBL listings of CB3ROB had been mounting steadily during 2011 for hosting malware, phishing and websites selling fraudulent goods advertised via spam. CB3ROB had announced that it would not terminate customers due to spam listings - an announcement which sent a golden invitation to even more spam and crime customers to the point where all of CB3ROB was placed on the Spamhaus DROP ("Don't Route Or Peer") list at the beginning of October."
"After Spamhaus listed one of A2B Internet's IP ranges on the SBL on October 6th, A2B replied the next day that they had ceased providing transit to the spam and malware sites at CB3ROB. Spamhaus thanked A2B and removed the SBL listing.
Two days later, almost certainly prompted by his CB3ROB customer, A2B's Erik Bais decided to try a ploy to circumvent further SBL listings for hosting rogue customers by filing a police report falsely claiming that Spamhaus had conducted a "DoS Attack" on A2B's network, had tried to "extort" A2B, and that the SBLs listing policies are "illegal" in The Netherlands. Mr Bais then emailed Spamhaus saying "If Spamhaus would limit (future SBL) listings to only the offending IPs" we would avoid "further escalation" from him.
Spamhaus director Steve Linford responded to Bais's email saying: "Spamhaus SBL policies are very clear, have been unchanged for over 10 years and have always included a policy of escalation where the upstream is 'knowingly involved' (or 'tacitly involved') in keeping an abuse source connected to abuse Spamhaus's users. Spamhaus has a duty to protect SBL users from abuse and abusive networks. If you want your network to enjoy sending communications to Spamhaus SBL users, you must ensure your network respects our policies on spam/abuse." ...and a GREAT twist in the tale of this saga! :
"With no irony lost, this week senior staff from Spamhaus and the Dutch high-tech crime-unit tasked to investigate the very criminal activity CB3ROB hosts and A2B Internet routed, were meeting together at an anti-cybercrime conference in the Caribbean. CB3ROB, A2B Internet and the phishing, malware and counterfeit goods outfits both were tacitly servicing were discussed and Spamhaus handed its files on CB3ROB and A2B Internet to the Dutch HTCU's senior investigator."
I think in the entire history of Slashdot, only one post was ever removed. I forgot if it was due to a lost lawsuit or a lawsuit that would likely be lost and be very expensive.
Because their spamming customers are the ones who send the spam.
It is clear, from their own admissions, that Cyberbunker is a spam supporting service. Its no matter what service means that when Cyberbunker receives spam complaints, Cyberbunker will ignore the complaints.
See the Cyberbunker "Mind your own business" policy:
http://cyberbunker.com/disaster-free-hosting.html
"Most of our customers desire to stay anonymous. In some cases we do not even know who our customers actually are. We have no idea and we
simply do not care. Who ever you are, it is our business to keep you online."
---
"CyberBunker does not poke around on your servers. Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine. CyberBunker has adopted a policy not to mind our clients business. Our famous "Mind Your Own Business" policy."
Fight Spammers!
Spamhaus, and the other similar site, do more than "just" block IP addresses. A few years ago, when I lived in Chicago, one of them blocked not my IP, but the ENTIRE RANGE of my ISP - that is, they blocked the mailhost for RoadRunner Chicago, which was *the* major ISP for all of the city of Chicago. Frequently, on the CentOS mailing list, my email bounces, because my email, coming out of my hosting provider, is blocked. My provider - hostmonster/bluehost - has *thousands* or tens of thousands of domains' email coming in and out of a given named mailserver, which asserts one IP... and if one or more of those (usually WinDoze) folks get infected and send out crap, *everyone's* mailserver is blocked.
Their approach is *wrong*, It imagines that everyone has a static IP, and their mail coming out of that, not the reality of today.
mark
I don't see their "abuse policy" that you post.
What I do see on http://cyberbunker.com/disaster-free-hosting.html is:
"As long as your hosting fee is paid CyberBunker will do anything in its power to keep your servers up. In addition CyberBunker protects your servers also from others who might want to take your servers down like the DMCA, your competitors, authorities, burglars, governments and terrorists. "
Fight Spammers!
Once upon a time, your ISP was also usually your email provider. Hasn't been the case for a long time, though many people still find it convenient to use their ISP's mail for some purposes, but probably most people today either use a separate email provider for most of their mail, or use an ISP that outsources their email service to an email provider instead of running their own (e.g. mx.little-isp.net actually points to big-email-provider.net.)
So you either do or don't want to use an email provider that uses a specific RBL as part of their email filtering. Spamhaus has always had the reputation of providing high-quality conservative lists, as opposed to some RBLs that exclude all home IP connections (which are 99% zombie spammers and 1% home Linux users), or some lists that are extremely aggressive and non-responsive (e.g. SPEWS.)
My main email provider lets me choose a bunch of lists that can go into SpamAssassin weightings or just be used absolutely. For instance, I don't want any email from Nigeria or Korea, so those are on the hard-block list, but I do know people in South Africa and Japan, so those are only SpamAssassin weights.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Sure, in that case you would. But if you owned a bricks and mortar store, and the Better Business Bureau listed you as having a reputation for selling spoiled food or stolen goods, you wouldn't call the police on the BBB - you might sue them, or you might whine about how the BBB are a bunch of extortionists.
Calling the police is a more extreme reaction than sueing somebody. It's something you do if you think somebody needs to go to jail.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Spamhaus is implementing the agenda of a whole lot of third parties - it's their customers, who don't like receiving spam.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
SPEWS's main problem wasn't that they got DOS'd, though it didn't help them. Their main problem was that they had a reputation for providing low-quality results, blocking way too much legitimate email, and it was nearly impossible to contact them in case you were inappropriately listed. So if you were an email mailbox provider using them as a direct blocking service, you'd be getting huge numbers of false positives, and have to track down complaints from your users about lost mail. At best, they were useful as input to SpamAssassin. (I don't know if they're still operating the same way these days; I gather Michelle sold them or something, but haven't followed the details.)
Spamhaus's reputation over the years has been that they're really conservative, and almost never have false positive problems. That doesn't mean that they don't occasionally list ISPs who have some spammer customers and some non-spammer customers, but they're not in the Nuclear Overkill business the way SPEWS was.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks