The Spamhaus Project

From Wikipedia, the free encyclopedia

The Spamhaus Project is a volunteer effort founded by Steve Linford in 1998 that aims to track e-mail spammers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German expression for an ISP or other firm which spams or willingly provides service to spammers.

Contents

[edit] Spamhaus DNSBLs

Spamhaus is responsible for three widely used anti-spam DNS Blocklists (DNSBLs) — the Spamhaus Block List (SBL), the Exploits Block List (XBL), and the Policy Block List (PBL). Many internet service providers and other Internet sites use these free services to reduce the amount of spam they take on. The SBL, XBL and PBL collectively protect over 500 million e-mail users, according to Spamhaus' web page (December 2006). Like most DNSBLs, their use is controversial.

The Spamhaus Block List (SBL)[1] targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services[2]. The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below.

The Exploits Block List (XBL)[3] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by two contributing DNSBL operations — the Composite Blocking List (CBL) and the Not Just Another Bogus List (NJABL) lists.

The Policy Block List (PBL)[4] is a list that serves many of the same functions of a Dialup Users List, but really it is not a DUL. The PBL lists not only dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections', but static assignments that shouldn't be sending email without prior arrangement. Examples of such are an ISP's core routers, corporate users required by policy to send via their internal mail server, and unassigned IP addresses. Much of the data is provided to Spamhaus by the owners (ISPs) of the IP address space.

Spamhaus's DNSBLs are offered as a free public service to low-volume mail server operators on the Internet.[5] Spam filtering services and other large sites doing large numbers of queries must instead sign-up for an rsync-based feed of these DNSBLs, which Spamhaus calls its Data Feed[6], at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list[7], and they must also pass a background check to make sure they do not knowingly or intentionally provide services to spammers.

Spamhaus also provides two combined DNSBLs. One is the SBL+XBL[8], which allows users to query sbl-xbl.spamhaus.org once and get return codes from both lists. A newer combination is called ZEN[9] (named after founder Linford's dog), which allows users to query zen.spamhaus.org once and get return codes from the SBL+XBL and the newer PBL.

[edit] Register of Known Spam Operations

The Spamhaus Register of Known Spam Operations (ROKSO)[10] is a database of "hard-core spam gangs" -- spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly-sourced information about these persons and their business and at times criminal activities.

As Spamhaus operates in the United Kingdom, it is subject to the Data Protection Act which restricts its ability to publish private information legally. For this reason, ROKSO publishes only information gathered from public sources such as newspapers, court records, incorporation filings, and other public records. Spamhaus also keeps additional information on spammers for disclosure only to law enforcement agencies.

[edit] Don't Route Or Peer List

The Spamhaus Don't Route Or Peer (DROP) List[11] is a text file delineating so-called "zombie" (stolen) CIDR blocks and netblocks which are "totally controlled by spammers or 100% spam hosting operations", as shown by SBL listings, with the numbers of the underlying listings as comments. It is intended not to include netblocks registered to ISPs and sublet to spammers, but only those blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to block network traffic from and to those blocks.

[edit] e360 Lawsuit

In September 2006 an American spammer named David Linhardt, operating as "e360 Insight LLC", filed suit in an Illinois state court against Spamhaus for blacklisting his website. Spamhaus initially succeeded in moving the case from state to federal court, but then stopped defending itself against the lawsuit, because it is based in the United Kingdom and outside the jurisdiction of United States courts.[12][13] The American court had no choice but to award e360 a default judgment totaling $11,715,000 in damages. Spamhaus subsequently announced that it would ignore the judgment.[14][15]

e360 filed a motion in Federal court to force ICANN to remove the domain records of Spamhaus until the default judgment had been satisfied.[16] This raised issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names,[17][18] and ICANN protested[19] that they had neither the ability, nor the authority, to remove the domain records of Spamhaus, which is a UK-based not-for-profit organization.

On 2006-10-20, U.S. Federal District Court Judge Charles Kocoras, for the Northern District of Illinois, issued a ruling denying e360's motion, stating in his opinion, that "there has been no indication that ICANN [is] not [an] independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e. Spamhaus' refusal to satisfy the default judgment] neither will we impose a sanction that does not correspond to the gravity of the offending conduct."[20][21]

[edit] Spamhaus versus nic.at

In June 2007 Spamhaus requested the national registry of Austria nic.at to unregister a number of domains because of their use for phishing purposes [22]. The registry nic.at rejected that request and argued that they would break Austrian law when doing so. Further nic.at argued that the respective DNS-providers should remove the domain.

To put more pressure on the Austrian registry Spamhaus put the mail server of nic.at on their spam blacklist for several days which caused interference of mail traffic.[23]. For some time Spamhaus had a pointer entry (SBL55483) for the single IP address 192.174.68.0/32 to highlight how nic.at supports phishing. This listing did not block any email, since this address is unused. This entry has since been removed. Most of the phishing domains have since been deleted/suspended by the respective DNS-providers.[citation needed]

[edit] Spamhaus trademarked

Spamhaus has been given the blessing of Hormel, to trademark the name Spamhaus in the European Union.[24]

[edit] See also

[edit] References

  1. ^ Spamhaus Block List (SBL)
  2. ^ Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. http://www.spamhaus.org/sbl/policy.html Retrieved 2007-02-04.
  3. ^ Spamhaus Exploits Block List (XBL)
  4. ^ Spamhaus Policy Block List (PBL)
  5. ^ Spamhaus DNSBL Usage
  6. ^ Spamhaus Data Feed
  7. ^ Spamhaus's top ten worst spam service ISPs list
  8. ^ Linford, Steve. "How do I use the SBL?". The Spamhaus Project website. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#11 Retrieved 2007-02-04.
  9. ^ Spamhaus ZEN
  10. ^ Spamhaus Register of Known Spam Operations (ROKSO)
  11. ^ The Spamhaus Don't Route Or Peer List (DROP)
  12. ^ Leyden, John. "Spamhaus fights US court domain threat". The Register. 2006-10-10. http://www.theregister.co.uk/2006/10/10/spamhaus_domain_threat/ Retrieved 2007-02-04.
  13. ^ Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=1 Retrieved 2007-02-04.
  14. ^ Evers, Joris. "Spam fighter hit with $11.7 million judgment". CNET News.com. 2006-09-14. http://news.com.com/Spam+fighter+hit+with+11+million+judgment/2100-7350_3-6116009.html Retrieved 2007-02-04.]
  15. ^ "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006". The Spamhaus Project website. http://www.spamhaus.org/archive/legal/e360/kocoras_order_6_10.pdf 2006-10-06. Retrieved 2007-02-04. (PDF version of PROPOSED ORDER)
  16. ^ Linford, Steve. "Court Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=3 Retrieved 2007-02-04.
  17. ^ Linford, Steve. "responds here". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=4 (No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily, Spammer Cajoles ICANN To Ban Spamhaus, http://groups.google.com/group/can.internet.highspeed/msg/d7fd46181af17980, and http://groups.google.com/group/news.admin.net-abuse.email/msg/384a3cb77617a762 as of 2007-02-04.)
  18. ^ Carvajal, Doreen. "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times. 2006-10-16. http://www.nytimes.com/2006/10/16/technology/16spam.html?ex=1318651200&en=cd20af3993bc7480&ei=5090&partner=rssuserland&emc=rss Retrieved 2007-02-04.
  19. ^ "Spamhaus Litigation Update". ICANN. 2006-10-10. http://www.icann.org/announcements/announcement-10oct06.htm Retrieved 2007-02-04.
  20. ^ "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006". ICANN. 2006-10-20. http://www.icann.org/legal/spamhaus/denial-proposed_order-19oct06.pdf Retrieved 2007-02-04. (signed version of denial without prejudice of Plaintiffs’ motion [26] for a rule to show cause)
  21. ^ "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". Cheap Web Hosting Directory. 2006-10-30. http://www.cheaphostingdirectory.com/news-domain-firm-tucows-and-icann-win-spamhaus-litigation-2513.html Retrieved 2006-02-04.
  22. ^ Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at Nic.at
  23. ^ Spamhaus.org setzt Österreichs Domainverwaltung unter Druck
  24. ^ Hormel OKs Spamhaus' Trademark [ClickZ Internet Marketing Solutions for Marketers]

[edit] External links

v  d  e
Spamming
History · Network Abuse Clearinghouse
Protocols
Other
Anti-spam
Spamdexing
Internet fraud