The Spamhaus Project: Wikis

  
  

Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.

Encyclopedia

From Wikipedia, the free encyclopedia

The Spamhaus Project is a volunteer effort founded by Steve Linford in 1998 to track e-mail spammers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German expression for an ISP or other firm which spams or willingly provides service to spammers.

Contents

Spamhaus DNSBLs

Spamhaus is responsible for three widely used anti-spam DNS Blocklists (DNSBLs) — the Spamhaus Block List (SBL), the Exploits Block List (XBL), and the Policy Block List (PBL). Many internet service providers and other Internet sites use these services to reduce the amount of spam they take on. The SBL, XBL and PBL collectively protect over 1.4 billion e-mail users, according to Spamhaus' web page (June 2008) and are estimated to block 80 billion spam emails per day globally on the internet (almost 1 million spams per second). Like most DNSBLs, their use is controversial.

The Spamhaus Block List (SBL)[1] targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services[2] The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below.

The Exploits Block List (XBL)[3] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by two contributing DNSBL operations — the Composite Blocking List (CBL) and the Not Just Another Bogus List (NJABL) lists.

The Policy Block List (PBL)[4] is a list that serves many of the same functions of a Dialup Users List, but really it is not a DUL. The PBL lists not only dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections', but static assignments that shouldn't be sending email without prior arrangement. Examples of such are an ISP's core routers, corporate users required by policy to send via their internal mail server, and unassigned IP addresses. Much of the data is provided to Spamhaus by the organizers (ISPs) of the IP address space.

Spamhaus's DNSBLs are offered as a free public service to low-volume mail server operators on the Internet.[5] Commercial spam filtering services and other large sites doing large numbers of queries must instead sign-up for an rsync-based feed of these DNSBLs, which Spamhaus calls its Datafeed Service,[6] at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list,[7] and they must also pass a background check to make sure they do not knowingly or intentionally provide services to spammers.

Spamhaus also provides two combined DNSBLs. One is the SBL+XBL[8] which allows users to query sbl-xbl.spamhaus.org once and get return codes from both lists. A newer combination is called ZEN[9] (named after founder Linford's dog), which allows users to query zen.spamhaus.org once and get return codes from the SBL+XBL and the newer PBL.

Spamhaus outlines the way its DNSBL technology works in a document called Understanding DNSBL Filtering.[10]

Register of Known Spam Operations

The Spamhaus Register of Known Spam Operations (ROKSO)[11] is a database of "hard-core spam gangs" -- spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly-sourced information about these persons and their business and at times criminal activities.

The ROKSO database is nowadays part of the signup checking procedure of many of the major ISPs, ensuring that ROKSO-listed spammers find it difficult to get hosting. A listing on ROKSO also means that all IP addresses associated with the spammer (his other domains, sites, servers, etc.) get listed on the Spamhaus SBL as "under the control of a ROKSO-listed spammer" whether there is spam coming from them or not (as a preventative measure).

There is a special version of ROKSO available to Law Enforcement Agencies (for which LEAs need to apply for access) which gives access to data on hundreds of spam gangs, with evidence, logs and information on illegal activities of these gangs, too sensitive to publish in the public part of ROKSO.

Don't Route Or Peer List

The Spamhaus Don't Route Or Peer (DROP) List[12] is a text file delineating so-called "zombie" (stolen) CIDR blocks and netblocks which are "totally controlled by spammers or 100% spam hosting operations", as shown by SBL listings, with the numbers of the underlying listings as comments. It is intended not to include netblocks registered to ISPs and sublet to spammers, but only those blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to block network traffic from and to those blocks.

Conflicts

e360 Lawsuit

In September 2006 an American spammer named David Linhardt, operating as "e360 Insight LLC", filed suit in an Illinois state court against Spamhaus for blacklisting his website. Spamhaus initially succeeded in moving the case from state to federal court, but then on the advice of its British lawyers it stopped defending itself against the lawsuit, because it is based in the United Kingdom and outside the jurisdiction of United States courts.[13][14] Spamhaus refused to proceed with the case until the Illinois court had examined Spamhaus's objection to the American court's jurisdiction. Because Spamhaus was the party which had asked to have the case moved to the Federal courts, the court concluded that by doing so Spamhaus had, on a technicality, accepted the court's jurisdiction. Spamhaus however never accepted the US court's jurisdiction, refused to participate in the case any further, and withdrew its counsel. Since Spamhaus was deemed to have accepted jurisdiction and then failed to defend the case, the American court awarded e360 a default judgment totaling $11,715,000 in damages. Spamhaus subsequently announced that it would ignore the judgment because default judgments issued by US courts without a trial are not recognized by courts of other countries, including the UK.[15][16] In September 2007, however, the Chicago law firm of Jenner & Block LLC took up Spamhaus's case pro bono publico, and the default award and injunction against Spamhaus were overturned on appeal.[17]

e360 filed a motion in Federal court to attempt to force ICANN to remove the domain records of Spamhaus until the default judgment had been satisfied.[18] This raised international issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names,[19][20] and ICANN protested[21] that they had neither the ability, nor the authority, to remove the domain records of Spamhaus, which is a UK-based not-for-profit organization.

On 2006-10-20, U.S. Federal District Court Judge Charles Kocoras, for the Northern District of Illinois, issued a ruling denying e360's motion, stating in his opinion, that "there has been no indication that ICANN [is] not [an] independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e., Spamhaus' refusal to satisfy the default judgment] neither will we impose a sanction that does not correspond to the gravity of the offending conduct."[22][23]

In January 2008 e360 Insight LLC filed for bankruptcy and closed down, citing astronomical legal bills associated with this court case as the reason for its demise.[24]

The publicity surrounding the e360 lawsuit boosted Spamhaus's reputation as an organization that could not be instructed by American courts and which therefore stood steadfast in the path of spammers using courts to facilitate spam. In the years since the e360 case, no spammers attempted further lawsuits against Spamhaus.

Spamhaus versus nic.at

In June 2007 Spamhaus requested the national registry of Austria nic.at to suspend a number of domains registered anonymously by phishing gangs because of their use for illegal bank phishing purposes.[25] The registry nic.at rejected the request and argued that they would break Austrian law by suspending domains even when registered for criminal purposes. Spamhaus informed Nic.at that the domains were registered with fake addresses and paid for with stolen credit cards, and were phishing major banks including German banks, but still Nic.at refused to intervene. Further nic.at argued that the respective DNS-providers should remove the domains. But in reality, Nic.at hid the fact that they were both the registry AND the hosting registrar of the phishing domains (i.e., Nic.at had a financial incentive in the domains).[25][citation needed]

To highlight the serious issue of the Austrian registry's knowing involvement in the phishing of millions of peoples' bank accounts, Spamhaus put the mail server of nic.at on their SBL spam blacklist under the SBL's policy: "Knowingly Providing a Spam Support Service for Profit" for several days which caused interference of mail traffic at Nic.at. An employee of Nic.at thus wrote an anti-Spamhaus article on Heise.de (without mentioning in the article that he worked for Nic.at).[26][27][28] For some time Spamhaus had a pointer entry (SBL55483)[29] for the single IP address 192.174.68.0/32 to highlight how nic.at supports phishing. This listing did not block any email, since this address is unused. This entry has since been removed. All of the phishing domains have since been deleted/suspended by Nic.at and the respective DNS-providers.[25][30]

Spamhaus trademarked

Spamhaus has been given the blessing of Hormel, to trademark the name Spamhaus in the European Union. "Spamhaus" is now a Registered Trademark, No. 005703392[31]

See also

References

  1. ^ Spamhaus Block List (SBL)
  2. ^ Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. Spamhaus.org Retrieved 2007-02-04.
  3. ^ Spamhaus Exploits Block List (XBL)
  4. ^ Spamhaus Policy Block List (PBL)
  5. ^ Spamhaus DNSBL Usage
  6. ^ Spamhaus Datafeed, spamhaus.org
  7. ^ Spamhaus's top ten worst spam service ISPs list, spamhaus.org
  8. ^ Linford, Steve. "How do I use the SBL?". The Spamhaus Project website. Spamhaus.org, Retrieved 2007-02-04.
  9. ^ Spamhaus ZEN, spamhaus.org
  10. ^ Understanding DNSBL Filtering, spamhaus.org
  11. ^ Spamhaus Register of Known Spam Operations (ROKSO)
  12. ^ The Spamhaus Don't Route Or Peer List (DROP)
  13. ^ Leyden, John. "Spamhaus fights US court domain threat". The Register. 2006-10-10. TheRegister.co.uk Retrieved 2007-02-04.
  14. ^ Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Spamhaus.org Retrieved 2007-02-04.
  15. ^ Evers, Joris. "Spam fighter hit with $11.7 million judgment". CNET News.com. 2006-09-14. News.com.com Retrieved 2007-02-04.]
  16. ^ "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006". The Spamhaus Project website. Spamhaus.org 2006-10-06. Retrieved 2007-02-04. (PDF version of Proposed Order)
  17. ^ Spamhaus.org
  18. ^ Linford, Steve. "Court Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Spamhaus.org Retrieved 2007-02-04.
  19. ^ Linford, Steve. "responds here". The Spamhaus Project website. Spamhaus.org (No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily, Spammer Cajoles ICANN To Ban Spamhaus, Groups.google.com, highspeed and Groups.google.com, abuse.email as of 2007-02-04.)
  20. ^ Carvajal, Doreen. "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times. 2006-10-16. NYtimes.com Retrieved 2007-02-04.
  21. ^ "Spamhaus Litigation Update". ICANN. 2006-10-10. ICANN.org Retrieved 2007-02-04.
  22. ^ "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006". ICANN. 2006-10-20. ICANN.org Retrieved 2007-02-04. (signed version of denial without prejudice of Plaintiffs’ motion [26] for a rule to show cause)
  23. ^ "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". Cheap Web Hosting Directory. 2006-10-30. Cheaphostingdirectory.com Retrieved 2006-02-04.
  24. ^ "e360 Gone Bust"
  25. ^ a b c Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at Nic.at, spamhaus.org
  26. ^ Structure: Membership Of The Sponsorship Council
  27. ^ Spamhaus.org setzt Österreichs Domainverwaltung unter Druck, 19 June 2007, heise.de
  28. ^ Spamhaus.org entfernt einen von zwei nic.at-Einträgen, heise.de
  29. ^ SBL55483, spamhaus.org
  30. ^ Quote NIC.at CEO Wein: “Die DNS-Provider der Domains haben die Einträge gelöscht.” (“The DNS provider deleted the domain entries.”), heise.de
  31. ^ Hormel OKs Spamhaus' Trademark [ClickZ Internet Marketing Solutions for Marketers]

External links








Got something to say? Make a comment.
Your name
Your email address
Message