×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

218 comments

Incorrect summary (5, Interesting)

TechLA (2482532) | more than 2 years ago | (#37703920)

A2B DID block the spammer, they blocked his ip. What Spamhaus wanted was stop routing traffic for the whole CyberBunker (who route traffic for The Pirate Bay etc) who are not spammers. They had a single customer that spammed, and A2B as upstream provider blocked that ip instead. What they didn't do was block the innocent CyberBunker completely, and after that Spamhaus added A2B - completely third party - to their blacklist. That's complete bullshit and blackmail.

Re:Incorrect summary (1)

Dexter Herbivore (1322345) | more than 2 years ago | (#37703986)

Ah, that may explain it. If so, my comments below can be ignored. Instead, I'll say that this seems to be an over-reaction from both Spamhaus and A2B. Spamhaus for blacklisting, A2B for involving police when it seems unneccesary.

Re:Incorrect summary (0)

Anonymous Coward | more than 2 years ago | (#37704140)

Who else are you gonna call when someone is interfering with your business as an ISP? Ghostbusters? Internet cops?

Re:Incorrect summary (1)

gtbritishskull (1435843) | more than 2 years ago | (#37704366)

A lawyer.

Re:Incorrect summary (1)

Nadaka (224565) | more than 2 years ago | (#37704560)

The district attorney is a lawyer, the correct one when dealing with criminal actions.

Re:Incorrect summary (1)

scubamage (727538) | more than 2 years ago | (#37704894)

This isn't criminal, this is civil. At least by US law, now how it flies in Holland may be completely different.

Good. (0)

fyngyrz (762201) | more than 2 years ago | (#37705192)

Whatever, it's good to see some kickback here. I never asked for Spamhaus to be my Internet Mommy. As far as I'm concerned, they're no more than a bunch of low-lives, just as bad as the spammers themselves, and for *exactly* the same reason -- they're screwing with my inbox without my permission.

The correct way to deal with spam is legislation, legal enforcement, and more secure operating systems. Not by screwing with the mail system mechanism itself.

Wrong blame (2)

mrball_cb (463566) | more than 2 years ago | (#37705854)

You're blaming the wrong entity. If you're concerned with this, you should be complaining to your ISP _whom_you_pay_ that they use Spamhaus. You have control of your service, go buy it from someone who doesn't use Spamhaus. Spamhaus isn't screwing with your Inbox, your ISP _whom_you_pay_ is screwing with your Inbox by their choice to use Spamhaus.

Don't get me wrong, I think Spamhaus is one of the best things since sliced bread. Why does your ISP _choose_ to use Spamhaus? Because the extra cost and resources involved with NOT using Spamhaus would impact their bottom line and they would have to charge you more.

Before all the botnet takedowns, RBL's used to account for blocking about 80-85% of inbound connections. Now it's down to less than 50%.
$ emailstats
Webmail System Statistics for 2011-10-12

  TotalIncoming: 187662
                      RBL: 100601
                  Spams: 19439
              Viruses: 192
            Accepted: 67430
LocalDelivered: 53243
          Forwarded: 14187
      PercentGood: 35.9316

Re:Good. (2)

Eggplant62 (120514) | more than 2 years ago | (#37706014)

You don't realize how SMTP or the Internet works, my friend. A2B is about to suffer from a death by a good number of admins simply adding their network addresses to private firewall and routers settings. You see, what I do at the border of my network is my business. I consult Spamhaus for their opinion regarding the reputation of email traffic. My mail sever is set to query the Spamhaus DNS servers whenever another mail server connects to deliver mail. It's not by default that my server is set that way; I took action to make it so. Spamhaus is simply a consultant in this relationship. They watch for spammy mail. It's their list and if A2B didn't follow the requirements to be removed, then others like me may have problems receiving your email, again by our choice. Now, I'll take a few minutes to ensure that A2B's network blocks are listed in my own border router's rules file so that any traffic received there is simply tossed on the floor, not that I would expect much traffic. But then, that's just me. I can't predict the behavior of any other system admin out there. Your move.

Re:Good. (1)

jafiwam (310805) | more than 2 years ago | (#37706172)

Yup, pretty much. Spamhaus is simply a service that admins may use for advice on what to block.

It's up to the admins to agree with what they do and not use them if they get out of line.

That said, any admin that does use Spamhaus is a complete idiot. But, it's quite within their rights to be a complete idiot about administering their own mail servers.

Re:Incorrect summary (1)

gtbritishskull (1435843) | more than 2 years ago | (#37705234)

What is criminal about it? A spam-blacklisting service is classifying someone as a spam-producer. Is that illegal? If they are incorrectly classified and it adversely affects their business, then they possibly have a valid civil suit. But I still don't see what Spamhaus has done to break the law. The only possible one I can think of would be libel, but that would be a big stretch.

Re:Incorrect summary (2)

St.Creed (853824) | more than 2 years ago | (#37705262)

Forcing someone to cooperate "or else" can be construed as blackmail and can then be cause for a criminal suit - the fact that you can mitigate the attack does not remove the threat (just as buying a fire extinguisher doesn't mean being threatened by someone with arson is no longer a case for the police).

Re:Incorrect summary (1)

gtbritishskull (1435843) | more than 2 years ago | (#37705674)

Blackmail [wikipedia.org]...

"Whoever, under a threat of informing, or as a consideration for not informing, against any violation of any law of the United States, demands or receives any money or other valuable thing, shall be fined under this title or imprisoned not more than one year, or both."

How does Spamhaus "demands or receives any money or other valuable thing"? The only benefit they would see is that there is less spam on the internet. Which does not really benefit Spamhaus as much as society as a whole. And might actually hurt them because without spam there would be no need for spam blacklists.

Re:Incorrect summary (0)

Anonymous Coward | more than 2 years ago | (#37706028)

I have a magic rock to sell you that keeps tigers away

Re:Incorrect summary (1)

mattventura (1408229) | more than 2 years ago | (#37705266)

They ARE incorrectly classifying them. They ARE blackmailing them. Spamhaus wanted them to block a huge chunk of IPs belonging to innocent customers, but A2B instead just blocked the single spam IP. Spamhaus thought that this was reasonable grounds for classifying them as spammers, which is complete BS.

Re:Incorrect summary (1)

gtbritishskull (1435843) | more than 2 years ago | (#37705812)

They ARE incorrectly classifying them.

I did not say they were not incorrectly classifying them. I am not intimate enough with the situation to make that conclusion. But, I am pretty sure that, whether right or wrong, they are not performing a criminal act (so A2B should talk to a lawyer, not the police).

They ARE blackmailing them.

I don't think that word means what you think it means. Generally (at least in the US, I am not as familiar with the Netherlands), for it to be blackmail you have to benefit from your demands. "Stop stealing or I will tell the police" is not blackmail. "Give me $100 or I will tell the police" is. From what I understand, Spamhaus is saying "Stop supporting spammers or we will blacklist you". I do not see how A2B submitting to Spamhaus's demands will benefit Spamhaus. If you see it differently, please educate me.

BTW... I am not trying to take a side between Spamhaus and A2B. I just do not see why A2B is trying to make this a criminal matter instead of a civil one.

Re:Incorrect summary (1)

anomaly256 (1243020) | more than 2 years ago | (#37706058)

Someone earlier mentioned the ISP in question, Cyberbunker, routes traffic for The Pirate Bay - maybe the 'valuable item' is part of a 3rd party's agenda spamhaus is getting paid to implement.. [insert conspiracy theory here]

Re:Incorrect summary (2)

anomaly256 (1243020) | more than 2 years ago | (#37706094)

Also, blocking the service IS taking away a valuable item from A2B - for an ISP that's oxygen. It's damaging and crippling. They were effectively attacked and continued to be attacked until they gave in to unreasonable demands. That IS blackmail. Valuable items need not be tangible physical goods - intellectual property is valuable, time is valuable, reputation is also valuable.

Re:Incorrect summary (1)

Synerg1y (2169962) | more than 2 years ago | (#37705452)

If A2B can prove that they lost revenue by Spamhaus unjustly interfering with their business, they may have a case, but I can see Spamhaus arguing that blacklisting A2B is no different from putting a picket line in front of their building, which at least in the states falls under the 1st amendment and is perfectly legal. But just like people might have a problem with a picket line being outside a company for no just cause, as might there be a problem with blacklisting those who don't deserve it. Does seem like an over reaction though of 2 CEOs who haven't quite learned how to deal with things in a calm and professional manner to compromise.

Re:Incorrect summary (5, Insightful)

Anonymous Coward | more than 2 years ago | (#37704004)

If spamhaus starts blacklisting entities that do not spam, people will stop trusting and using spamhaus. Police or no, Spamhaus is harming itself when it oversteps its natural bounds.

Re:Incorrect summary (1)

Anonymous Coward | more than 2 years ago | (#37704118)

^ this

Re:Incorrect summary (1)

TechLA (2482532) | more than 2 years ago | (#37704152)

That's true, but Spamhaus lists are used in so many places that it can easily cause severe damage to hosting companies or ISP's when their customers are suddenly blocked or even cause direct damage to the customers as they're now listed in Spamhaus. They may hurt their own reputation (depending on how media spins the story), but along the way they can easily bring down a few innocent ISP's and their business. That's why it's stupid to put such a trust for single service. This isn't the first time Spamhaus has blackmailed companies either, in 2007 they blacklisted whole Austrian domain registry nic.at [wikipedia.org] because by Austrian law they couldn't remove certain domains for other reasons than fake whois info. In the end Spamhaus went and blacklisted for nic.at for "Knowingly Providing a Spam Support Service for Profit", which seems like bullshit too.

Re:Incorrect summary (0)

Anonymous Coward | more than 2 years ago | (#37705832)

Starts?

They've been doing it for ages now. People who use blacklists are just as bad as the people who actually order Viagra via e-mail.

Re:Incorrect summary (0)

Anonymous Coward | more than 2 years ago | (#37704388)

TechLA, where are you getting your info - only from A2B?

A2B is known as a spammy ISP and A2B's customer CyberBunker is just pure spam and crime all the way. You can be sure that whatever A2B say is definitely NOT the truth and nobody's heard Spamhaus's side. If you don't trust Spamhaus to block bad spam dumps like CyberBunker, don't use them. Do your own blocking instead assuming you know more than them.

Re:Incorrect summary (4, Interesting)

TheMMaster (527904) | more than 2 years ago | (#37704666)

Thanks for that!

I rent a server at cyberbunker and I have had long email discussions with spamhaus as well, with them going so far as suggesting that I go an find a new ISP.

Especially since the IP space I got from them is just a regular PA, and the ranges whois informations has a record with my personal name, address and telephone number in it. Spamhaus doesn't understand how the Internet works and is trying to basically nuke the cyberbunker from orbit by going one provider up the chain until they can find someone that will turn off every route...

Whereas the original spam report for the range was just ONE /29 that has the correct whois information...

"Just pure spam and crime" that is rather offensive considering that I just run my personal email, xmpp and some other services there. You're just as bad as spamhaus.

At the time I made a /. submission about it, I'll reproduce it below since the submission was rejected at the time:
---------
"I run a small server for some minor projects of mine, a mailserver for my family and several friends at a hosting provider. A couple of weeks ago my father started to complain that some of his mails were no longer being received. Upon further inspection it turned out that my entire ISP's IP range (the entire /19) was put in the Spamhaus Blocklist (SBL). After sending a request to de-list the IP range I control (a /29 in their /19), I got the following response: "Due to the hosting policies of the owner of this IP address block, our users do not wish to accept traffic from these IPs. We suggest you look for other arrangements as to your hosting."

The "Hosting policies" of my ISP do not appear to differ greatly from other ISPs, they name spamming as a breach of their TOS and do disconnect spammers. The only major difference I can see is that they do not give out personal information or kick (non spamming) clients off of the web without being legally forced to, which is a requirement in the EU country they are based in to qualify as a telco (and be not responsible for the content of their customers' websites) This stance towards net neutrality is why I chose them in the first place. Vote with your wallet, right?

According to the Spamhaus website The SBL's primary objective is to avoid 'false positives' while blocking as much spam as possible. To me blocking an entire ISP's netblock for, according to the listing, a grand total of three consecutive /29's that were originally reported (and likely from the same customer) and an entire /24 that's labeled entirely as "trademark fraud replicas" does not seem to me to be "avoiding false positives".

The end result is that without sending a single spam or hosting any malicious content, Spamhaus labels me a spammer and even 'cybercriminal' according to the SBL listing all because they apparently don't like my ISP . My questions being: Did any one of you ever find yourself between this particular rock and hard place? Did you manage to get the issue resolved without switching ISPs? And perhaps: Is it really Spamhaus' place to decide what ISP I use considering I'm a good netizen?"
-----

Re:Incorrect summary (2, Interesting)

lewiscr (3314) | more than 2 years ago | (#37704922)

Spamhaus has a policy of escalation. If the first blacklist doesn't work, widen the blacklist. Repeat until somebody notices. It worked for a while, it got customers like you to call your ISP to tell them to clean up their act.

I was blacklisted that way. I had a /29, and another /29 near me was blacklisted. I found out when the /24 was blacklisted, and my customers called to complain. I was lucky, I had a business relationship with the other /29, and we were able to get it de-listed in a couple of days. I spent most of those 3 days on the phone.

I've always found SpamHaus to be a bit draconian. From their point of view, they're a voluntary service, so they're free to shoot first and ask questions later. I however didn't find their service to be voluntary at all.

Re:Incorrect summary (2)

TheMMaster (527904) | more than 2 years ago | (#37705310)

Maybe but in my case it was never resolved, as you can see spamhaus is now trying to cut *ME* off of the internet entirely.

They are trying to get upstream to cut off the cyberbunker entirely, that is blackmail. And by cutting off the cyberbunker my IP range becomes entirely unroutabe, this leaves me in a rather precarious situation.

Re:Incorrect summary (1, Interesting)

lewiscr (3314) | more than 2 years ago | (#37705648)

That's exactly SpamHaus' intent. You're collateral damage, to make the 'net a better place.

I used to agree with the policy (before I actually seen it in action). Now, I think it's pretty irrelevant. Just blacklist the offending blocks, and move on.

Nuts? (0)

Dexter Herbivore (1322345) | more than 2 years ago | (#37703924)

I'm not particularly sure who's more nuts. Spamhaus for over-reacting, or A2B for being a-holes and ignoring the initial complaint. Both seem to have handled this poorly.

Re:Nuts? (0)

Dexter Herbivore (1322345) | more than 2 years ago | (#37703942)

A little explanation from previous experience, Spamhaus don't seem to usually make frivolous complaints, so I'm assuming that their initial complaint was valid even though A2B denies it.

Re:Nuts? (0)

Anonymous Coward | more than 2 years ago | (#37705604)

The issue appears to be that they DID block the spammer, but the complaint wanted them to block CyberBunker who routes traffic for The Pirate Bay as well.

Re:Nuts? (0)

Anonymous Coward | more than 2 years ago | (#37703958)

I'm not particularly sure who's more nuts. Spamhaus for over-reacting, or A2B for being a-holes and ignoring the initial complaint. Both seem to have handled this poorly.

TFA says they blocked the spammer's IP, where Spamhaus wanted them to block an entire upstream datacenter, which is insane.

If I was spamhaus and I blocked everyone I thought was spamming the Internet, gramma wouldn't be able to send out lolcats anymore.

Re:Nuts? (0)

Anonymous Coward | more than 2 years ago | (#37704050)

If I was spamhaus and I blocked everyone I thought was spamming the Internet, gramma wouldn't be able to send out lolcats anymore.

Might I suggest a different hypothetical situation? Around here, that one just put all public support behind Spamhaus's cause.

Re:Nuts? (0)

Anonymous Coward | more than 2 years ago | (#37703982)

RTFA - they didn't ignore the initial complaint. They DID block the spammer's IP address. Spamhaus wanted them to block ALL of cyberbunker's IP addresses (including many customers who were NOT spammers). Spamhaus blacklisted A2B because A2B wouldn't block the entire datacenter.

Re:Nuts? (2)

www.sorehands.com (142825) | more than 2 years ago | (#37704160)

Yeah, they blocked one IP used by a spammer. How many spammers use one IP address? They use one IP address, then when that is blocked, switch to another, and another, and another....

Re:Nuts? (1)

TheMMaster (527904) | more than 2 years ago | (#37705340)

I rent a server and a /29 in the cyberbunker, as far as I'm concerned spamhaus is trying to strongarm my my upstream providers upstream provider. I had nothing to do with any of this, but I stand to lose my ip range and services THAT I PAID FOR.

It's NOT reasonable from spamhaus to expect an entire ISP to be blackholed for ONE spam complaint 2 levels below.

Re:Nuts? (0)

Anonymous Coward | more than 2 years ago | (#37704568)

If those customers choose to do business with an ISP that is engaged in criminal activity, they reap what they sow. That ISP could simply block the offending IP, then issue the same spammer another IP. Furthermore, if the ISP is allowing people to engage in unscrupulous activity directed at those outside their network, how much care are they taking to ensure the security of the other 'legitimate' business on their network.

Is this really a police matter? (0, Interesting)

logjon (1411219) | more than 2 years ago | (#37703932)

Seems to me that spamhaus should be allowed to destroy its own credibility without law enforcement intervening.

Re:Is this really a police matter? (1)

shentino (1139071) | more than 2 years ago | (#37704650)

If Spamhaus is using its currently intact credibility as leverage, that very much is not appropriate.

Re:Is this really a police matter? (1)

sjames (1099) | more than 2 years ago | (#37704684)

And tough luck for A2B and Cyberbunker? I'm sure news of Spamhaus's demise will cheer them greatly at their own bankruptcy hearings.

Re:Is this really a police matter? (1)

fyngyrz (762201) | more than 2 years ago | (#37705286)

FTFY: What you're actually saying is that Spamhaus should be allowed to destroy multiple senders and receiver's email capability without law enforcement intervening.

The thing is, they have no right to do this, and nowhere to GET a right to do this -- and THAT is why law enforcement should be provided with a means to show up at Spamhaus's door and arrest the lot of them.

I never signed up for Spamhaus to be my "Internet Mommy." They're presumptuous abusers of other people's rights. Just as bad as spammers, and for the same reason: direct interference with my email.

Moral outrage fight! (2)

1_brown_mouse (160511) | more than 2 years ago | (#37703964)

GO!

Seriously, anti-spam organizations tend to be as self righteous as born-again and on the wagon alcoholic evangelists.

Isn't it time to kill email?

Re:Moral outrage fight! (1)

Smallpond (221300) | more than 2 years ago | (#37705128)

If you don't like email, don't use it.

If you don't like spamhaus, don't use their blocklist. How hard is that?

Spamhaus lists IP addresses that send spam. If the ISP ignores complaints or moves the spammers to a different IP, then it will list the netblock or the whole ISP. Those of us who use their list appreciate it. It reduces the load on my email servers by thousands per day. Don't blame the messenger.

Re:Moral outrage fight! (1)

fyngyrz (762201) | more than 2 years ago | (#37705380)

If you don't like spamhaus, don't use their blocklist. How hard is that?

The problem is, when entities upstream from users (both senders and receivers) are deluded into using Spamhaus, and that in turn screws up those user's email -- the users themselves have zero recourse. So it isn't a matter of simply "deciding not to use a list." Spamhaus and every operation like them are exercising power over people who are defenseless, and who never authorized any such interference.

Re:Moral outrage fight! (1)

Smallpond (221300) | more than 2 years ago | (#37705906)

If you have a static IP and control over your DNS you can run your own mail server and do whatever you want. If you are on a cable modem and your ISP controls your domain, then you aren't really on the internet, are you? Just drink the kool-aid. Personally, I've never used my ISP's email service.

In any case, spamhaus lists are mostly automated. The data they use to list you might be supplied by your own ISP who are running the spamtraps and supplying the lists of dynamic addresses that aren't supposed to send mail.

When you see a whole ISP blocked, it isn't some arbitrary decision. I managed a server on XO, which had huge spam infestations at the time, and never had an email blocked. To get into ROKSO, you have to be actively moving spammers around to get around the blocks, and putting innocent victims on the blocked IPs so they will get unblocked. Don't forget that ISPs make money from spammers and it costs them money to block spam. The bad ones have no love of spamhaus.

Oh - and the email domains that I manage all filter on zen.spamhaus.org and I have no problems with what they block.

It's all about the Opinion (2, Informative)

Nom du Keyboard (633989) | more than 2 years ago | (#37704006)

Spamhaus publishes their Opinion about who are spam problems. It's a lot like Slashdot posts, which are the various contributor's Opinions. You can individually choose to believe, or not believe, any post(s) that you wish. And other ISP's can choose to accept, or reject, Spamhaus's Opinions about who and where troublesome spammers are. An Opinion is a very long way away from the accusation of Judge, Jury, and Executioner and only a fool would have made that unwarranted leap.

Re:It's all about the Opinion (4, Insightful)

TheCarp (96830) | more than 2 years ago | (#37704076)

Right, except that many people just configure their mail servers to take that opinion as gospel, and spamhaus certainly makes it easy to do so and encourages it.

So legally, you are indeed right. However, the end result is that their opinion carries a lot of weight, mostly because many many people just blindly apply it.

So, in effect, they become judge jury and executioner, in that, once their opnion is that you have transgressed, you will instantly be blackballed all over the internet. They have become little more than a bully, which is too bad because, I mostly like them and mostly agree that this is the right way to operate.

Of course.... I JUST posted my experience with them (or I should say, the experience that I came back from vacation to find one of my co-admins had):

http://slashdot.org/comments.pl?sid=2474882&cid=37703752 [slashdot.org]

Re:It's all about the Opinion (2)

Nom du Keyboard (633989) | more than 2 years ago | (#37704478)

Right, except that many people just configure their mail servers to take that opinion as gospel, and spamhaus certainly makes it easy to do so and encourages it.

What other people do is not Spamhaus's responsibility. If I were to post here to Slashdot for everybody to take all of their money and throw it into the ocean to support world peace, I'm not responsible that somebody actually did that. Put the blame where it actually lies, and it doesn't lie with Spamhaus.

Re:It's all about the Opinion (1)

TheCarp (96830) | more than 2 years ago | (#37704930)

Um right, so we pretty much agree then, except that you refuse to accept the use of the "judge jury and executioner" analogy except in the most strict sense. Ok Fine.

Is the problem that their opinions suck? Or is that that people listen to them? Actually, the problem is that their opinions suck AND people listen to them.

If their opinions sucked and people ignored them, we would have no issue and nothing to talk about.

If their opinions were good and people listened, we would have no issue (other than a philosophical one)

There exists a problem in that spamhaus issues opinions that are not grounded in good reasoning and legitimate evidence, and mail admins use that decision as is in their own setups automatically.

Generic and pedantic enough?

Re:It's all about the Opinion (0)

Anonymous Coward | more than 2 years ago | (#37705096)

Bad example. In your case, who makes the decision of listening you and who experiences the damages are the same people.

You should rather think about the poor guy whose ocean just got polluted because some psychopath agitator that can command sheep made a mindless speech without thinking of consequenses. I'm quite sure he'd find you not so innocent.

Re:It's all about the Opinion (1)

SydShamino (547793) | more than 2 years ago | (#37705148)

If you know that people listen to your opinion and do what you say, and you say things that can harm someone else, you can be held accountable. See any cult or mob leader who knows his followers hang on his words. They just say "it would be a shame if something happened to that ISP" and suddenly its servers are underwater wearing concrete shoes.

Plenty of leaders have been convicted for crimes based on this chain of events.

Re:It's all about the Opinion (0)

Anonymous Coward | more than 2 years ago | (#37705772)

Right, except that many people just configure their mail servers to take that opinion as gospel, and spamhaus certainly makes it easy to do so and encourages it.

What other people do is not Spamhaus's responsibility. If I were to post here to Slashdot for everybody to take all of their money and throw it into the ocean to support world peace, I'm not responsible that somebody actually did that. Put the blame where it actually lies, and it doesn't lie with Spamhaus.

I see this coming from Spamhaus supporters all of the time. Its utter garbage.

They publish a blacklist, and encourage people to use that blacklist to block spam. They even helped create automated tools to make it easy to do.

The people that use that tool do indeed block mail when Spamhaus tells them to. This is NOT an opinion, this is an automated system.

As an automated system, it fails the opinion test.

Even if it did not fail this test, and if we were to agree that this is Spamhaus' opinion, well, this means that Spamhaus effectively accused them of being spamers for blocking the spammer, and not the spamers IP provider. It's a clear case of slander on the part Spamhaus (oh, and this is when the fanboys start backtracking and saying its a system for preventing SPAM...)

Any way you cut it, at some point in time someone will successfully sue them for this BS behavior.

Re:It's all about the Opinion (3, Insightful)

Spazmania (174582) | more than 2 years ago | (#37705052)

the end result is that [Spamhaus'] opinion carries a lot of weight, mostly because many many people just blindly apply it.

Mostly because Spamhaus rarely lists address ranges that aren't involved in spamming and network abuse, and even more rarely for long. Spamhaus EARNED its reputation for cautious listing at the same time others like SORBS earned reputations for over-zealousness.

That's why I'm surprised to see Slashdot folks taking these accusations seriously without any posted evidence. When Spamhaus lists an IP block, they document it publicly including their reasons. Sometimes it's because an organization has been caught moving spammers around inside their IP block. Sometimes there are other reasons. Usually they're pretty good reasons.

Where's the copy of that posting?

I know back when I ran an ISP, Spamhaus was the one I -didn't- have problems with.

Re:It's all about the Opinion (1)

TheCarp (96830) | more than 2 years ago | (#37705168)

Hmmm I must admit, I came back from a vacation to find all this out.... do they keep a historical record of all this after a block is removed?

I have been meaning to investigate more, but, since it was a solved issue by the time I got back, and I have been busy with other projects, I only spent an hour or so looking for more information and finding little to nothing. If there is a "right place" to go look, I would love to know. Apparently we were on the "SBL" list.

My co-admin sent me a URL reference but, when i go there it just tells me that this is no longer in the SBL, with no other info.

Thats really the thing, I am not an ISP, I am running a co-located server with some people. I am a unix admin, I know how to run a mail server, but, I am not active and following these things as "mail admin" is a hat that I need to put on in earnest about once a year, at most.

Re:It's all about the Opinion (1)

Spazmania (174582) | more than 2 years ago | (#37705302)

I seem to recall it being a little tricky to get to the data after it's delisted. I'll grant you that Spamhaus should do better there.

Just like Moody's & S&P (0)

Anonymous Coward | more than 2 years ago | (#37705396)

It was just their opinion that the toxic loans were AAA+ quality, but their opinion carried a lot of weight.
In the end they did not pay once cent for being instrumental in the recession (as most others got away too).

Re:It's all about the Opinion (1)

Eggplant62 (120514) | more than 2 years ago | (#37706106)

Compare Spamhaus with your local reporter who focuses mainly on restaurant reviews. Every week, he visits a new restaurant and writes a review. Some restaurants may end up with a good review and get lots of traffic as a result. Some may end up with a bad review, causing lots of people to avoid their restaurant, thus losing business. Same principles apply here. It's like saying, "We tried to talk to the owner to get things fixed, but we couldn't. We're now leaning on the waitress, to see if she will help us contact the owner. We may have to talk to the cook and enlist his help, too."

Re:It's all about the Opinion (2)

Solandri (704621) | more than 2 years ago | (#37704110)

Once you make your opinions public, you can be charged with libel and malicious defamation of character in most countries. Especially in a case like this where many ISPs use Spahaus' lists so there are real, direct socio-economic consequences for wrongly blacklisting someone. (Not saying that's what happened here.)

Re:It's all about the Opinion (0)

Anonymous Coward | more than 2 years ago | (#37704144)

Opinion my ass. Spamhaus has power and they know that. Their "so-called" opinion is automated into a lot of systems and that's where it stops being an opinion.

If you make a hitlist and you know that the people on your list will be killed it won't last for long.

Re:It's all about the Opinion (3, Interesting)

macraig (621737) | more than 2 years ago | (#37704732)

Spamhaus publishes their Opinion about who are spam problems. It's a lot like Slashdot posts, which are the various contributor's Opinions.

What a quaint mis-framing by using the word "opinion" rather than what it actually is: a declaration. It's much more affirmative than a mere "opinion".

This, BTW, is precisely why ALL blacklists are a crappy idea that ultimately always lead to this scenario. Crowdsourcing this sort of privacy/security function to anonymous people with unverified credibility leads to the well being poisoned with deliberate or unintended misinformation. They are even vulnerable to ill-intentioned people with axes to grind and a willingness to wreck significant swaths of the Internet to exact their vengeance.

Re:It's all about the Opinion (1)

sjames (1099) | more than 2 years ago | (#37704782)

If you misrepresent your opinion with malicious intent or with reckless disregard for truth and you cause damage as a result, you can be in quite a lot of trouble legally.

Re:It's all about the Opinion (1)

zmooc (33175) | more than 2 years ago | (#37705140)

It's not an opinion. Whether mail is spam or not can be objectively decided and thus is not an opinion. Therefore any statement on whether someone sent spam is not an opinion either. It's either a fact, a lie or a mistake.

And since spamming is illegal, claiming someone sends spam is defamation, which is illegal in many countries, including the Netherlands and the rest of the EU, where spamhaus has registered offices. Therefore they're probably not that far away from losing in court at all.

Re:It's all about the Opinion (1)

snowgirl (978879) | more than 2 years ago | (#37705776)

Eh..... this is grey waters... I honestly think that Spamhaus is making an assertion of fact to a third party, and could be liable for defamation. It's well enough into the grey area that it would have to be settled by the court.

Responsibility goes both ways (1)

imemyself (757318) | more than 2 years ago | (#37704012)

Yes, ISP's need to be responsible and take action against spammers, and yes, ISP's who continually fail to do so on a significant scale over a long period of time are fair game to block, but in this particularly instance it sounds like Spamhaus's actions may have been abusive and rather arrogant. I use Spamhaus's blocklist myself, but organizations like Spamhaus and Cisco SenderBase need to take some responsibility to ensure that they are not unduly effecting legitimate businesses and networks. Taking large-scale blanket actions that effect many legitimate sites undermines the anti-spam industry as a whole, because it makes it more difficult for people to rely on anti-spam products/services.

Re:Responsibility goes both ways (1)

silas_moeckel (234313) | more than 2 years ago | (#37704502)

It seems like there gripe was the primary ISP was refusing to do anything about it they then move to the feeder ISP's until they fix it. By routing there traffic they are aiding spam. Ever expanding there blacklist to push companies to do something is the only method they have.to get something done. By the time they are complaining to a providers providers it's been a issue for a long time. That dutch ISP should never have to block one of it's clients, clients IP's they should have required them to act or terminated there contract. They might have "tough" spam rules but I've run a few med to large hosting providers, you do not just play whack a mole and let them sign up for another box you make sure you do not do business with them again.

This is not hard all it takes is a packet sniffer or a flow scanner to see if it's just a spam server vs a legit box that got hacked. At this point I catch catch most spammers from simple switch ACL's this is not hard.

Re:Responsibility goes both ways (0)

Anonymous Coward | more than 2 years ago | (#37705280)

there!=their

Re:Responsibility goes both ways (1)

Nom du Keyboard (633989) | more than 2 years ago | (#37704530)

...organizations like Spamhaus and Cisco SenderBase need to take some responsibility to ensure that they are not unduly effecting legitimate businesses and networks. Taking large-scale blanket actions that effect many legitimate sites undermines the anti-spam industry as a whole, because it makes it more difficult for people to rely on anti-spam products/services.

Spammers hide among legitimate businesses and hosting providers often don't do enough, unless their feet are continually held to the fire, to weed them out. Spamhaus can't cut off the account of the abusers at the various hosting providers, so they do the next best thing and make it in the best interests of those hosting providers to clean up their acts. Just take a moment to think about where we'd be without Spamhaus.

Re:Responsibility goes both ways (2)

realityimpaired (1668397) | more than 2 years ago | (#37704876)

Just take a moment to think about where we'd be without Spamhaus.

Actually, just about where we are right now. Most major mail providers don't use Spamhaus at all... it certainly doesn't affect delivery to GMail or Yahoo or anything like that. They use heuristic analysis of the messages (stuff like Spamassassin), coupled with Greylisting, forced delays in the server greeting, and throttling based on number of recipients. And it works. I don't get any spam at all to my inbox. None. And I've had the same address for nearly 6 years, now. And I don't use Spamhaus, SORBS, or any of the other lists like that, because you don't need them once you've set up your mail server properly. (and yes, I have set up my own mail server, which is sitting on a 100mbit pipe in colocation, with multiple domain names pointing at it, some of which are more than 10 years old).

Lazy sysadmins use spamhaus like it's gospel. Ones that know what the hell they're doing realize they don't need spamhaus at all.

And this is news exactly how??? (0)

Anonymous Coward | more than 2 years ago | (#37704024)

Three quarters of the postings to the eternal flamewar that is news.admin.net-abuse.email accuse Spamhaus of being wild-eyed fanatical zealot nutjob high-handed Nazi thug blackmailers. And two thirds of them are correct.

Grudge (0)

Anonymous Coward | more than 2 years ago | (#37704032)

SpamHaus and CyberBunker have a history and even if no spam, Spamhaus holds a grudge.

With power comes accountability.

Quis custodiet ipsos custodes? (1)

fightinfilipino (1449273) | more than 2 years ago | (#37704130)

seems like an interesting question here. Spamhaus in essence can withhold an ISP's goodwill in the community, which is arguably a part of an ISP's "property" (and of any business, really). if that theory holds up, what Spamhaus is doing could be considered extortion. A2B could also seek some sort of libel claim against Spamhaus, but how likely would such a claim be enforced over international borders?

is there anyone watchdogging Spamhaus' watchdog efforts?

Re:Quis custodiet ipsos custodes? (1)

Nom du Keyboard (633989) | more than 2 years ago | (#37704562)

is there anyone watchdogging Spamhaus' watchdog efforts?

If You think that this needs to be done, then why don't You do it?

And then who should be watching over You?

Re:Quis custodiet ipsos custodes? (1)

fightinfilipino (1449273) | more than 2 years ago | (#37704616)

no need to be hostile, i was simply asking a question. i'm unsure myself whether Spamhaus DOES need its own watchdog. that's why i'm asking.

and it's always good to question authority. i know Spamhaus has a lot of credit on /. but power and abuse go hand in hand. if A2B has a legit complaint, and Spamhaus responds poorly, who checks Spamhaus?

Re:Quis custodiet ipsos custodes? (1)

HiThere (15173) | more than 2 years ago | (#37705524)

It doesn't need a watchdog, it needs deconstruction. It's a centralization of power without accountability, and such almost always leads to corruption. Spam, itself, is one example of this. But to fight corruption with more corruption is the wrong answer. Spamhaus is the wrong answer. I'd sooner use whitelisting. (Greylisting is better. And a combination of whitelisting and greylisting better yet.)

But Spamhaus is the wrong answer. It has become corrupt long since. And it's *because* it's a source of power without accountability.

Re:Quis custodiet ipsos custodes? (1)

Nom du Keyboard (633989) | more than 2 years ago | (#37704594)

is there anyone watchdogging Spamhaus' watchdog efforts?

You seem to have a basic misunderstanding of Cause and Effect. Spamhaus can't actually withhold anything. They can suggest to others that those other parties might want to withhold their goodwill of an abuser, but by itself Spamhaus is completely powerless. It is only when other people agree with them that the group as a whole acts against those who abuse us through our technology. And that group action is entirely legal.

And Heaven help is if it ever does become illegal.

Re:Quis custodiet ipsos custodes? (1)

fightinfilipino (1449273) | more than 2 years ago | (#37704724)

is there anyone watchdogging Spamhaus' watchdog efforts?

You seem to have a basic misunderstanding of Cause and Effect. Spamhaus can't actually withhold anything. They can suggest to others that those other parties might want to withhold their goodwill of an abuser, but by itself Spamhaus is completely powerless. It is only when other people agree with them that the group as a whole acts against those who abuse us through our technology. And that group action is entirely legal. And Heaven help is if it ever does become illegal.

the problem is that Spamhaus either 1) has their word taken at face value by other ISPs and e-mail services, who automatically block whomever Spamhaus says needs blocking, or 2) has the ability to destroy a person's or company's reputation and goodwill, which can be just as bad in the long run.

i've got no misunderstanding of cause and effect. in this case, Spamhaus apparently believed that the only acceptable remedy in the A2B situation was for an entire datacenter to be blacklisted, and the effect was that a lot of innocent non-spammers got denied e-mail services along with the scummy spammer. Spamhaus is the cause, and a scorched-earth practice was the effect. i'm not understanding why people don't have a problem with this when so many are vocal about similar actions by the DHS to block domain names on sketchy grounds. the effect of a Spamhaus blacklisting has as much severity as a DHS unilateral block.

Few services piss me off like spamhaus (0)

Anonymous Coward | more than 2 years ago | (#37704406)

What once was a great idea has turned into a monster that can destroy a company before it starts. easy to get blacklisted damn near impossible to get off

spamhaus is the de facto standard in extortion now

Re:Few services piss me off like spamhaus (0)

Anonymous Coward | more than 2 years ago | (#37705060)

I'm curious of what makes you think this. To my understanding SpamHaus is just helping a lot in filtering spam. It's the only RBL I use to block spam after the HELO. Evidence of extortion might move it to the spamassassin phase to just add scores.

I rather doubt the ISPs claims. (1)

spottedkangaroo (451692) | more than 2 years ago | (#37704506)

Choosing to use and trust Spamhaus is a completely voluntary activity by companies that don't wish to receive spam. It is usually only one of many strategies people use to try to block spam. Most use it simply as advice for scoring, some us it to block smtp from hosts completely. Whatever.

If spamhaus gets it wrong too often (and they do make mistakes) then people will stop using it. There's little any authority can do about it though. Spamhaus publishes its opinion and others choose to follow it. Are they going to make laws against publishing opinions? The only way really to fight this would be to show that spamhaus is failing somehow in its mission. Personally, I suspect that if spamhaus says it's a spam haven, that it very probably is. If it is not, they'll eventually get delisted. End of story. My ISP has been listed before. It was not a mistake on their end, but on mine. It was a simple matter to fix the problems and get delisted. At the end of the processes I was thankful for the free opinion publishing service they provide.

so does slashdot just remove comments (-1)

Anonymous Coward | more than 2 years ago | (#37704508)

since when does /. remove so many comments this system is retarded and broken

so the fucking admin that keeps removing reasonable posts can see this one remove it and realize he's a cock wad

last day on /. loyal reader for many years finally sick of the fail comment system

fuck you slashdot moderators

Good (1)

xrayspx (13127) | more than 2 years ago | (#37704962)

They are hugely annoying to deal with if you send any volume of mail at all. I worked at a job in which we sent tens of thousands of order status emails per day (were there upsell attempts? Of course there probably were, but the thrust of the mail was "thanks for ordering, have a confirmation number"), and all it takes is a couple of people marking them as spam to get Spamhaus to start blacklisting you, your upstream ISP, your dogwalker's busdriver's cousin's hairdresser, etc.

I know they claim that they only blacklist IPs which send to honeypot email addresses, but I find that claim to be dubious at best, considering the IPs I've had blacklisted in the past.

Re:Good (0)

Anonymous Coward | more than 2 years ago | (#37705862)

You are confusing Spamhaus with Spamcop. Spamhaus does not take external submissions.

Block Spamhaus (0)

Anonymous Coward | more than 2 years ago | (#37705048)

The ISP should block spamhaus.

has anyone asked Cyberbunker? (1)

Wizel603 (1367631) | more than 2 years ago | (#37705100)

I would love to hear from Cyberbunker on why they are providing hosting to a spammer. Oh wait, I just found their AUP that's linked from their website:

Mind Your Own Business

CyberBunker does not poke around on your servers. Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine. CyberBunker has adopted a policy not to mind our clients business. Our famous "Mind Your Own Business" policy.

I'm sure glad they are up front.

Re:has anyone asked Cyberbunker? (1, Informative)

St.Creed (853824) | more than 2 years ago | (#37705506)

Not only that. I'll quote their entire policy:

Disaster Free Hosting

CyberBunker will keep your servers online "no matter what". Cyberbunker will protect your servers from hurricanes, earthquakes, crashing airplanes, (nuclear) bombs, floods and anything else that could interrupt the hosting of your servers. However the biggest threat usually is the hosting provider that takes your servers offline if they receive complaints from others. As long as your hosting fee is paid CyberBunker will do anything in its power to keep your servers up. In addition CyberBunker protects your servers also from others who might want to take your servers down like the DMCA, your competitors,authorities, burglars, governments and terrorists.

Impenetrable Hosting Facility
The CyberBunker data center is located in a nuclear bunker that was designed to survive a nuclear war. Even without war the bunker remains impenetrable. In 2007 City Hall accompanied by the local police and fire brigade made an attempt to enter the building without authorization. Their attempts were futile. City hall paid the for the damages caused by the hydraulic tools used by the fire brigade in an attempt to open the first set of blast doors. The doors were damaged but still closed. Even with the right access codes the doors still could not be opened anymore. In 2008 City Hall paid € 24500.- in damages to CyberBunker in order to get the doors operational again. There are 3 sets of blast doors, one set next after the other, on all entrances.

Concealed Location
The physical limitations to enter the building are not the only reason why customers choose to host their servers at CyberBunker. CyberBunker offers a unique routing system in order to confuse parties that are eager to discover the physical location of the servers. Many known and unknown customers use our services to have their servers online without revealing the actual location. Sometimes it happens that one of our customers is exposed by the media. e.g. see: TorrentFreak. And even then we are able find a suitable solution in order to conceal the location of the servers again.

Anonymous Hosting
Most of our customers desire to stay anonymous. In some cases we do not even know who our customers actually are. We have no idea and we simply do not care. Who ever you are, it is our business to keep you online.

Mind Your Own Business
CyberBunker does not poke around on your servers. Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine. CyberBunker has adopted a policy not to mind our clients business. Our famous "Mind Your Own Business" policy.

Bold = my emphasis.

This is an open invitation to spammers, neo-nazis, phishing scammers, botnet operators, usenet providers (teh binareez) and torrent servers (torrentfreak, notably) to come and play ball. It's their business model to protect the customer. Given their attitude, they're likely to be in quite hot water once one of their customers actually does run a childporn network or an assassination ring and it turns out in court that their business model is "we never ask questions".

Anyway, I'm starting to understand the Spamhaus attitude: it's probably frustration.

Re:has anyone asked Cyberbunker? (0)

Anonymous Coward | more than 2 years ago | (#37705654)

wow, and you basically make it sound like PRIVACY is a bad thing.

Got something to hide? You must be EVIL!

Seriously, get a grip. I applaud this type of thinking. ISP's need to learn to grow a back bone. Would you prefer to live in a world where 1 person has a beef with your website, and they ask your ISP to take you down, and it happens? Ridiculous.

Re:has anyone asked Cyberbunker? (1)

Wizel603 (1367631) | more than 2 years ago | (#37705700)

ISP's need to learn to grow a back bone.

Please tell me that horrible pun was intentional.

Re:has anyone asked Cyberbunker? (1)

skr95062 (2046934) | more than 2 years ago | (#37706060)

So according to the AUP above Cyberbunker is in effect claiming to be one of those"bullet proof" hosting facilities, they do not care what you do so long as it has nothing to do with kidde porn or terrorism. If you have an account with them you can run a server that does nothing but send SPAM 24/7/365 and Cyberbunker will never shut you down. This would also imply that if the IP you are using gets blocked you can get another one and another one and another one and so on and so on. If the upstream provider for Cyberbunker does not have the balls to pull the plug on them, then sorry but tough shit. Just because your customer is willing to throw money at you to keep the connection live does not give you the right to just look the other way. Yes, you can take the money, but you had better be prepared for the consequences of your actions. If you wind up on someones blacklist don't come crying to me about it, fucking deal with it. This type of thing happened a couple of years ago to a place, they were hosting a C&C farm for a BOT NET, amongst other things. The upstream provider one day, after waring them several times, just pulled the plug and the place fell off of the internet. Yes, some innocents got caught up in it but if you want to deal with shady operations shit like that happens. This is what A2B should have done to start with, IMHO.

extortion (1)

synapse7 (1075571) | more than 2 years ago | (#37705120)

Spamhaus seemed like one of the less shady and even more trustworthy blocklists(blacklist, whaterver). I have seen some (maybe it was backscatter) that wanted $100 to get off the list sooner than the standard 30day TTL, usually you don't have to worry about anybody using these lists. However, one time I did run into somebody that subscribes to a service that enlists multiple blocklists and was using one of these shady ones, luckily it was only a single client.

A mailadmin writes... (2)

buglista (1967502) | more than 2 years ago | (#37705314)

I don't expect this will get modded up, because I'm only a mail admin with years of experience, and what do I know. Vive la web 2.0 etc.

Spamhaus don't list people unless they've got a very good reason - that's why the majority of email providers, and likely your mail feed is using SBL. Steve is not crazy, and incidentally, business details are not subject to data protection provisions under the EU directive, so it is absolutely fine to say you kicked a spammer.

Lie down with the dogs, get up with the fleas. Woohoo, you made your sales quota, but don't expect me to accept your email.

lol try SORBS instead (0)

Anonymous Coward | more than 2 years ago | (#37705358)

If you think spamhaus are bad try bumping into SORBS and see what happens......
Hint you better have deep wallets if you want to resolve any form of false positive or caught in crossfire. It's all about the donations baby!

ISPs policing the internet (1)

Old Wolf (56093) | more than 2 years ago | (#37705602)

Here's what these people seem to say.

When it comes to piracy - "ISPs shouldn't be policing the internet!"
When it comes to spam - "ISPs should be policing the internet!"

ICE (1)

Calydor (739835) | more than 2 years ago | (#37705950)

Considering only the information readily available via. summary and article, how is this any different from what the DHS are/were doing with ICE, taking out ... was it 86,000 sites to hit one target? When that happened Slashdot was up in arms about the insanity, was that just because DHS is loathed and Spamhaus generally isn't? Am I missing some important detail (other than DHS = Government, Spamhaus = vigilante freelancers) that puts this all in perspective?

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...