Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Zero Errors? Spamhaus Flubs Causing Domain Deletions

timothy posted about 2 years ago | from the damn-yankers dept.

Censorship 170

Frequent contributor Bennett Haselton writes: After I sent 10 new proxy sites to my (confirmed-opt-in) mailing list, two of them ended up on one of Spamhaus's blacklists, and as a result, all 10 domains were disabled by the domain registrar, so the sites disappeared from the Web. Did you even know this could happen?"

Since 2005 I've been running a proxy mailing list where users sign up to receive new proxy sites by email. (Proxy sites are sites for getting around Internet blocking software; most proxy sites that you can find through Google are already blocked by major blocking programs, which is why you would sign up to receive new ones by email, to use them until they get blocked as well.) In all that time, we've followed what are considered best practices for email newsletters: every new subscriber is sent a confirmation message by email, and they have to reply to that message, confirming that they really want to subscribe to the emails, before being added to the list. This practice, known as "verified-opt-in," is considered the gold standard for responsible emailing, since it ensures that everyone on your list actually wants to get your emails. (It also ensures that if you accuse an email publisher of spamming because you received their unwanted emails, they can't say, "Oh, one of your friends must have added you" — since if they're using verified-opt-in like they're supposed to, your friends can't add you.) I'm front-loading a lot of information here, although if you saw the words "Spamhaus errors" in the title, you may recognize the technique of literary foreshadowing being employed.

Despite conforming to verified-opt-in standards, the proxy emails have at times been blocked by spam filters used by Hotmail, Gmail, Yahoo Mail, AOL Mail, and various other systems. However, last month was the first time that an incorrect blacklisting caused the domains themselves to be disabled, so that the sites disappeared from the Internet entirely.

On September 17th I registered 10 new .info domains through NameCheap, set up new proxy sites at each of those domains, and mailed each site to 1/10th of our proxy mailing list. (Sending new sites only to a subset of the list makes it harder for blocking software companies to join the list and find all new sites as soon as they're released.) All seemed to be going well until October 2, when subscribers started telling me that they were getting "host not found" errors when trying to reach the sites. I tried the sites myself, found that they were indeed inaccessible, and spent about an hour testing for various problems with DNS servers and domain record settings, before logging in to NameCheap and seeing a message next to each of the new domains saying "domain locked due to illegal activity; please email legal@enom.com." (NameCheap being a reseller for the domain registrar eNom.)

So I sent eNom an email and followed up with a phone call to see if they could speed things up, since complaints kept pouring in from users that the sites were unreachable. eNom said that the domains had actually been suspended by Afilias, the company that handles all .info domain registrations no matter who you buy the domain from, and eNom was in the process of talking with Afilias. So I called Afilias myself to ask about getting the domains unlocked, but they refused to talk to me and said that they could only respond to inquiries from eNom. This, of course, is ridiculous — if someone notifies you that you or your company has made a error, you can investigate the issue no matter who brings it to your attention — and especially in cases where you're literally accusing someone of unspecified "illegal activity," you should bend over backwards to respond to any indication that you might have made a mistake. But they refused to do anything, so I waited for a response back from eNom.

A day and a half ticked by, with emails continuing to come in from our users wondering why the domains had disappeared, until finally eNom forwarded me a response from Afilias saying that two of my ten domains ("drybook.info" and "rootface.info") had been blacklisted by the UK-based organization Spamhaus on their Domain Block List. Spamhaus operates several different alleged "spam" blacklists, and claims that the DBL is a list of domains found in spam messages. The DBL FAQ says that it is "built predominantly using automated spamtraps and email flow monitoring" and "has many checks to prevent legitimate domains being listed," even going so far as to call it a "zero false-positive" list.

Even though only two of the ten domains that I had registered that day had been blacklisted by Spamhaus, Afilias had responded by disabling the entire group of ten domains that I had bought at the same time.

Now here's where I caught a bit of a break: It turns out I was able to get the domains instantly removed from the DBL by entering them in a form on the Spamhaus site and clicking a button, which took me to a page saying:

DBL removal successful
The domain was successfully removed from the DBL. Please allow 30 minutes for servers around the world to update their data. Please note that the domain will be re-listed if malicious activity is detected in the future.

Although, even this easy part of the process didn't inspire much confidence. Not that I wanted Spamhaus to make it harder for me to de-list by domain names, of course, but if you really think your blacklist is 100% accurate, why would you let anyone get any domain removed at any time just by submitting it in a form? In fact, this would seem to give an advantage to spammers over regular website owners — because a spammer, who knows about blacklists and would find it worthwhile to game the system in his favor, would be more likely to know about the Spamhaus DBL and the form for getting their domains de-listed. Whereas for a regular non-spamming website owner, it would take far more time to find out that their domains had been de-activated, that the de-activation had occurred because of an incorrect Spamhaus listing, etc.

Once the listing had been removed, I emailed eNom, who emailed Afilias, who eventually re-activated the domains after a few more hours. But the traffic never returned to the levels that it had been at before the domains were deleted, as most of our users had apparently concluded that the sites had been blocked or taken offline.

Spamhaus did not respond to requests for comment on this story. In fact, Spamhaus does not give you a way to contact them if you have been wrongly blacklisted — their "contacts" page redirects you to the "Blocklist Removal Center" if your domain is blocked, but that only leads you to the automated removal tools, not a way to contact the organization. I did email their "Press Office" email address, on the grounds that I was writing an article for Slashdot in addition to being a wrongly blacklisted domain owner, but didn't get an answer.

So I have no idea what will happen with the next group of domains that I send out to our proxy list. If Spamhaus signed up one of their "spamtrap" email addresses to our mailing list, then presumably any domain mentioned in a message sent to that email, will get automatically blacklisted (even though of course since they signed up the email address to our mailing list, that means it's not spam). If that happens, the entire next batch of domains might get disabled by Afilias as well.

Meanwhile, Spamhaus continues to claim that the DBL is a "zero false-positive" list. I don't know how many other false positives are on the list or how many domains have been abruptly disabled as a result, but if it's this easy to get incorrectly blacklisted, my money is not on "zero."

Sorry! There are no comments related to the filter you selected.

registries (5, Informative)

alphatel (1450715) | about 2 years ago | (#41684869)

Afilias does not have the intrinsic right to blackhole your DNS no matter what Spamhaus does. However, it is in your agreement when using an .info domain. An easy way out of this is to use a domain that is unaffiliated like .com/.net or out of the country like .me/.co/.it/.to
If you have the time, find better contacts at Afilias and get them to clarify their policy. If you have the money, call a lawyer. If you are really bored and love .info to death, run a persistent check on spamhaus and remove your domains from the list immediately instead of after Afilias finds out.

Re:registries (0)

Anonymous Coward | about 2 years ago | (#41685005)

The reason for he "loves" .info is .info have very cheap 1st year registration. Most registries seem to be running perpetual "1st year @ $1.99" for .info.

Re:registries (5, Informative)

nullchar (446050) | about 2 years ago | (#41685441)

Yes, the answer to the poster's problem is to not use .info domains with this highly restrictive policy: http://info.info/information/anti-abuse-policy [info.info]

What is interesting about all of this is Afilias (the registry operator for .info) appears to be using the Spamhaus DBL in an automated fashion to add "serverHold" status to listed domains. ("serverHold" effectively removes the domain from the TLD root servers and can only be modified by the Registry. "clientHold" does the same thing, but can be modified by the Registrar, in this case eNom.)

This is the official ICANN agreement and related documents that allows .info to function: https://www.icann.org/en/about/agreements/registries/info [icann.org]

This is the Registry-Registrar Agreement (RRA) containing section 3.6.5 referred do by the .info anti-abuse-policy: https://www.icann.org/en/about/agreements/registries/info/appendix-08-08dec06-en.htm [icann.org]

In all of those documents, I see no mention of the registry operator (Afilias) being able to invoke their rights of RRA section 3.6.5 in an automated (API-used) fashion. You could email Afilias about it, but doubt they would respond. If we want to get to the bottom of how they are auto-serverHold-listing domains, it seems a lawsuit is the only way. Perhaps someone really did email abuse@afilias.info, and a human checked the SBL and looked at the batch of domains created near the same time from the same registrar.

Thanks, Bennett Haselton, for posting this article and telling us about these shady practices from Afilias.

If you wish to continue using .info, and eNom (namecheap), then it appears you should create separate accounts, and register 1-2 domains in each account, so at least they are not blocked as a group. Additionally, using multiple sets of nameservers will make the domains look "different" from each other.

not suprising (0, Informative)

Anonymous Coward | about 2 years ago | (#41684937)

I'm not that shocked. Your mailing list is a huge concentration of all the spamming proxy servers in the world. I'm not suggesting that your list is the cause or is related to the spam, but any site with a large number of banned domains will eventually be tagged as a spammer and hopefully removed.

Re:not suprising (0)

Anonymous Coward | about 2 years ago | (#41686463)

Seriously. Are the proxies he lists intended by their owners/administrators to be open for the general public to use or are they simply misconfigured or compromised systems? Either way, such systems are wildly abused by spammers. It wouldn't surprise me if the registry would frown on maintaining lists of such things, specifically if the context is not "identifying open proxies so they can be blocked" but rather "identifying open proxies so they can be used by the general public".

Re:not suprising (5, Informative)

LordLucless (582312) | about 2 years ago | (#41687349)

GIven that his article was about him setting up 10 new proxies and emailing them out, it would seem that, at least for the domains relevant to this discussion, the OP was the owner/administrator and most definitely intended them to be used in that manner. Also, from context, it appears that he was running webproxies, not email proxies. They're generally used as anonymizers, or to circumvent geo-IP techniques, not to spam people.

Spamhaus DBL IS network abuse (5, Insightful)

Anonymous Coward | about 2 years ago | (#41684955)

Spamhaus DBL is poorly run and full of spite listings and other garbage. Zero false positives? They mean zero legit entries. Spamhaus has become what it set out to oppose, and it's time they were exposed for what they are today. A disgrace to the anti-spam, anti-abuse community.

Re:Spamhaus DBL IS network abuse (0, Informative)

Anonymous Coward | about 2 years ago | (#41685089)

A lot of ISPs in the USA (for example) are poorly run. Most are hosting knowingly and willingly spammers because they get paid by spammers. If you want to whine do it right, thanks.

Re:Spamhaus DBL IS network abuse (1)

shentino (1139071) | about 2 years ago | (#41685287)

I assume you are talking about pink contracts.

Which is just another case where it pays to be corrupt.

no sympathy (3, Informative)

Anonymous Coward | about 2 years ago | (#41684989)

You should consider this a wake-up call. It's time to switch from mass-email to a web page with RSS.
If people really want your newsletter, they'll come to you.

Re:no sympathy (5, Informative)

FictionPimp (712802) | about 2 years ago | (#41685121)

Until the services their customers are trying to get around block his web page. Email works a bit better for this as it's not easily blocked (unless the people doing the blocking are going to block hotmail and gmail).

Re:no sympathy (3, Funny)

nitehawk214 (222219) | about 2 years ago | (#41685255)

Until the services their customers are trying to get around block his web page. Email works a bit better for this as it's not easily blocked (unless the people doing the blocking are going to block hotmail and gmail).

Well if those people would use a proxy they could get around that block.

Oh, wait...

Re:no sympathy (1)

jellomizer (103300) | about 2 years ago | (#41685421)

For the most part there will be a lot less trying to block access to legitimate page. Vs. Blocking bulk emails.

You have your customers check an RSS Feed. They subscribe. And there is a little traffic all day.
They get emails. the server gets 100 emails. the email is then copied hundreds of times. So you are adding 100x the storage for each mass email. Plus you cannout opt out easily. Unlike an RSS feed you just turn it off

Re:no sympathy (4, Informative)

FictionPimp (712802) | about 2 years ago | (#41685749)

That's great, but his list is a list of proxy servers. The purpose of those proxy servers is 'proxy avoidance'. My content filtering automatically filters pages in the category of 'proxy avoidance'.

Therefore, if someone wanted to use his proxy servers (which he's constantly adding new domains to to get around my attempts to keep my employees from avoiding my filters) he needs a way to get them those proxy servers and they need a way to find him. I'm not allowed to block email services, but I am allowed to block sites related to getting around my filters.

This is why email works better. They can sign up at home or on some page before I find and block it, confirm via email, then get updates even if I'm blocking the place where they signed up in the first place.

There is a problem with emails being blocked as well, but that is spam filtering not my active attempt to keep them from getting around my filters. Overall this is the fundamental problem with getting around content blocking/filtering. You have to be able to find the site that tells you how to get around the filtering before the people doing the filtering filter that site.

Re:no sympathy (1)

idontgno (624372) | about 2 years ago | (#41686097)

Hold on a sec. Let me summarize the exchange I just heard.

A: Bennet's mass e-mailing is getting blocked.
B: He should just put it on the web.
A: No, the web page will be blocked, while mail isn't easily blocked.

Are you serious? [knowyourmeme.com]

Re:no sympathy (0)

Anonymous Coward | about 2 years ago | (#41687455)

Plus Bennet's mass emailing is not getting blocked. His proxies are having their DNS names blocked.

Re:no sympathy (5, Insightful)

gl4ss (559668) | about 2 years ago | (#41685139)

You should consider this a wake-up call. It's time to switch from mass-email to a web page with RSS.
If people really want your newsletter, they'll come to you.

...it's a proxy list.
how long do you think those sites would stay off chinas webfilters ?

a proxy list you can't get to is rather useless.

Re:no sympathy (0)

Anonymous Coward | about 2 years ago | (#41685245)

"a proxy list you can't get to is rather useless."

    the very best kind

Re:no sympathy (1)

gl4ss (559668) | about 2 years ago | (#41686713)

"a proxy list you can't get to is rather useless."

    the very best kind

well, that's why he was sending it to 10% of subscribers.. so you can't just sub to the list and ban all proxies on the list. of course you could get around that by flooding the list I suppose - and the proxies themselves ending up on spam filter lists I would think of as granted(if they do pure tcp anyways).

Re:no sympathy (0)

Anonymous Coward | about 2 years ago | (#41687201)

Because china would never dare to flood a mailing list to get all the proxies on there.

Hell, they flooded the automatic gmail system for tor to block all the bridges on there.

Re:no sympathy (1)

Anonymous Coward | about 2 years ago | (#41685241)

1. He wants to better control the release of email, by distributing it in pieces
2. Email is a bit easier to re-route in case of censorship

Re:no sympathy (3, Informative)

Jerslan (1088525) | about 2 years ago | (#41686119)

Except that it's an opt-in w/ verification mailing list, so they already come to him since they have to request to join the list in the first place and then verify via e-mail that they own the account.

Sounds like (3, Informative)

OverlordQ (264228) | about 2 years ago | (#41685001)

an Afilias issue, not a Spamhaus issue.

Secondly, how sure are you somebody didn't forward your email to their own not-so-double-opt-in list which got reported as spam.

Re:Sounds like (0)

Anonymous Coward | about 2 years ago | (#41685133)

This is most likely what happened. A subscriber of yours is re-sharing your websites to their own list. Not a lot you can do about this, besides use a different registrar that isn't so crazy about Spamhaus DBL listings. Also the domains being both newly registered and .info (commonly used for spam) didn't help. I recommend .com or .net and registering them months in advance.

Re:Sounds like (2)

arth1 (260657) | about 2 years ago | (#41685191)

Indeed.

1: Create a new e-mail address at a free service
2: Subscribe to various opt-in services run by people you don't like
3: Forward all e-mails to this address to reportphishing@antiphishing.org and linford@spamhaus.org
4: Schadenfreude

If your e-mail list can't deal with this, you may want to fix the last part of #2, or use a different method of propagation, like RSS.

Re:Sounds like (3, Insightful)

TubeSteak (669689) | about 2 years ago | (#41685417)

Secondly, how sure are you somebody didn't forward your email to their own not-so-double-opt-in list which got reported as spam.

2/10 domains were blacklisted by Spamhaus, which means 2/10ths of his e-mail list might be contaminated.
It shouldn't be too much of a hassle to subdivide those users and flush out the one(s) which are causing the problem,
Ideally, you'd notify Afilias ahead of time so that they don't blacklist your honeypot domain(s).

Re:Sounds like (4, Insightful)

sjames (1099) | about 2 years ago | (#41685675)

If that's what happened, it sounds like a DOS attack waiting to happen.How long do you suppose it will be before someone sets up an operation to spam your competition's websites to get them plonked.

The Internet is badly regulated (1)

Anonymous Coward | about 2 years ago | (#41685073)

The real problem here is the lack of real procedures and rules. This is just like the FBI seizing domains that were declared legal in their jurisdictions: stupid problems that harm everybody. If there was a nice and clear set of rules, and a single international authority, none of these things would happen.

Re:The Internet is badly regulated (1)

X0563511 (793323) | about 2 years ago | (#41686189)

You want a .info domain you get to deal with the (silly) policies that TLD registrar enforces.

Don't like it? Don't register a .info.

Re:The Internet is badly regulated (1)

KingMotley (944240) | about 2 years ago | (#41686751)

Doesn't seem like there was a lack of procedures or rules at all. Read the terms of service agreement that will likely say they have a right to take down the domain if they feel like it. Additionally, you can't use it for illegal/abusive purposes of which they are the sole determiner if what you are doing is illegal or abusive.

Why don't you just register a single .com domain and run your stuff from there. Sounds like a large number of people think what you are doing is spam or aiding spammers and you don't like it. There is a difference of opinion there, but apparently your registrar is the judge.

Re:The Internet is badly regulated (1)

fermion (181285) | about 2 years ago | (#41687191)

Furthermore the business models assumes this, so I don't know why anyone should care. The submitter admitted these sites have very short lifetimes. He ad,kits that he registers several at a time. He admits to mass emails, even though it is 'best practices'. These are all indicators of a shady, yet perfectly legitimate business, and such firms are occasionally going to run into trouble. No one is going to say a wide reformation is necessary because a pawn shop Is closed for a day to sort out fencing issues.

This is unfortunate. The list may in fact be used by oppressed people looking for information and just not oppressed teens looking for naked people. But honestly, wouldn't it be easier just to register 10 more domains, not .info, and send out another email. If the proxy's are ad supported, then yes having them cancelled immidiately sucks, but that again is the cost of doing business.

Ultimately using spamhaus and filters is mostly a vole entry activity. If one does not lke affirm, the best thing to do is stop using them. Again, get a different tld. The only I reason this is on /. Is that it is a proxy.

No illegal activity? (5, Insightful)

Anubis IV (1279820) | about 2 years ago | (#41685109)

He claims that no illegal activity was taking place, but if he's running proxies that are open to the public via a mailing list, doesn't it seem entirely likely that a spammer may be making use of his mailing list to get more proxies that can be used for their operations? And, if so, isn't it entirely likely that that's exactly what got him blacklisted in the first place?

What evidence is there that his proxies weren't being used by others for illegal activities? Seems like he conveniently skirted that point in his entire write up.

Re:No illegal activity? (1)

shentino (1139071) | about 2 years ago | (#41685269)

It doesn't matter.

The registrar is the one who revoked the domains, so it's the registrar's decision on how or even if that decision can be appealed.

Only if they actually give a crap what spamhaus has to say later would spamhaus's word even matter.

It's called the law of "My box, my rules. Don't like it, take a hike"

Sounds likely, that his proxies WERE used for spam (1)

raymorris (2726007) | about 2 years ago | (#41685747)

Indeed the OP gives no reason think his proxies were not in fact being used for spam. In tjat case, it would be correct 2o list them in spamhaus. Alternatively, a spammer could have forwarded / copied domains from his emails and sent them. The OP assumes his own double-opt-in emails were categorized as spam, but that's not in evidence.

Re:No illegal activity? (5, Informative)

Anonymous Coward | about 2 years ago | (#41686013)

You must be new here. Bennett is quite well-known in anti-spam, and anti-censorware world. While you were in diapers, he testified in Congress against COPA. He runs peacefire.org - dedicated to free speech for those who are under 18. Accusing him of supporting spam in some way is ridiculous.

http://en.wikipedia.org/wiki/Bennett_Haselton
http://en.wikipedia.org/wiki/Peacefire

Re:No illegal activity? (1, Insightful)

LordLimecat (1103839) | about 2 years ago | (#41686383)

That he runs peacefire isnt necessarily a mark in his favor. The idea that people have a right to circumvent filtering on computers they do not own is about as equally shady as whats being discussed here.

Theres "fighting for an ideal", and theres "going over the edge".

Re:No illegal activity? (0)

Anonymous Coward | about 2 years ago | (#41687179)

His actions were not illegal if and of themselves even if the actions of others using his servers were. More than likely the majority of people who have a need for his services are violating a policy some where. That policy may or may not hold up in court depending on the circumstances. However to assume that the people using it are violating the law may only be true to a degree. If the user is violating a law in Iran it could be completely irrelevant to a company/advocate in the united states. The very censorship by these countries may violate international laws too. The same applies for schools, libraries, and other places of censorship.

Considering his actions (and what he has said) we are probably safe to assume he does not agree that any laws were violated by him.

Re:No illegal activity? (0)

Anonymous Coward | about 2 years ago | (#41687591)

If the proxy servers were proxying SMTP traffic, and legitimate spam was seen, from IP's associated with the domain then the actions taken were understandable.

If you are running proxys then block outbound port 25. It WILL get abused otherwise, and eventually you will loose the web hosting for the domain once spam complaints go upstream far enough for someone to pick up on them, meaning you'll just be bouncing the hostng all over the place to deal with this.

If the proxys weren't permitting SMTP, then their actions are more questionable, but we'd need to see the evidence that generated the blacklisting in the first place to decide either way, and this probably won't be easy to get from Spamhaus...

Re:No illegal activity? (1)

Sabriel (134364) | about 2 years ago | (#41687389)

Hi, I read the wikipedia articles linked by the GP. Your assertion doesn't seem to match what was presented there. Do you know something the GP/wikipedia does not?

Re:No illegal activity? (1)

Anubis IV (1279820) | about 2 years ago | (#41687619)

I'm not accusing him of supporting spam, merely of providing a service which would incidentally be useful to spammers in addition to his target audience, which I suggested may have been the actual problem here.

Also, as it's been pointed out, those initiatives don't exactly indicate that he takes an anti-spam approach. If anything, he's skirting a fine legal line in some of what he does.

And as a quick aside, I don't recall wearing diapers while in high school, but since you insist I was at the time he was testifying in front of Congress, I guess my memory must be a bit fuzzy. ;)

Re:No illegal activity? (0)

Anonymous Coward | about 2 years ago | (#41686085)

Illegal activities according to which country's law? The ability for a person in an oppressive state to be able to freely communicate seems more important that the potential that somebody might use the proxy to send spam or download an MP3 file.

Re:No illegal activity? (0)

Anonymous Coward | about 2 years ago | (#41686523)

Illegal activities according to which country's law? The ability for a person in an oppressive state to be able to freely communicate seems more important that the potential that somebody might use the proxy to send spam or download an MP3 file.

Perhaps...but what happens when the spammer uses the proxy to register for an account at an unwitting email service provider and then abuses it? That makes the email provider look bad and can possibly result in it being listed on all sorts of anti-spam lists, causing significant issues for administrators. The proxies themselves are likely misconfigured or compromised and not intended for use by the general public.

I run the abuse desk at a medium-sized email provider. Nearly all of the accounts that are opened for spammy purposes are opened by means of proxies such as those he lists. It's intensely annoying and expensive in terms of administrator time to deal with such spammers -- these spammers routinely hit up spamtraps at various blacklists so we need to keep dealing with such blacklists so that our legitimate users (who constitute the vast majority of our users) will not be unduly affected. Naturally, the spam accounts are nuked immediately upon discovery but they usually can get a few hundred messages out before being discovered.

If he wants to provide proxy service that he himself maintains and provides, more power to him. If he wants to run a Tor exit node or some bridges, awesome. Listing potentially misconfigured or compromised systems run by unwitting third-parties? Not cool.

Its not Spamhaus, its your registrar (4, Insightful)

Gothmolly (148874) | about 2 years ago | (#41685131)

Your registrar sucks, its nothing to do with Spamhaus.

Very true - really depends on the registrar (5, Informative)

caffeinejolt (584827) | about 2 years ago | (#41686073)

I wrote the backend for a registrar (NameSilo [namesilo.com] ) and still help out with their developers from time to time. Because they offer free privacy and low prices - they get a lot of black hat use. Spamhaus frequently sends them abuse complaints and I have seen a few of them. What is amazing is that most of them offer little to no evidence of the wrongs a given domain has done. I am literally pasting from an email I was copied on here:

From NameSilo regarding an alleged malware domain:

Hi Thomas, We would like to help expedite this since it involves potential malware, but you don't give us much to go on here. Can you please review: http://www.namesilo.com/Support/Abuse-Reporting-Procedures [namesilo.com]

From Spamhaus:

This domain name is operated by cybercriminals and used to provide DNS resolution to botnet domains, aimed to steal thousands of $$$ from financial institutions. Please suspend it.

So in short - the registrar asked for evidence that the domain was violating their terms of service and spamhaus simply replies they are cybercriminals... trust us! After seeing other abuse reports from them, I can tell you that spamhaus has a very snub attitude and expects to be listened to. Once when Namesilo did not listen to them enough to their liking, they added namesilo.com to their RBL - they had me modify their MTA to route email around the block, but still - I think you can see the problem here - someone has to keep spamhaus in check.

Re:Very true - really depends on the registrar (0)

Anonymous Coward | about 2 years ago | (#41686221)

I can tell you that spamhaus has a very snub attitude and expects to be listened to.

That's probably because a lot of ISPs are ran by human trash; no matter how much proof you provide they don't give a fuck because Spamhaus et al don't pay them money but spammers do. They are fully aware for what their services are being used, and paid well for it. Look up trash like Dimenoc et al.

Nobody keeps Spamhaus in check (4, Informative)

RonVNX (55322) | about 2 years ago | (#41686401)

Unfortunately nobody keeps Spamhaus in check, that's why they've become a degenerate network abuse source. Their DBL shows them for what they are now, something the rest of the Internet needs to shun.

Off topic (-1)

Anonymous Coward | about 2 years ago | (#41685141)

Does anyone have a browser extension or plugin that hides Bennett Haselton posts on slashdot?

Spamhaus is better than you think (3, Informative)

Anonymous Coward | about 2 years ago | (#41685151)

Spamhaus always send an automatic notification to abuse@YourDomain.info, if they add you to the blacklist. I suspect you may not have configured an MX to receive mail on these domains. If you had, you would have received a notification.

Re:Spamhaus is better than you think (2)

Anon-Admin (443764) | about 2 years ago | (#41686045)

I tried this when I ran an Anon server, but the e-mail from Spamhaus kept getting filtered into the spam folder. Kind of hard to find the e-mail among the 1000's of other spam e-mails received to a publicly listed abuse address.

Your provider allows you? (-1)

Anonymous Coward | about 2 years ago | (#41685161)

To setup proxies of any type? How interesting, and this is allowed explicitly in the TOS? Or is the real case that you are just another piece of internet garbage that needs to be wiped off the tubes?

Re:Your provider allows you? (1)

shentino (1139071) | about 2 years ago | (#41685235)

The TOS might not be fair but it reflects that someone other than you owns the wires and boxes, and that you are beholden to them in all things so long as you wish to do business with them.

Businesses are not obligated to be fair to you unless the government says so.

Re:Your provider allows you? (1)

Anon-Admin (443764) | about 2 years ago | (#41686087)

I ran an anon-proxy for years and the above is not true.

Not all providers prohibit proxies in their TOS!
If you buy the T1/DS3/high speed connection you can set up a server and run your own proxy. I had my own T1 at the time and the only issue I had was my upstream cutting me off from time to time and I would fight them to get the connection back on. That lasted until I had my lawyer send them a letter.

Proxies are not just used for spam, mine was used by millions of people in places like Saudi Arabia, Lebanon, China, etc. There are also steps that can be taken to make sure they are not used for spam. Hell I ran an anon e-mail server that processed over a million e-mails a day and generated less than 50 complaints a week. Every e-mail processed was tagged with a line at the bottom that provided the service information and the abuse e-mail address.

Thanks for all the plugs.You're spamming Slashdot! (-1)

Anonymous Coward | about 2 years ago | (#41685175)

Gee I never would have known those funky ass companies even existed without reading your little story there.

How 'bout stuffing it, spammer!

Fire Your Registrar (0)

Anonymous Coward | about 2 years ago | (#41685183)

Fire your registrar. That is all.

Welcome to cyberspace (3, Funny)

shentino (1139071) | about 2 years ago | (#41685195)

Where administrators are gods of their personal fiefdomes and you have no say in anything unless you happen to own the wires or boxes yourself or are in the good graces of whoever does.

Suck it up.

Terms of Service (1)

mindcandy (1252124) | about 2 years ago | (#41685247)

Do they have a right to block you? .. absolutely .. it was probably buried on paragraph 327 part 6 of their terms of service (which you no doubt read in it's entirety) .. it probably said they reserve the right to suspend service for illegal activity or unsolicited commercial email. You are operating an semi-anonymous proxy service, what did you think was going to happen?

Look on OR-TALK (TOR mailing list) for all the problems those folks have with VPS providers and the like .. no, the server isn't *itself* doing anything illegal, and it's really not your fault that other people are using it for nasty stuff .. but what's easier when you're dealing with a $1/mo customer (hint: answer is not "spend hours on the phone letting you justify whatever it is you're trying to do").

Re:Terms of Service (1)

Anon-Admin (443764) | about 2 years ago | (#41686121)

Ferengi rules of acquisition

#253. A contract without fine print is a fool's document

forget DNS (0)

Anonymous Coward | about 2 years ago | (#41685273)

promulgate the IP addresses and forget using DNS

blame games, politics and spammers (1)

DECula (6113) | about 2 years ago | (#41685335)

"If Spamhaus signed up one of their "spamtrap" email addresses to our mailing list" ...

If you are that freakin paranoid, then you KNOW you are doing something that agitates those of us
that have to deal with the end result of your "work" on a daily basis.

Only you have the power to clean your lists. Go forth, my son. Empower yourself and waste not
another breath in the realm of wizards.

Spamhaus and RBL = evil (4, Insightful)

girlintraining (1395911) | about 2 years ago | (#41685347)

It was a good idea in the beginning; Getting network and system administrators to share their stories of problems on the frontier. And for awhile, it was good. But as these services developed, they decided to start automating the process. And that's when the problems started. As an example, let's say all spammers use open relays. The logic here then is to test for open relays and block any that are found. Spam problem solved! Except it doesn't look at the reverse case: Namely, that not all open relays are used by spammers. In fact, it could be the case that the vast majority of open relays are perfectly harmless and have a legitimate reason for existing.

Now I'm not trying to discuss open relays from a technical standpoint, or the arguments for or against them -- what I'm trying to show is the logic problem in assuming that just because when 'A' is often found next to 'B', that means that 'B' is often found next to 'A'. That's the crux of the problem with the RBL and Spamhaus -- it's a logic fail of epic proportions.

Automation is attractive because it can catch things faster and with greater accuracy than humans can. But humans are better at making judgement calls, looking at the evidence, and problem resolution with other humans. Spamhaus and the RBL fail here because they implimented the automation and then because of their perceived success, they decided Automation Was God and made appealing the decision of its robot overlords increasingly difficult if not impossible. And that's when Spamhaus and the RBL became evil: The process stopped being overseen by humans, started to assume everyone was an evil spammer, and that the solution in every case was to follow the De Facto Anti-Spammer Laws as laid down by its robotic overlords. "Fix your open relay!" became the reply, instead of checking to see whether said open relay had actually sent any spam, or whether there was a good reason for its existance (again: No debates about open relays please! It's just the example!).

Of course, spammers got smarter and started coming up with more sophisticated methods of injecting their crap... which led to more complex robots, and as each new counter-measure was rolled out, the reply to hapless admins caught in the motorized wheels o spammy justice was "It's your problem, not ours!" My advice to system and network admins these days is to not use spamhaus or the RBL, or if you must, make sure your mailboxes and such are setup similar to how gmail and many exchange servers are: Have a separate spam folder, and give the user the option to whitelist anything your filters catch. Ultimately, you're providing a service to them... you have no duty or obligation to anyone else. Make sure they can use what you've given them.

Re:Spamhaus and RBL = evil (2, Insightful)

Anonymous Coward | about 2 years ago | (#41685535)

"My advice to system and network admins these days is to not use spamhaus or the RBL, or if you must, make sure your mailboxes and such are setup similar to how gmail and many exchange servers are: Have a separate spam folder, and give the user the option to whitelist anything your filters catch. "

you, sir, must have unlimited network resources. With spam taking up +90% [1] of internet traffic, you just rolled over and admitted that you
weren't as skilled as the opposition and let them sap your resources. I was hoping for better advice.

---

[1] http://skeptics.stackexchange.com/questions/2175/what-percentage-of-total-internet-traffic-is-spam

Re:Spamhaus and RBL = evil (0)

Anonymous Coward | about 2 years ago | (#41685781)

Spamhaus isn't the only blacklist, but it is notoriously thuggy -- shutting down people who they simply don't like. There are other blacklists out there, but Spamhaus is very popular and runs the show as a popular vigilante would -- "I can do no wrong, and you can't sue me for defamation/libel, because my house is outside of your jurisdiction!"

Re:Spamhaus and RBL = evil (1)

Anonymous Coward | about 2 years ago | (#41685849)

With spam taking up +90% [1] of internet traffic

Err... and peer-to-peer presumably accounts for the other 90% of internet traffic?

Hint: you misread your source in spectacular fashion.

Re:Spamhaus and RBL = evil (0)

Anonymous Coward | about 2 years ago | (#41686609)

I stand corrected. I made a mistake.
Thank you for pointing out my obvious failure to take the time to read my source and quickly pass off the facts..
I can only offer that I am old, grouchy, hate spam and proxies and would like to have all that bandwidth back.

Re:Spamhaus and RBL = evil (2)

girlintraining (1395911) | about 2 years ago | (#41685911)

you, sir, must have unlimited network resources. With spam taking up +90% [1] of internet traffic, you just rolled over and admitted that you weren't as skilled as the opposition and let them sap your resources. I was hoping for better advice.

Yeah, let's have a look here at my current google spam folder... okay, about 64 messages. Each message is at best about 4KB in size. 4 * 64 = 256KB of spam per month. But let's quadruple that, because maybe my mailbox, which has been around since 2003 and subscribed to approximately a hundred lists, is lower than average. Comcast states that the average user uses 1-2GB per month; Ludicriously low, but for the sake of debate let's say the average user only uses 1GB of bandwidth per month. That means that spam consumes 0.08% of a typical user's bandwidth. And that's a front of the envelope number -- realistically, it's probably lower. So 1/10th of one percent of your average ISPs front-end bandwidth (not last mile) is being wasted filtering out spam.

Yeah. I can definately see how it's eating up 90% of all internet traffic. Oh wait... the article says it's 90% of all e-mail traffic, which makes up less than 1% of aggregate internet traffic. Whups! Minor details... they'll fuck you every time.

Re:Spamhaus and RBL = evil (3, Informative)

Imagix (695350) | about 2 years ago | (#41686323)

You're proceeding from a faulty premise. You're assuming that you are seeing all of the traffic being sent to you. Back when I was maintaining the spam filter for our company, 95% of the incoming mail was simply dropped on the floor as being too spammy. The stuff that hits your spam folder is only the stuff that is "marginally" spammy.

Re:Spamhaus and RBL = evil (1)

girlintraining (1395911) | about 2 years ago | (#41687393)

You're proceeding from a faulty premise. You're assuming that you are seeing all of the traffic being sent to you.

My "premise" is that e-mail makes up a very small minority of internet traffic. I'm arguing against the size of the problem as automatically justifying extreme and extraordinary measures to control because of its severity.

Even if 99.999% of all e-mail is spam, the author's original assertion is busted: E-mail makes up a very small amount of total internet traffic. The idea that filtering is mandatory is silly -- even if 100% of that spam went through, it would be a drop in the bucket compared to the amount of traffic for Netflix, or bittorrent, or even just casual web browsing. I'm not against filtering; I just think that the idea we have to cede access control to a third party because spam is so unmanageable is ridiculous. Even if 95% of incoming e-mail was dropped, my inbox still says that would mean ... .04% of the average person's internet bandwidth is spam.

It's like trying to kill a spider with a flame thrower...

Re:Spamhaus and RBL = evil (0)

Anonymous Coward | about 2 years ago | (#41687141)

Because G deepbins most of it without you knowing. Here's a hint...Buy a fucking clue before spouting off on stuff you know nothing about. The internet is much more complicated than that deep fryer you run every night.

Re:Spamhaus and RBL = evil (1)

realityimpaired (1668397) | about 2 years ago | (#41687229)

greylisting stops a lot more spam than blacklisting, and has a zero false positive rate as long as the originating server follows the rfc detailing how smtp is supposed to work.

Re:Spamhaus and RBL = evil (1)

wonkey_monkey (2592601) | about 2 years ago | (#41686193)

Namely, that not all open relays are used by spammers. In fact, it could be the case that the vast majority of open relays are perfectly harmless and have a legitimate reason for existing.

I'm trying to think of one...

Re:Spamhaus and RBL = evil (1)

RandomFactor (22447) | about 2 years ago | (#41687561)

"The process stopped being overseen by humans, started to assume everyone was an evil spammer..."

How is SORBS these days anyhow?

Re:Spamhaus and RBL = evil (-1)

Anonymous Coward | about 2 years ago | (#41687571)

In fact, it could be the case that the vast majority of open relays are perfectly harmless and have a legitimate reason for existing.

Do you understand what an open relay is? An open relay is a server that will accept any email and then send it to its destination. It can't be harmless, as a spammer can use it to relay email. If a spammer can't use it, then it's not an open relay; it's a closed relay. A closed relay may be perfectly harmless and have a legitimate reason for existing. An open relay can't be and doesn't.

It may be that the test that checks for open relays versus closed relays is flawed. Some closed relays that are perfectly harmless and have a legitimate reason for existing may be being misidentified as open relays. However, that's not a problem with the concept of banning open relays. That's a problem with the testing.

People forget, or stop caring ... (4, Insightful)

gstoddart (321705) | about 2 years ago | (#41685433)

every new subscriber is sent a confirmation message by email, and they have to reply to that message, confirming that they really want to subscribe to the emails, before being added to the list

Sooner or later people forget they signed up, stop giving a damn, or otherwise get tired of what you're sending.

If they can't figure out how to get out of it (because, really, who is going to respond to something they think is spam to make it stop), they'll flag you as spam.

Or, something automated comes along and decides that whatever you're sending is spam.

As long as it stops coming when people get tired of it ... they really don't give a crap about what happens to you.

So make it somebody else's problem (0)

Anonymous Coward | about 2 years ago | (#41685497)

> If Spamhaus signed up one of their "spamtrap" email addresses to our mailing list, then presumably any domain mentioned in a message sent to that email, will get automatically blacklisted.

So see what happens if you start mentioning "google.com" or "microsoft.com" (better yet, "spamhaus.com" or "afilias.com") within the email. (Not as proxy servers, obviously. In a separate paragraph, like as part of an opinion survey or something.)

Maybe the domains were alread on the list. (1)

tedhatfield (2754821) | about 2 years ago | (#41685501)

Maybe the domains "drybook.info" and "rootface.info" were already on the list. It's possible that a previous domain holder used those domains as part of a spam run.

Be a rebel (1)

Hentes (2461350) | about 2 years ago | (#41685523)

Post direct IP adresses to your proxies.

OK, so I read the rant... (3, Interesting)

bmo (77928) | about 2 years ago | (#41685551)

In summary:

1. You run a mailing list
2 You *claim* that it's opt-in
3 Somehow Spamhaus gets your list in its honeypots
4. Spamhaus lists you
5. Afilias nukes you, all 10 of your domains.
6. You easily get your domains off Spamhaus by filling out a form
7. Somehow this is Spamhaus' fault and not Afilias for giving you the run-around

Spamhaus has servers that collect spam from the internet by just being on the internet. Spammers blindly send mail to addresses and the Spamhaus servers read the headers to see where they came from. Headers can be forged, but a good algorithm can do the same thing that a human does when reading a header - follow the chain of Received: until it hits the inevitably forged nonexistent or non-sequitur domain. The one before that gets listed at Spamhaus.

Spamhaus has no users on its honeypots that subscribe to lists. They are just "there" on the net silently collecting spam and they give no 5xx or 4xx errors (because, you know, why bother?). The only way for the honeypot to get messages from you is if your list actually contains the addresses of the honeypots.

Spamhaus has a good reputation. They are probably the most reliable blacklisting service out there and this maddens spammers to no end. There are others that shouldn't be used, but Spamhaus is used by nearly everyone who uses a blacklist because of its accuracy.

>If Spamhaus signed up one of their "spamtrap" email addresses to our mailing list

It doesn't work that way. Clean up your list.

--
BMO

Re:OK, so I read the rant... (1)

Anonymous Coward | about 2 years ago | (#41686743)

>If Spamhaus signed up one of their "spamtrap" email addresses to our mailing list

It doesn't work that way. Clean up your list.

--
BMO

More precisely, spam traps are real, valid e-mail addresses that fall in disuse. When hotmail or gmail or whoever finds a mailbox that hasn't been opened in a long time, it has two choices: close the account, or set it up as a spam trap.

If you follow proper list higiene, you shouldn't reach this stage ever. Make sure you unsuscribe addresses that bounce more than once, sign up in ESP's feedback programs, and make sure your list keeps current. The very simplest thing would be to send a reconfirmation mail from time to time.

Re:OK, so I read the rant... (1)

Anonymous Coward | about 2 years ago | (#41686933)

That's not how I read it, although I think he is being obtuse on purpose.

1. He runs open proxies
2. He runs a mailing list advocating said proxies (and others?)
3. He registers 10 new domains to run proxies on
4. proxies running on 2 domains are used to send spam which ends up on a honeypot

continue at your 4.

As far as I can tell, Spamhaus does exactly as advertised, Afilias does exactly as advertised, and he is pissed that the world doesn't bend to his will.

Spammer on your list (0)

Anonymous Coward | about 2 years ago | (#41685609)

It seems far more likely to me that you have a spammer subscribed to your list who got your message and then used two of your proxy urls in their spam messages. That would account for Spamhaus getting involved and the oddity of only 2 out of 10 proxies being blacklisted.

Don't kneejerk react, readers (5, Interesting)

Senior Frac (110715) | about 2 years ago | (#41685687)

Don't talk to him like a noob, people. Bennett has been around a very, very long time. He has had a beef with DNS distributed blocklists for most of that time. Others publishing their opinions gets in his craw when it interferes with his operations. He comes in here periodically with his latest incident to rally the "freedom to do whatever I want" crowd into a frenzy. He also posts lots of other stuff worth reading. *grin*

If one considers the DBL a list of domains who have appeared in emails to spamtraps, then I would contend that it very possible that the "zero false positive" claim holds up because it very well might have happened. If it claims that all listed entities are domains owned by spam operators, then he might have an argument.

Haselton's fundamental gripe is that he should be free to communicate until a real person decides he shouldn't. The fact that automated systems now make the blocking decision, requiring human intervention to override them, is an inverted model compared to the "old internet." (The necessity came from the raw volume of spam) The death of the "old internet" began with Canter and Siegel [http] . Some of our long-term, asylum residents just haven't accepted that fact.

Re:Don't kneejerk react, readers (1)

gujo-odori (473191) | about 2 years ago | (#41687203)

Yeah, I know who he is, and to be forthright, he was not being honest in his article. OK, you could make an argument that he's just a principled wearer of a tinfoil hat, but I believe he was actively seeking to deceive. He knows perfectly well that spammers abuse proxies like his all the time and that they see far more use by spammers than by people actually evading censorship. He also knows, or should know, perfectly well that Spamhaus did not put those domains on a blocklist because they were on his mailing list. They listed them because they were used in spam.

Take a look at the banner ads on those pages. "Get a green card" ads. Looks like he'll take money from _anyone_ to keep his proxies afloat. The end justifies the means, doesn't it?

Automated systems have been making the blocking decision [1] for a long, long time. I've been involved professionally with email and web security since the late nineties and they were doing it even then. Sure, there are some that are not at reliable and have unacceptable FP rates and no problem at all with collateral damage (you probably know who I'm talking about), but Spamhaus is not one of those. My view of Spamhaus is that they are a worthy and highly accurate competitor. I like automated systems. We all know - and I'm sure he does, too - that email would be useless without them.

As for the real person gripe, well, I'm a real person and I make the conscious decision to use automated tools to defend my inbox, so he can deposit that argument in the nearest available spam folder :-)

[1] Technically, of course, they haven't. They merely report what they've observed. The decision on what to do (reject, drop, quarantine. insert header, modify subject, or do nothing) rests with the subscribers to those systems. There's that pesky real person again :-)

Sledgehammer (0)

Anonymous Coward | about 2 years ago | (#41685737)

I suggest hitting the fly with a sledgehammer.

Clearly those entities involved did this intentionally, and a person on your mailing list is an issue also.

1. Immediately change the subject line
2. Immediately start encrypting the emails.
3. Try to identify the person that is ratting you out and get them off your mailing list.
4. Establish new security verification measures.
5. DOX the corporate heads and board members of those entities. They need to be held publicly accountable for the actions their organization took under their leadership. An example of them needs made.
6. Come up with contingency plans if this happens in the future.

Flaw in basic concept (1)

DragonWriter (970822) | about 2 years ago | (#41685765)

Sending new sites only to a subset of the list makes it harder for blocking software companies to join the list and find all new sites as soon as they're released.

Not significantly. Sure, they have to join with multiple recipient email addresses, but that's not that much of a burden. There really is no way you can use email lists or similar direct-distribution methods to get information to anonymous strangers who you want to have the information and simultaneously keep it out of the hands of people you don't want to have it.

former small mailadmin (0)

Anonymous Coward | about 2 years ago | (#41685789)

I used to run a few tiny mailservers, and did some bulk mailing that was... legit, unpurchased opt-in.

There's...a few ways you can end up...out of graces in spamtraps. And believe me, I *do* support spamtraps and tarpits. Even run some -- and it can get your domain banned from my network in a blink.

Of course, I run this with on, and using my own networks and addresses while augmenting other tools.

Take these items individually, and/or in combination -- but any of them can mess with double opt in and make you look like a spammer

1) Crappy filters with forwarded email that blame any relay involved (e.g. if you subcontract email).
2) Forwarded email from anonymization services that strip headers.
3) If a users account expires somewhere, and is rapidly reclaimed
4) If the user's domain expired/sold/purchased by some tech savvy person who set up an MX record forwarding everything -- either in courtesy or malice.
5) Plain old malicious header tampering while abusing other open relays in pre-spf days... which not everyone runs now. Any decent place would spot the forgery... but combine this with the above...
6) NS tampering/poisoning. This is a hypothesis I have dated back to a corp where I found some foreign sites that iframed us by ipaddr, and where the local browsers seemed to think the outer webserver was...our dnsname. I think poisoned DNS, or proxied DNS with weird corp firewalls... who knows. But without dnssec, the simple matter is the owners really can't guarantee that a name or IP actually resolves as believed. If corp programmers can do it, or spooks can do it... so can spammers to hide themself.

Re: #5 -- The backscatter from some romanian motherfucker hit so bad it DDOS'd the corp network offline for three days.

What were we going to do, call our ISP and ask them to drop all 25 to our MX ?

Blacklist owners are never contactable (4, Interesting)

amorsen (7485) | about 2 years ago | (#41685841)

I do not believe it is possible to be contactable and run a blacklist. It would require an army of support people, and most of the blacklists just do not get the kind of income necessary to pay for that.

Blacklists are a pain to deal with in general. Some simply hold you for ransom. Yet it is also a pain to run a mailserver without blacklists, so... Spamhaus has fewer false positives than most, in my experience, but it is stupid of them to claim that any list has zero of them.

we've had a blacklist problem... (1)

tommeke100 (755660) | about 2 years ago | (#41685895)

Turned out one of our project managers had his laptop pwned and was used to send out spam. Took us 50$ per time to remove our domain from the blacklist (at first we had no clue why we were blacklisted). And several times before we found out his laptop was part of a bot-net. If your proxies are used for the same purpose, it's normal they're getting blacklisted. Of course that doesn't mean your registrar can just take them offline.

No such thing (0)

Anonymous Coward | about 2 years ago | (#41685939)

There is, quite simply, no such thing as a "zero false positive" list, at least in terms of virtually any list of this size. Claiming such is a claim to infallibility, which is indicative of one or more serious mental disorders. Any company would be ill-advised to do business with somebody who espouses such an absurd claim.

Spamhaus DBL is not the problem (1)

Local ID10T (790134) | about 2 years ago | (#41686039)

The misuse and abuse of the spamhaus DBL is the problem.

It was never intended as a tool for registrars to use in vetting customers.

It does not (as the OP suggested) add entries based on their inclusion in a list contained within an email message.

It does collect, and collate, information from email providers, users, ISPs regarding domains from which spam has been sent. If the OPs mailing list were the problem, the domain from which the list is sent would be the one marked as a spammer if that were the case (so the info regarding following best practices, and using opt-in confirmation, etc is irrelevant here...)

If the OPs clients are using the provided proxy's to send their spam from, they could very easily end up on the spamhaus DBL -and they should!

Deal with your clients. If you have a TOS, find a way to enforce it.

Deal with your providers. They are in violation of their own rules, and you can call them on it, if you care enough.

Re:Spamhaus DBL is not the problem (1)

Senior Frac (110715) | about 2 years ago | (#41686351)

Check me on this.

Haselton has long been an advocate of open mail servers. For the longest time he claimed to have been running one and that he had his own system to control the spam through it. I admit I never really cared what his system of control was. He continued to run one at the same time the industry was quickly realizing that open mail servers were a bigger nuisance than they were worth, so were locking them down to send outgoing mail only from their internal netblocks and terminating the spammers on their own network.

I must assume Bennett's system was not perfect, because the DNS blocklist operators would occasionally list him, at which point he would raise a ruckus about the evils of blocklists rather than accept the facts showing the evils of open mail servers in the first place. This sure feels like an extension of that, with the consequences being applied to his domains instead of his mail servers.

spam house died 5 years ago (0)

Anonymous Coward | about 2 years ago | (#41686059)

Spamhouse was corrupt from the founding; it was originally founded for the purpose of black-listing competition. It hasn't even been fairly reliable for the last 5 years. No legal e-mailer uses it anymore.

Re:spam house died 5 years ago (0)

Anonymous Coward | about 2 years ago | (#41686077)

Also to spamhouse " spam = any non-personal e-mail wanted by the recipient." Since they do don't care about you, even if you could write them they would call it spam also.

Legit .info user? You must be the first. (4, Interesting)

dbc (135354) | about 2 years ago | (#41686149)

I've yet to receive any piece of e-mail from a .info domain that wasn't spam. Simply matching on .info is the most reliable filter I've found for identifying e-mail from scumbags who deserve death.

Anyone else notice this?

Re:Legit .info user? You must be the first. (0)

Anonymous Coward | about 2 years ago | (#41687207)

I use .info domains for all of my personal crap. Admittedly, none of it sends email...

Re:Legit .info user? You must be the first. (1)

BeanThere (28381) | about 2 years ago | (#41687333)

Sigh .. this type of stupid attitude reminds me of the bad old days when I would listen to blowhard admins arguing (I'm not kidding, I still had arguments on /. about this) "I've yet to see legitimate email from China, so I've blocked all emails from China automatically". Apparently nowadays morons block entire top-level domains .. that is a massive WTF.

Re:Legit .info user? You must be the first. (2)

omglolbah (731566) | about 2 years ago | (#41687563)

I dont have any users on my server from russia and most if not all of the -stan countries...
Blacklisting the whole ip-ranges in my firewall cut down the brute-force login spam from tens of thousands to the occasional one.

Hardly a solution for a proper service, but for a private server used mostly by friends it is a simple solution to an annoying problem :p

Your password was (1)

m1ndcrash (2158084) | about 2 years ago | (#41686373)

123456 trolololo

tl;dr version (0)

Anonymous Coward | about 2 years ago | (#41686935)

You supply proxies to spammers and got blocked.

I have to challenge this (5, Insightful)

gujo-odori (473191) | about 2 years ago | (#41687013)

Like the subject says, I have to challenge the claim that Spamhaus is wrong (full disclosure: I've been professionally involved in email and web security for more than a decade, but am not, and have never been, affiliated with Spamhaus. I do, however, hold them in high regard).

First of all, when I went to those domains, what was the first thing that caught my eye? "Get a green card" ads for usagc.org. I'm not specifically accusing usagc.org of spamming, but these sorts of businesses are most typically advertised by spam. I'm sure you've seen some.

Next, those sites are open proxies (by design). Anyone can create a URL like this: http://rootface.info/ojgnl.php?ZlQc9TMpAmsr3onaDWV0g=t1wn6QmM0TaAEo7rD%2F%2Bm%2Fy%2B365U2AwdnE4VH60DF8%2BU%3D [rootface.info] (nothing dangerous, it goes to cnn.com, but of course, you shouldn't trust me) and send it out in spam advertizing whatever they want.

Finally, you do not appear to state anywhere in your article that Spamhaus said your proxy mailing list was the source of the spam complaints (although they would not tell you if it was), and I doubt that it was. The most likely scenario is that someone abused your proxies to send spam, and since running an open proxy (regardless of noble motive) makes you complicit in that abuse, Spamhaus listed those domains.

Whether the registry's actions were justified or correct is a separate consideration. Maybe they were, maybe they weren't, but you are claiming without evidence that Spamhaus made a mistake. I'm pretty confident they didn't, for the reasons outlined above.

How useful would this be to your competitors? (0)

Anonymous Coward | about 2 years ago | (#41687425)

...I mean, you have just shown us quite an easy way to dos you. Or, indeed, any other operator. Just find a quick way to report them for spam, and away they go....

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?