Media accounts claim that the latest non-government cyber-Armageddon — a Distributed Denial of Service attack on anti-spam service SpamHaus by unidentified attackers alleged by some to be acting on behalf of “pretty much anything goes” web host CyberBunker — reached such proportions that it may have actually slowed down the Internet in general. As I write this article, the attack on SpamHaus appears to have ended in failure, but CyberBunker itself has been taken down in (direct or indirect, who knows) retribution.
As US Vice President Joe Biden might put it, this was a big —-in’ deal. The attackers deployed DDOS resources nearly an order of magnitude more powerful than those typically seen in large-scale cyber attacks, and so far as we know they didn’t have the resources of a state at their disposal. Lots of juicy implications there with regard to governments’ ability to attack Internet freedom versus users’ ability to aggressively respond. But that’s not what really caught my attention.
Maybe I live under a rock or something, but I had never heard of SpamHaus before this incident. I knew there were non-user-level “anti-spam services” available, but I hadn’t ever considered how they might work or what impact they might have on the essential openness of the Internet.
According to its web site, Spamhaus “is an international nonprofit organization whose mission is to track the Internet’s spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam gangs worldwide, and to lobby governments for effective anti-spam legislation.” It “maintains a number of realtime spam-blocking databases” which “are today used by the majority of the Internet’s Email Service Providers, Corporations, Universities, Governments and Military networks.”
Now, I don’t like spam any more than most people like spam. But what I like even less than spam is the idea of some centralized organization deciding what is and is not spam FOR me, without me ever seeing it, and deleting the things its operators don’t think I SHOULD see. Especially if that organization associates itself with “Governments and Military networks.”
Call me old-fashioned, but I’m comfortable handling my own spam policing duties. Yes, my preferred email client (Gmail) does tentatively class a lot of mail as spam, but it doesn’t just delete that mail. It sticks it in a different folder than the usual stuff, and I’m free to peruse that folder, decide that some of the things in it aren’t spam, and arrange for them not to be treated as spam in the future.
Spamhaus looks, well, dangerous to a free and open Internet. And as we dig into the details of its dust-up with Cyberbunker, even more so. The kerfuffle didn’t start this week. The attack on Spamhaus wasn’t preemptive, it was retaliatory. And while the attack on SpamHaus was along the lines of a “surgical strike,” albeit with some alleged “collateral damage,” its previous actions were more like dropping a nuclear weapon on a city full of innocent civilians.
In 2011, Spamhaus identified Cyberbunker as the host from which a spammer was operating. Instead of simply adding that specific spammer to its blacklist, SpamHaus attempted to intimidate CyberBunker’s upstream provider, A2B, into shutting down the entire hosting service. When A2B declined (while shutting down the specific spammer in question), SpamHaus cleared its Enola Gay for takeoff and dropped a Little Boy, adding all of A2B’s IP addresses to its global blacklist. A2B filed an extortion complaint with police; it’s unclear whether the matter has since been litigated.
If SpamHaus only worked with private sector service providers, I’d probably just write them off as a bad idea and ask my own ISP and/or email provider not to use them. But their publicly disclosed (nay, promoted!) associations with “Government and Military networks” make them more than just a bad idea. SpaumHaus is effectively a transnational Internet secret police force, in the service of various governments, acting with an arrogance, impunity and absence of accountability which poses a clear and present danger to the Internet itself. Here’s hoping that the recent DDOS attack is followed up with more effective countermeasures.
Citations to this article:
- Thomas L. Knapp, Spamhaus v. Cyberbunker: More than meets the eye in Web battle, China Post [Taiwan], 04/03/13
I think you may be misunderstanding how Spamhaus works. No one is forced to use their blocklists, and they don't do any blocking themselves, but almost everyone uses their lists because they're useful. In fact, I suspect Google at least takes it into account when deciding whether or not to mark a message as spam. The blocklist is also open for anyone to use, so you can set up your own email service if you want, and still have automated spam blocking (or filtering).
As for why they block ISPs that allow spam to be sent: Their blocklists wouldn't work otherwise. If they block one IP address, the spammers will just ask their hosting company to switch their IP and then continue sending spam. Instead of being vindictive about it, they immediately remove ISPs from blocklists when they've solved their spam problem.
In my opinion, Spamhaus is a great example of people voluntarily working together to solve a problem without the need for force.
Brendan,
I understand your point about "voluntarily working together" … but I'm still skeptical.
First of all, "government and military networks" are not examples of "people voluntarily working together," and it's unclear to me how these block lists work, e.g. whether or not the networks in question merely block receipt of email from a blocked node on their own servers, or whether they also deny packet transit, etc.
Secondly, in the case of A2B, SpamHaus did not just block an ISP, it blocked that ISP's upstream provider, upon which other ISPs not accused of hosting any spammers presumably also depended; and it appears to have done so by way of extortion beforehand to get what it wanted instead of what A2B thought was appropriate, and by way of vindictiveness after A2B handled the problem its way instead of SpamHaus's way.
In terms of "voluntarily working together," it sounds to me like SpamHaus may not be very good at that … which would be neither here nor there in a free market. But we're not in a free market, we're in a highly regulated market and of the 1 and 3/4 billion mailboxes SpamHaus claims to be "protecting," I doubt that as many as 1 in 1000 have asked for that "protection."
How exactly is Spamhaus forcing anyone to use their lists though? Email providers use it because Spamhaus does all of the work and provides high quality blocklists. Users of email providers generally want spam blocked (this is one of the big reasons GMail is so popular, even after other services have caught up in terms of storage space). And there's plenty of competition in email providers: Quite a few companies will give you free email service, even more companies will let you pay for email service, and anyone with $10 can buy a domain name and set up their own email server.
Whether Spamhaus is right to go after network providers is hard to say, but the fact is that the only power they have is that *they've done so well at this job that email server administrators trust them*.
"it's unclear to me how these block lists work"
Take a look at http://www.spamhaus.org/whitepapers/dnsbl_functio… . I can give you further details if desired, but the bottom line is that the blocking happens at the "user (mail)" application level, so it does not affect packet traffic which occurs at a lower level.
However, an unfortunate side-effect of IP-address blocking is that innocents get affected by a spammer in their "mist". The IP-address flagged as blocked may be an IP-address range, so several nodes in the range aside from the spammer itself get effectively blocked. The address range owner then has to request Spamhaus to unblock the innocents.
David de Ugarte at Las Indias Group recently blogged about how SpamHouse once effectively shutting down their email communications for a whole week simply because they hosted their mail in an Amazon server. He says that "even though they rectified, it is clear that they never take any responsibility for the costs they generate for people or companies."
They are just one of many blocklists, the problem is that very often the non-profit I worked IT for would fall into one of these for sending out an email blast to everyone on the membership list. And then AOL would block a few members. It made it not worth running an email server and I sent them off to another server for quite a while. Now they go through constant contact.
The hassle of keeping your site out of the spam list these nosey bastards create is way too much work. So we use services like MailChimp or Constant Contact which is a paid service, and SalsaLabs would be another one that has a dept, that just deals with dickheads like SpamHaus on a daily basis for you.
the problem isn't exactly a list of spammers that IT sysadmins can use to protect their servers, it's just that right wing technocratic politics is obviously governing the process of who is a spammer rather than actual analisys.
Always seems like a right wing thing to "cleanse the Internets"…..
Joe,
You write:
"the bottom line is that the blocking happens at the 'user (mail)' application level"
Actually, it doesn't. At least not with all the block lists. They have a "DROP (Do Not Route or Peer") list which they suggest backbone operators (including governments) block from sending traffic over their networks at all.
"How exactly is Spamhaus forcing anyone to use their lists though?"
Through intermediaries.
For example, Saudi Arabia's Internet traffic all runs through a government backbone. If that government backbone uses SpamHaus's lists, especially the Do Not Route or Peer list, then every user in Saudi Arabia is being prevented by its government — with SpamHaus as that government's agent — from full access to the Internet.
Wow, so much ignorance and misinformation in one article. Sorry but you're really a "senior news analyst" at Center for a Stateless Society? Spamhaus can not block anything, they just publish lists. Don't want to use their lists? Then don't. Prefer to use Gmail's spam filter? Excellent choice because guess whose realtime data Gmail uses for their spam filter… yup you got it.
Really. Have you read what the DROP list is a list of? Do you honestly think your family and children would be better off behind a network that uses Spamhaus DROP or behind a network that does not protect customers from known netblocks operated by cybercriminals for the sole purpose of infecting their PCs with trojans and malware?
I'm just glad I can peruse the contents of the Spam folder created by Gmail (and then downloaded to my Thunderbird as such), since about every third day, one or more of my paying clients sends me something that finds its way there! As long as I can still make those choices, Spamhaus doesn't concern me much.
If you are worried what others are doing to your mailbox you can run your own server and then be in control of what comes in and out of your mailbox.
Doing anything less than running your own server means you are under the whims of the filtering options of your email provider. And not runing your own server means you are not 'managing your own spam filtering' as the author claims they wish to do. In fact once can see that c4ss.org is allowing Google to process their mail.
The MX records on file for c4ss.org are as follows:
c4ss.org mail is handled by 21 alt1.aspmx.l.google.com.
c4ss.org mail is handled by 30 aspmx2.googlemail.com.
c4ss.org mail is handled by 31 aspmx3.googlemail.com.
c4ss.org mail is handled by 32 aspmx4.googlemail.com.
c4ss.org mail is handled by 33 aspmx5.googlemail.com.
c4ss.org mail is handled by 10 aspmx.l.google.com.
c4ss.org mail is handled by 20 alt2.aspmx.l.google.com.
Google, as an example, fails anyone with a small DKIM key. And Google was listed in rfc-ignornant.org as not email system complaint with their gmail.com product. Who is your postmaster – a job that someone is supposed to have to make sure email gets to where its supposed to go.
And then AOL would block a few members
Are you sure that end-users did not report the message they didn't want as "SPAM" and that is what landed you on the blocklist?
End users have tools and training to report messages they don't like as spam rather than unsubscribing to your spam^H^H^H^Hemail blasts.
Spamhaus does all of the work and provides high quality blocklists.
One doesn't even need to "block" the spam. Just hold the connection open while the message is being checked and if it fails, send back a message requesting a phone call to address the email not getting through.
Milter in Sendmail was the 1st tool to allow that. And in the years of using it on thousands of email boxes, I only know of 3 phone calls and the caller was added to the whitelist which then bypassed the checks. (and in one case they un-whitelisted them 2 weeks later because they really didn't like the "email blasts" they were getting.)
It is obvious that Mr. Knapp has never attented NANOG or spent time with backbone engineers. Because there are filters into gmail that stop some locations from sending email into their servers. He really doesn't understand what an unfiltered connection looks like, so when he claims he is 'old fashioned' and 'wants to handle his own spam filtering' – he's really not being either with the gmail setup.
You arn't going to gain any traction with any of your points until he decided to run his own mailserver and be "old fashioned" and "handle his own spam filtering". I'd prefer he'd run it where the ISP doesn't do any of the filtering for him, but filtering rules are standard for all the ISPs so you have to be a rare duck with your own AS Number and a class C block in the swamp to see the mostly unfiltered Internet.
And rather than argue with him – I'd like Mr. Knapp to rise to the challenge and run his own mailserver. Then he can report back to us all in, say 6 months of operation of said server, how well he's doing managing his spam the 'old fashioned' way without 3rd parties applying filtering rules.
Ya up for it Mr. Knapp? Perhaps then you can then show how to apply 'market forces' and anachism to solve the spam problem. As that is the purpose of the site why not a working demonstration of how you came, saw and conquered.
It is painfully obvious that most of the above people who post in support of spamhaus are either directed to post here under spamhaus order OR who are simply disillusioned into believing that "all spamhaus does is maintain a list". Spamhaus does not simply block ips that are spamming, they also block *intentionally* innocent bystanders by way of what they call "punitive listings". Basically the way it works is that spamhaus lists an ip for spam and then if the ISP does not listen to their demands to remove the customer they will begin expanding the listing to cover unrelated IP space by the same provider until they list the entire network. This has the effect of entirely blocking email from ALL of the ISP or web hosting companies customers. If then, the ISP still does not weaken their stance on the customer in question, then Spamhaus begins to call the ISP a "spam supporting service" and then lists them as a spam gang, begins tracking the hosting provider and starts a slander campaign. They also start to pressure their upstream providers to shut down the entire ISP/hosting company by beginning to list the upstream isp's ip addresses. This is extortion/blackmail. "If you do not shut down the ISP we are calling a spam supporter, we will list YOUR network now and continue to until you cave in to our demands. They do this constantly and anyone who watches daily updates of their SBL lists can easily see this happening. For them to list disney, victorias secret, radio shack, Michael's art supplies and more is just ludicrous. They use terms that inflict harm on the companies they list. Calling things criminal and or "aiding and abetting" to any ISP who does not cave in to their pressures. They play judge jury and verdict and the general public is unaware of how much legitimate email is being blocked by this outfit without their knowledge. Yes, ISP's are not "forced" to use their lists to block email, but if they KNEW the tactics that spamhaus uses they would re-consider. Perhaps we should make a list of sites that aid and abet spamhaus by filtering email based on their "blacklist"? These ISP's should be made to know what spamhaus actually does and how they do it. Although I agree a DDoS is an immature solution, I *do* support the need for blogs and a listing of ISP's who support the extortionists at spamhaus. They are unknowing aiding a, in my opinion, out of control, "bigger than the law" type mafia organization which damages American business and threatens jobs and business income. We need to expose them for who they really are: They use bully tactics, they bank in know tax havens, they have no legitimate business registrations trackable back to any real owners or responsible parties, they operate "above the law" and maintain a god complex in all regard. Basic research can show they have taken bribe money to remove listings. They call themselves a non-profit, volunteer organization. This is NOT true. They have many companies they use to "collect and launder their income" try spamtec, http://mxtools.com, WordToTheWise and more.
My recent post Germany and France 'will block David Cameron's plan for a new EU treaty'
Spamhaus is using "spin" to throw off the media. They have a force of people on twitter and other social media tweeting in support of what they do, yet those people who they recruited do not address the problems addressed above. They LOVE to keep saying "It's just a list". "I't just a list". This is NOT true and they need to stop saying that and NOW. They are masters of deception and media spin.
They fail to address also that what they do may be illegal in some countries! YES! Illegal! Allow me to demonstrate:
"A list of individuals or organizations designated for special discrimination or boycott; also to put a person or organization on such a list. Blacklists have been used for centuries as a means to identify and discriminate against undesirable individuals or organizations. A blacklist might consist, for example, of a list of names developed by a company that refuses to hire individuals who have been identified as union organizers; a country that seeks to boycott trade with other countries for political reasons; a Labor Union that identifies firms with which it will not work; or a government that wishes to specify who will not be allowed entry into the country. Many types of blacklists are legal. For example, a store may maintain a list of individuals who have not paid their bills and deny them credit privileges. Similarly, credit reports can effectively function as blacklists by identifying individuals who are poor credit risks. Because the purpose of blacklists is to exclude and discriminate, they can also result in unfair and illegal discrimination. In some cases, blacklists have done great damage to people's lives, locking them out of employment in their chosen careers or denying them access to influential organizations. For example, if a labor union makes a blacklist of workers who refuse to become members or conform to its rules, it has committed an Unfair Labor Practice in violation of federal laws. Blacklists may also necessitate disclosure laws. State and federal fair credit reporting acts, for example, require that access to information in a credit report must be given, upon request, to the person to whom the information applies.
My recent post Germany and France 'will block David Cameron's plan for a new EU treaty'
The most famous instance of blacklisting in U.S. history occurred in the entertainment industry during the 1940s and 1950s. Motion picture companies, radio and television broadcasters, and other firms in that industry developed blacklists of individuals accused of being Communist sympathizers. Those firms then denied employment to those who were named on the blacklists. "
I do not want to plagiarize so I will reference the following if you want more info…
Further readings
Vaughn, Robert. 1972. Only Lies: A Study of Show Business Blacklisting. New York: Putnam.
I could type all day on this subject as I find anything that blocks open communication on the internet very bad for everyone. YOU SHOULD BE AWARE OF WHO IT IS YOU PLACE YOUR TRUST IN TO BLOCK EMAIL ON YOUR BEHALF.
I INVITE YOU TO PARTICIPATE IN THIS AND RESEARCH SPAMHAUS. Do not just "take for granted" that what they do is good. They make themselves out to be the angle of the internet but that is sadly not true. MANY MANY Businesses have been adversely affected by Spamhaus. Medical Practices, Dental Offices, Retail Sales stores who send out payment receipts by email!! REALLY! Imagine walking into an apple store, buying that new ipad you wanted and they ask you if you want your receipt emailed…. you get home find the ipad does not work, go to your email and Voila, no email is there because your ISP uses spamhaus and has set their mailserver to REJECT any email that is on the spamhaus list. YES, this happens, ALOT.
My recent post Germany and France 'will block David Cameron's plan for a new EU treaty'
The reason this is not well known is that many ISP's FEAR spamhaus retaliation against their public acknowledgments that spamhaus is in the wrong. I call on ALL bandwidth providers, hosting companies and ISPs to BOYCOTT spamhaus and stop using their lists. I call on people to create lists shaming the ISP's who DO continue to block email with their lists.
Note: Did you know that spamhaus is a clickable option in many home appliances now? Yes! Sonicwall firewalls, your media players, many internet connected devices and more! There is NO WAY this orginization is a volunteer organization. Research this, take my challenge and you will FIND the truth. It is out there. Search for other terms not just spamhaus.
"Man behind illegal blacklist snooped on workers for 30 years"
"Shipyard worker was on 'illegal' blacklist"
Thats RIGHT…. Spamhaus CLAIMS To be in the UK right? It seems blacklists are illegal there!!
"Concerns over illegal blacklist"
"ICO closes down illegal blacklist database"
There is MORE AND MORE showing how blacklisting can be very illegal even in Spamhaus "home town".
Another question, WHY does Spamhaus bank in seychelles? Offshore banking? REALLY? What do they have to "hide" as a volunteer organization? Why the smoke and mirrors? Why the FAKE names? (yes people who run their blacklists are even more elusive than the people they claim are spammers.
I want everyone to go FIND ONE NEGATIVE THING ABOUT SPAMHAUS AND COME REPORT IT HERE.. YES THERE IS TONS.
Just do it. We need a fair and balanced reporting of what is going on with spamhaus, not just the board whores above who are related to the spamhaus cause.
My recent post Middle East will be unstable for decades if rebels take Syria, says Assad
Spamhaus is sh$thouse. They block people's personal emails for no good reason then if you complain they say "You are infected with a Trojan virus, so you must follow these links and do a scan". So you follow their confusing instructions but find no such virus. You check with your Server and check your settings. Again no problem. Anyway, who the hell made them God of the internet?. What right have they got to block an email you send to a friend because they think your Server is using a slightly incorrect setting. You had been emailing that person for years, now suddenly they find a fictitious problem. Spamhaus are a bunch of parasitic, paranoid trolls, invading our free use of the internet and wasting our time. They are the ones that should be blocked, blacklisted and banned from the internet.
The "interesting" part of this spamhous "debate" here is that email is "best effort" and you have no 'guarentee' that your email will get where it is going. Email, like most every other function on the Internet is 'best effort'.
Fundermental lack of technical understanding abound "What right [do they] have … to block an email you send to a friend because they think your Server is using a slightly incorrect setting." Any blockage is done by your friend and the email server your friend is running. Best ask the friend.
Best effort?? What rubbish! Emails worked fine between my friend and I for years, then suddenly Spamhaus comes along and they find a problem, which they can't seem to clarify. There is no question that the blocking is being done by Spamhaus. My friend has no choice because that is the anti-spam that his Server is using. My friend knew nothing about it. Spamhaus is just an internet bully which thinks it can dictate terms to internet users and Servers.
I agree with everything you say here. Blacklisting should only be done to genuine spammers who are sending out spam (i.e. advertisements in multiple emails). Instead they are harassing honest internet users and wasting people's time. I personally know of business people who have lost sales and reputation due to bouncing emails. If you contact Spamhaus for help, they behave as if 1) they have every right to block people, 2) they have all the answers, and 3) it is your problem, so it is your job to find out why you have been blocked. They are like some kind of self-righteous internet Gestapo.