Dutch ISP A2B Internet has filed a complaint with the police after it claimed to have been "blackmailed" by London-based anti-spam outfit Spamhaus. A2B managing director Erik Bais told Webwereld (report in Dutch) that Spamhaus "has gone too far". The Spamhaus Project is an international organisation, founded by Steve Linford in …
No it's not
It's like denying entry to a restaurant because other guys who arrived on the same public transport don't meet the dress code.
Perhaps to blacklist innocent net users because their hosts are on the same netblock as other perpetrators is libel.
This sort of behaviour makes Spamhaus unreliable. How many Spamhaus users expect this sort of behaviour?
It's more your customers are prevented from getting into your restaurant because you havent paid the protection money/associate with the wrong people.
Spamhaus != mafia as the mafia have better PR
Sorry bro, must disagree
This is exactly the behaviour that spamhaus users expect. Remember: Spamhaus don't block anyone - they list them. Spamhaus users (mail operators) can choose to use their list on it's own, in conjunction with their own whitelists, with other lists in a scoring system......or not at all.
Spamhaus, as a matter of published policy, require ISPs to prevent spam emanating from their networks or they will be listed. To avoid listing the ISP must police it's network, and if they don't the whole ISP may be blocked.
Well that's all of them then.
Name one that doesn't?
I was thinking the situation was more like you being denied entry into multiple restaurants because some third part objected to the way you were dressed the other night.
Analogies? I've heard a few...
Maybe more like not being allowed to leave the restaurant you own because someone doesn't like the fish soup, as well as not allowing anyone else to enter your restaurant, until you stop serving not only the fish soup, but anything else prepared in the same kitchen.
The bloke next door is an amateur chef, a good mate, makes fish soup and you sell his fish soup on your menu. Some of your customers get sick as dogs, as his kitchen is actually an unlicensed, roach infested hellhole. The soup is identified as the most likely culprit and you are advised to stop selling it.
You decide that you don't want to upset your mate and would rather carry on giving your customers the shits, 'cos you don't give a toss about them.
Then you act all surprised when someone writes a letter to the local rag about how they got gyppo tummy at your restaurant, loads of people read it and your trade disappears overnight.....
Anyone know of any good restaurants, I'm hungry now.
You sure as hell better stay away from the fish soup though
No. It is like a restaurant full of robbers, people trying to sell you fake items and drugs, while trying also to steal you your credit card and other data.
When a restaurant guide publishes "hey, avoid that restaurant if you don't like robbers, drugs sellers and so on" the restaurant reacts against the guide instead of looking at its customers.
I like Spamhaus. Without it instead of getting the mail I want to receive in my mailboxes, I would receive thousands of spam items because I have some public addresses. And spammers exist only because ISPs allow that. Probably because they have to buy more domains, IPs and bandwith than the average company. Will you rent a house of yours to known criminals?
You don't have to..
You don't have to use their service if you don't like it.
Remember, Spamhaus doesn't block anything. The ISPs and businesses that use Spamhaus's blacklists can choose to block what they want on that basis, the same is true for other blacklists. The general principle is that if an ISP doesn't act on spam, then it has a negative impact on the reputation of the whole of its IP range, which I think is fair enough.
Perhaps in this case we should be annoyed about an ISP allowing spam to take place, rather than Spamhaus blacklisting them.
I'd be interested to hear the reasons behind the 2 down ratings above.
Personally I'd agree, why is an ISP allowing spam to be sent? Its certainly not in their interests. What opposition would they have?
-Different Anon from above!
OK, I'll bite:
"You don't have to use their service if you don't like it."
OK, that's great. I'd like to send some emails. Oh, they don't seem to get through; they are blocked. I'll just un-use Spamhaus and then send the emails again?
How do I choose to not have my emails blocked? I suppose it is possible if I suddenly change ISP; but that takes a lot of work, especially with rented rack-space etc.
Would it also be fair for Spamhaus to say "A few bad emails have come from USA. They don't seem to be stopping them, we are blacklisting all USA"?
Define "spam", you idiot.
How the hell is the ISP suppose to know if it's spam or not?
And who made them judge, jury and executioner anyway? Same applies to SpamHaus.
The key word here is accountability.
While it is true that Spamhaus doesn't block anything, but its market penetration is so large, that it has enormous influence without any sort of accountability. That is a BAD thing, evidenced by the bullish behaviour described in this article.
You attempt at giving Spamhaus a carte blanche, since it's "your ISP's choice", is flawed from its very conception. Once you find your company mail server's IP blacklisted, and happen to lose business because of it, you'll start to understand my opposition.
Spamhouse has a lot of clout, yet there are no clear guidelines saying how far they can go. This is a position open to all sorts of political influence and I'd hate to put so much power to a body which clearly lacks ethical standards and can lower itself to the described behaviour.
And I'll bite back...
You want to send mail.
Your mail is blocked.
Because your ISP isn't policing their own networks and allow spammers to thrive.
What can you do?
Find another ISP that does police their networks and are not blocked.
You have to understand Linford's logic.
The goal is to get the ISP to modify their behavior and be good net-citizens.
You can always start by asking.
Unfortunately there's money on the table (pink-sheet contracts) where the ISP will give you lip service and play games.
You can threaten verbally and again, at best you get lip service.
Finally, you can choose to shun them.
This is where you block their IP blocks until they change their ways.
This is the most effective because you now are forcing the ISP to realize that the money they get from the pink-sheet contract with the spammer is now less than the money that they are losing from other paying customers who's business is being affected.
Now in defense of Linford...
1) Blocks usually start off small. Like a /24 netblock (class C). ISPs sometimes tried to play a shell game by moving the spammer's netblock. So then more netblocks get blocked and if there still isn't a resolution, then larger netblocks are blocked.
2) Blocks are not permanent. If the ISP does the right thing, the blocks are removed.
3) Most ISPs work well with Spamhaus because they use Spamhaus in their mail filtering blocks so that their customers don't get as much spam as they could.
You may not like Linford's methods, but lets face it. They are effective and they are based on past experiences and human behavior.
BTW, if your emails are getting blocked, you are either sitting next to a spammer, or you are the spammer. If you're not the spammer, you can bitch to your ISP. They play dumb and do nothing? Find another ISP. Trust me, its worth it.
@Ian Michael Gumby
So one IP address sending spam is means the ISP isn't policing it's network? Aside from the fact that there are almost no ISPs who do police their network, locking out an entire ISP because of one address is ridiculous beyond measure. Especially since they did block that IP.
If the ISP doesn't do something about the offending spammer yes.
One IP address sending spam shows that you have a spammer on your network.
It's what you do next that determines how Spamhaus treats you; get rid of that spammer and you will not be blocked.
Make a half-hearted attempt to restrict the spammer without actually removing their ability to spam from that domain; and you will be considered 'spam friendly'
Spamhaus treats both spammers and their supporting network of spam friendly isp's with equal contempt; and I am glad that they go after the support networks as well as the offenders. Seeing the reaction of the spammers here(*) I think the Spamhaus behaviour has been totally vindicated and my determination to continue using their services to help keep my inbox clean has increased.
(* Given the sudden appearance of some anti-Spamhaus people here; I'd like to say a big howdie to all you spammers lurking and posting as AC's and sockpuppets! You do realise you are miserable little lowlife with small penises don't you?)
ISPs do police their networks
Being an active spamcop(.net) user for years, I have seen almost all ISPs (except couple of black hats) do care about even the semi anonymous reports they get and even care to report back to spamcop. You heard the "lame" AOL? They have unplugged 2 virused/open proxy consumers and reported back to me, semi anonymous spam reporter from nowhere. Not some prestigious RBL.
Actually, I don't do business with any ISP who seems not to care and trust me, these days your IP block's "prestige" matters. You may one day figure you have to use captcha even for google searches, ad companies blacklisting your page, users get warned when visiting your site etc.
I agree the "license to use internet" is absurd but seriously, if you don't manage your IP pool, you don't deserve to own IPs at all. We don't talk about dumb.ignorant,zombie PCs. We talk about assigned IP pools.
Yeah, problem is, it's not just spammers who are inconvenienced by Spamhaus. It's everyone who wants to use that IP address in the future. If that IP address is an ISP's proxy/cache server that could be thousands of people.
Many people complaining here -I think you'll find- are sysadmins and people responsible for company mailservers who have been torpedoed by Spamhaus in the past; and who have had to spend maybe weeks trying to restore service. Appeals seem to be met with a "we've listed it, so fuck you if you don't like it attitude".
Appealing or sending a "What's up?" email is probably the first reaction and turns out to be a waste of time.
So then you've got to migrate your mailserver to somewhere that isn't blocked. Expensive and inconvenient...and of course always occuring right when you least need it.
I don't like spam. I don't like spammers. I particularly don't like the cheeky bastards who spoof my domains as 'from' addresses to send spam. That said; I'm not a big fan of Spamhaus either. And for the record, I'm hung like a donkey.
Spamhouse has a lot of clout^H^Hwns
Spamhouse - the world's only circus without sawdust.
Oxymoron of The Day.
> I'd hate to put so much power to a body which clearly lacks ethical standards
That's exactly what the lone voice of reason in the CIA said about Osama Bin Laden in 1977.
Now in defense of Linford...
How can you defend the indefensible ???
Whether a twerp is playing music or playing God, a twerp is a twerp is a twerp.
It's not clear (from the story) why all the ISP customers were blacklisted.
From the story, A2B and it's customers were blacklisted over A2B's refusal to put a total block on German ISP Cyberbunker, which got it feed from A2B and in turn fed The Pirate Bay. Instead, A2B blocked the specific IP address that was responsible for the reported Spam. This was not good enough for Spamhaus as they wanted TPB shuttered. As soon as A2B completely blocked Cyberbunker, Spamhaus removed A2B from its blacklist.
As far as I can make out..
.. Spamhaus blacklisted the lot because the ISP didn't do as Spamhaus demanded.
If that is the case I'm rather disappointed in Spamhaus as it apparently sees no problem with affecting innocent parties with what it does. It takes the shine off their efforts and turns them into Net bullies - very disappointing indeed.
For those who claim they don't *have* to use Spamhaus ignores the fact that many draw their email via their ISP, and have thus no control over the use of Spamhaus.
I thus hope I misread this story. Anyone from Spamhaus care to comment?
If you run your own mailserver you control spam filtering
If you rely on your ISP mail server, either choose an ISP which allows you to customise spam filtering it or turn it off, or accept their best judgement for how to do it.
The spamhaus rule "ISP is responsible as well as the customer" is because previously the same old spammers would keep turning up on adjacent IP addresses/blocks under different names. This leads to guacamole. Sorry: Whack-a-mole. Spamhaus can only react because they have no visibility as to whether these are the same people as before until they begin spamming again. Indeed some ISPs took advantage of this to keep taking the same cusomers on purpose and feigning ignorance.
The ISP is in a position to know beforehand whether these are the same people running the same "business", therefore the ISP must bear responsibility.
Many tin foil hats here in relation to TPB.
>"This was not good enough for Spamhaus as they wanted TPB shuttered"
Where did you and the various other paranoids in this thread get any suggestion that this was because Spamhaus wants to shut down TPB from? Spamhaus wanted the whole of Cyberbunker disconnected because of one offending IP, but there's no evidence that their grudge is against TPB specifically; TPB was collateral damage along with whoever else Cyberbunker hosts.
The article mentioned that TPB is *a* Cyberbunker customer as a bit of background colour, but Spamhaus is not an MPAA/RIAA organisation and has no interest or other motive to target TPB; it's just coincidence that TPB is one of Cyberbunker's customers besides the spammer.
Cyberbunker has other customers too, but I don't see you claiming that it was those guys that Spamhaus wanted shuttered; you're making the mistake of picking the one single customer that happens to be relevant to *you* and imagining that they were relevant to Spamhaus, because you're projecting.
Thanks to Spamhaus I cannot run my own mailserver
Back in the day -after ISP email dropped some very expensive emails- I used to run my own desktop mailserver...that way the emails would either arrive, or I'd get an error message explaining why not.
Then Spamhaus decided to block email traffic from my ISP (and many others, it turns out). I did try to appeal at the time, but the response was essentially 'fuck you if you don't like it'. Very high handed treatment. Possibly they do some good; but there are genuine victims and I sympathise with the ISP in this case.
huh? So Spamhaus is now part of the anti torrenting crowd and is using its power as a email filtering resource to get its way??
Sequence of events seems to be
ISP provides service to TPB,
Spamhaus finds a offending host and informs ISP
ISP blocks offending host
Spamhaus blocks the whole ISP range until it stops giving services to TPB
Sounds a bit illegal to me. A bit like cutting off the water to a block of flats until the noisy neighbour in no. 32 leaves.
Spamhaus blocks nothing
I used to work for a company that was built around a well known European TLD and we took a lot of shit from Spamhaus. Whilst I agree that they are trying to provide a valued service, they have a puffed-up image of themselves and frequently act as Judge & Jury (or maybe Judge Judy?).
So, yup, let them carry on distributing their "lists", but for fuck sake, keep their ego´s in check and stop them behaving like some overweight vigilante with delusions of überpower. They can and DO make mistakes and are piss-poor at admitting/dealing with it.
(or maybe Judge Judy?).
More like Punch & Judy!
> So, yup, let them carry on distributing their "lists", but for fuck sake, keep their ego´s in check and stop them behaving like some overweight vigilante with delusions of überpower.
Well said! They sure as hell need their wings clipped!
Well done Spamhaus
This sounds like A2B wouldn't deal with the spam so Spamhaus added A2Bs IP ranges to the SBL. Simple as that.
That's how its supposed to work folks. Don't like it then deal with the spammer. Don't deal with the spammer and why should anyone deal with you?
A2B sound like utterly clueless fuckwits.
@ john RTFA
A2B BLOCKED the IP address (note SINGLE) that was identified by Spamhaus as sending the offending spam emails.
Spamhaus decided that wasn't good enough (who the fuck are they to judge) and demanded that the entire subnet be removed even thought there was NO EVIDENCE that any other IP within the range was being used to send spam.
That is outrageous and is certainly smacks of blackmail and it would seem Spamhaus (whether knowingly or not is unknown) are being used to stop TPB through "back door" methods.
Icon for John and Spamhaus
If you use spamhaus
You know that they take a particularly aggresive posture towards spammers and ISPs who either support spammers, or through inactivity allow them to continue. If you don't like that you don't use them. It means you get less spam but also more unduly rejected messages...
It's not really an issue of if you use Spamhaus, it's the fact that other people do.
If you get put on a Spamhaus BL then you can find your company/customers not being able to send/receive email from large parts of the Internet.
I have always been against spammers but blocking an entire subnet (at a mimum a /24 but could have been a /21 or even a /16) due to ONE IP address is WAY over the top. It's the classic using a sledgehammer to crack a nut.
In this instance A2B did nothing wrong, they blocked the offending IP address. However this did not appease Spamhaus who did, effectively, blackmail them into blocking the entire subnet. A totally disproportionate response.
"You know that they take a particularly aggresive posture towards spammers and ISPs who either support spammers, or through inactivity allow them to continue."
Spamhaus listed *the entirety of A2B's IP pool* because they refused to black hole *ALL* IP's from a single downstream client when *ONLY ONE* was responsible for sending spam, which was blocked by A2B appropriately.
This was Spamhaus strong-arming A2B into piping The Pirate Bay into /dev/null, and nothing more. It is a despicable practice, and I'd like to see people in jail for it.
I think we need a "Censorship" icon; BB doesn't fit here, but it's the closest available.
Ever watched an experienced teacher dealing with a devious spoiled brat?
"who the fuck are they to judge"
They are people with years and years experience dealing with Spammers.. they are just doing the stuff they know works.
A title is optional
"A2B BLOCKED the IP address (note SINGLE) that was identified by Spamhaus as sending the offending spam emails.
Spamhaus decided that wasn't good enough (who the fuck are they to judge) and demanded that the entire subnet be removed even thought there was NO EVIDENCE that any other IP within the range was being used to send spam."
Actually, that's not quite true. Spamhaus is aggressive, sure, but even Spamhaus is not THAT aggressive.
Those of us--and I'm sure there must be others of us among the El Reg commentards--who have been part of the spam and malware fighting community for a while are very aware of Cyberbunker. If you read the archives of the North American Network Operators' Group mailing lists or some of the antispam Usenet newsgroups, you'll be well aware that Cyberbunker has been a source of problems for years. I've seen emails from Cyberbunker admins from 2009 that complain about being blocklisted for spam and malware (usually in highly aggrieved, "how dare you tell us who we can and can't have on our networks; we don't care if people are spamming, it's income for us" tones).
This current spat is about one IP address, and so I can totally understand why people might incorrectly believe that means that Spamhaus blocklists entire IP ranges for one single incident. But this one IP address is the proverbial straw that broke the camel's back. Cyberbunker has been a source of ongoing problems for *years* before this. This last incident tipped Spamhaus into saying "enough."
It's impossible to give the full history in one news article (or even one comment in a news article). But if Spamhaus routinely blocklisted every ISP's entire IP range for every single one-off spam incident, they would no longer exist, because they would no longer be useful. Yes, this incident revolves around one IP address, but don't make the mistake of thinking that what has happened here is about one single spam incident that happened one single time. It's not.
> Spamhaus listed *the entirety of A2B's IP pool* because they refused to black hole *ALL* IP's
> from a single downstream client when *ONLY ONE* was responsible for sending spam,
Yep, that's the way they work, always have, always will. Reasons why have been well presented in other posts. I'm damn sure that it had nothing to do with TPB *except* that its no suprise that a Spam friendly downstream client was also associated with piracy.
Spamhaus don't block anything? What a load of....
Spamhaus are a bunch of self righteous tw*ts.
I have had numerous run-ins with them over the years and they have never failed to treat me with contempt and always leave me feeling like I want to smash someones pathetic face in.
I don't spam... in fact I hate spammers, but they don't seem to want to help the situation at all and they are downright obnoxious.
And at the very end of it they sit back and say "we aren't block your mail, play by our rules or go away".
Unfortunately LOTS AND LOTS of people around the world use Spamhaus whether they like it or not because some administrator has decided to subscribe to the Spamhaus feed and treat it as gospel.
Which means when they block your IP.... expect to see at least 40-50% reduction in message delivery, if not more.
I know for a fact that they are all evil b*stards because they once blocked a large international house hold name Charities e-mail server during a large campaign relating to a recent humanitarian disaster. I won't go into specifics but it wasn't the charities fault and it took something like 4 weeks before they finally removed the block.
"I know for a fact that they are all evil b*stards because they once blocked a large international house hold name Charities e-mail server during a large campaign relating to a recent humanitarian disaster. I won't go into specifics but it wasn't the charities fault and it took something like 4 weeks before they finally removed the block."
This will be the same charity that used various spam houses to get its campaigns for donations out then tried to blame the massive volumes of spam reports on the spam houses they had employed. They deserved being added to URIBLs and blacklists based upon the replies going back to thier servers even if the spam did not originate dircetly from their servers.
"I don't spam... in fact I hate spammers, but..."
Ahh yes, but.
This sort of phrasing is more traditionally seen in the classic "I'm not racist, but..."
Spam is spam...
....and I don't care whether it comes from the usual penis pill pushers or from a charity trying to raise awareness of their need for income, er sorry, I mean the need for disaster victims to be helped out.
If I want to help someone I will, but if they spam me then I won't be listening again, ever!
"they once blocked a large international house hold name Charities e-mail server during a large campaign relating to a recent humanitarian disaster"
Oh yes.. I remember reading about that when the charity got in touch with the press to put pressure on Spamhaus.
Err; well I don't actually; which is strange because large international charities are past masters at getting around obstructions, and certainly let everybody know if, for instance, a bank blocks donations etc.. But according to you they were so scared and intimidated by naughty little Spamhaus that they meekly complied.
Can I call BS now?
- Hi-torque tank engines: EXTREME car hacking with The Register
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...