* Posts by tmortimer

1 post • joined 14 Aug 2010

Rise in Latvian botnets prompts Spamhaus row


Rude, but right

I'm one of the Spamhaus researchers that supposedly doesn't give their last names. :-) I usually avoid public comment, but after reading this article, decided to delurk. For the record, the following is my personal point of view; I am not speaking for Spamhaus.

I wasn't involved in the microlines.lv SBL listings. Nonetheless, when we received the broadside from nic.lv, I read it and winced. I wish that my colleague had not lost his temper. However, after reviewing the SBL listings involved and all of the correspondence, I think that except for the somewhat intemperate language, my colleague was completely justified in the actions he took and the SBL listings that he opened. I also suspect that I might not have been able to hold my tongue in face of statements that appear to me to assert that this ISP has the right to expect the rest of the Internet to accept its email despite its utter failure to deal with the abuse on its network.

I have occasionally lost my temper when communicating with with lax or abusive ISPs and web hosting companies. Most of them had tolerated considerably *less* abuse than the Latvian ISP and hosts of microlines.lv did, and had ignored warnings for a considerably shorter period of time. Further, most of them had their Whois records in order, making it possible to determine accurately who owned the abused IPs and who was the upstream provider responsible for abuse on those IPs.

Nic.lv and the host were seriously deficient in their management of abuse issues on this network. As a result, innocent internet users were recipients of significant quantities of criminal spam, and some were probably infected by the malware spread by that spam and hosted on these IPs. Since they would not deal with the problems that their users were causing, their IPs were rightly blocked to protect as many Spamhaus users as possible, until they dealt with the problem.

I hope that we do a better job in the future of keeping the tone our communications professional. However, organizations that ignore complaints while criminal spammers and malware distributors take over their network *should* face SBL listings of their IP space. They do not have the right to expose the rest of us to that level of abuse. And if they attempt to assert such a "right", they should expect to be told that there is no such right, and that they need to keep a reasonably clean network if they are to expect others to communicate with them.



Biting the hand that feeds IT © 1998–2017