One Last Spamhaus Warning Before The End

kog777 writes to mention that Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling. From the article: "According to Spamhaus, more than 650 million Internet users - including those at the White House, the U.S. Army and the European Parliament - benefit from Spamhaus' 'blacklist' of spammers that helps identify which messages to block, send to a 'junk' folder or accept. Losing the domain name would make it more difficult for service providers and others to obtain the lists. 'If the domain got suspended, it would be an enormous hit for the Net,' said Steve Linford, Spamhaus' chief executive officer. 'It would create an enormous amount of damage on the Internet.'"

The IP Address

[eldavojohn]

Spamhaus has released a final warning about an increase in junk email, as they prepare to lose their domain to an Illinois court ruling.

Ok, so we might be making a bigger deal of this than we should. I mean, after a simple ping:

Pinging www.spamhaus.org [216.168.30.71]:

Ping #1: Got reply from 216.168.30.71 in 79ms [TTL=57]
Ping #2: Got reply from 216.168.30.71 in 84ms [TTL=57]
Ping #3: Got reply from 216.168.30.71 in 79ms [TTL=57]
Ping #4: Got reply from 216.168.30.71 in 79ms [TTL=57]

Variation: 5.0ms (+/- 6%)

Doesn't that mean that for all applications referencing Spamhaus, they need to push out patches that use 216.168.30.71 instead of http://www.spamhaus.org/ [spamhaus.org] ?

I mean, if we can get the word out to 650 million Internet users to use IP address 216.168.30.71, what damage is done? It will just take a while for people to tell ICANN how stupid they are. Maybe this is a good thing? Maybe this will cause the community to complain about ICANN and the American control of the internet?

Re:Shoulda seen this coming...

[Bog Standard]

you mean spamhaus.org.uk

Re:Shoulda seen this coming...

[doctor_nation]

The #1 reason they didn't defend themselves is because they are a UK company and not under US jurisdiction. The #2 reason is that if they were to spend the money to defend themselves, they would open a precedent for any other spammer to sue them the same way. I think it's perfectly reasonable for a foreign company to ignore a US court order in this case. A US court can't order a spammer in Russia to stop spamming, so why should they be able to order a spam-blocker to stop blocking spam? The whole internation commerce thing is pretty fuzzy to me, so I don't really understand what a US court CAN do to a foreign company that sells its services to a US company.

From what I understand

[hsoft]

If they defend themselves, they open themselves to a "tidal wave of lawsuits by spammers". So it wasn't just a "Muahahah! You have no jusris-dick-tion here!", but it looks like a real legal strategy.

Re:Shoulda seen this coming...

[Bog Standard]

Of course the problems start when a US court has juristriction over the organisation (ICANN) that can do things to a foreigh organisation....

Re: The IP Address

[Jaseoldboss]

They could also get a .de name. Something beyond the jurisdiction of a US. Court.

Why would they want to do that? From the article;

Executives at the U.K.-based Spamhaus Project...

they are spammers, see here

[crayz]

Google groups [google.com]

(from http://www.spamhaus.org/legal/answer.lasso?ref=3 [spamhaus.org])

Re:Shoulda seen this coming...

[Anonymous Coward]

Soviet Russia "won" World War II in Europe. They lost the most soldiers and conquered the biggest amount of landmass. America was late, and far less involved than the USSR.

Re: The IP Address

[rudeboy1]

ICANN resides within the US and is thus governed by the laws here. This is one reason the global community has called for a change in the way ICANN is run. While I think that decentralizing our DNS system is looney, I think they should be open to a larger governing body.
Call me a hippie, but an OSS/community committee seems like the best answer.

Re:Damage is what USA does best

[andphi]

Quoth the poster: its not the wild west anymore

Ok, I'll bite. Firstly, which Wild West are we talking about? The Wild West of history or Hollywood?

The typical pattern of behavior in the Wild West went like this: Settlers move into new area, seeking either homesteads or easy money. If they were seeking homesteads, they were comparatively civilized, at least with their own ethnicities. If they were looking for easy money, more chaos and lawlessness ensued - Tombstone, Dodge City, etc. Hollywood liked to portray every little town as a Tombstone or Dodge City, but the incidence of violence was exaggerated to sell tickets. After all, who wants to watch John Wayne cut trees every day for a year?

Secondly, yes, it still is, at least to some degree. Each nation is bound only by treaties to which it consents to be bound. There is no over-arching body with the power or the authority to make or enforce laws to govern governments, except where the governed have entered willingly (i.e., the EU). Thus, by definition, nations co-exist in a state of quasi-lawlessness. Governments can abide by, abrogate, violate, or ignore treaties at will, and the deal with the consequences. Super-national bodies like the UN can pass resolutions all they want, but in the end, their enforcement powers are limited by the will and compliance of the governed. If you have any doubts about this, just observe the behavior of the North Korean government.

Link to the spammers website

[pembo13]

The fact that they seem to be purely a marketting firm with nothing better to put on their frontpage would be enough for me to manually blacklist them. They go as far as calling Spamhaus a secret organisation: http://www.e360insight.com/ [e360insight.com]

Re:Missing the underlying problem

[SCHecklerX]

There was a presentation at Blakhat and Defcon last year about this subject. The fact is that there *ARE* groups who actually do use SPAM to transmit covert messages.

Re:Minor nit-pick.

[Daemonstar]

Along the same lines, mail admins can choose to permit even blocked (listed) addresses through. Whitelists work the same way as blacklists; if users have problems with sites being blocked, they can always be whitelisted. If not, then that is an issue with the ISP or main administration (or perhaps company policy). Ultimately, it's not Spamhaus' fault for any blocking, but for mail administrators choosing to not receive certain e-mail.

BULLSHIT

[macdaddy]

I call BULLSHIT. If they had defended themselves in a US court that would have legitamized the US jurismydicktion of the matter, thus opening Steve and Spamhaus to challenges from ANY court in the WORLD. This is a very simple concept that apparently you do not get. Alan? Alan Ralsky, is that you? Eddy? Could it be you?

From their own mouth

[Anonymous Coward]

e360 commited purjury in court. They even admit to it - Spamhaus is UK based, but they claim it to be operating in America. Check out the site: http://www.e360insight.com/ [e360insight.com]

PS. Wouldn't hurt my feelings if, oh, 10,000 slashdot users hit the site with wget -r running as 10 separate subprocesses...this fucktard needs a serious hit from several thousand people with a cluestick, maybe he might get the point and back the hell off if the internet dumped their entire bandwidth down his pipe...

Re:Now,now

[Anonymous Coward]

Also:

while true; do curl -s -N -o /dev/null http://www.e360insight.com/ [e360insight.com]; echo -n "."; done

Re:Minor nit-pick.

[tinkerghost]

I have a static IP. For whatever reason, it is listed as a Dynamic IP.

Oh, I know this one.
Whoever your ISP is, gets their IP addresses in blocks, which they designate as Dynamic. Certain subnets get marked as static - and are generally reserved for loops - T1 etc. When you get a 'static' IP address from your ISP, they create a DHCP block for you with only 1 IP address in it. So your 'static' IP address is really a 'dynamic' IP address drawn from a pool of 1 possibility.

Re: The IP Address

[Sycraft-fu]

Depends on the domain name. The UK has authority over .uk domains and subdomains. Most of the non-country domains (like .com .net and .org) are administered by US entities and thus subject to US law. However the country codes are administered by the countries they are assigned to and thus not. You'll discover that because of that, how different TLDs work varies greatly. .com requires that you have contact information, but you have have it be that of your hosting company, they can be a proxy for you in essence, and will sell to anyone. .ca requires real hosting information, and also only will sell to you if you are a Canadian citizen. .to does not maintain any kind of contact database at all, and is open to registration by anyone.

In this case we are talking about a .org domain. I don't remember who it is that controls it, but it is a US company and thus has to listen to the rulings.

mixed...

[Anonymous Coward]

On one hand you have an email marketer such as e360... I would bet the last piece of wood from the farm that this guy does spam and doesn't maintain real opt-in opt-out lists. Then again most spam in the world is sent via worm or hacker pown-ing a machine anyways of which this e360 insight probably has a few people working for them that can do that. BTW this firm has a contact form with out a captcha so bot away at!

On the other hand you have spamhaus which isn't exactly an attentive understanding organization either. My colocated machine used to be in one of their blocks of blocked IPs. There is nothing they will do. They blame the data center people and the data center people say they have been trying for a year to get spamhaus to listen. Infact one email exchange with Spamhaus they told me to please go walk infront of a bus.

So this definately is a sticky situation I am happy to see the PUNKS at spamhaus get their upcommings but not at the price of having a marketer winning a case. You know maybe if Spamhaus would stop being arrogant prickies and show up at court maybe the case would have gone the other way. The whole famous story of the woman who sued McDonalds over hot coffee spillage was won simply cause McDonalds was arrogant and laughed at the woman.

Personally I have had better results using other lists, here is a typical logwatch:

Messages rejected using Anti-Spam site 1959 Time(s)
bl.spamcop.net identified 124 spam messages
cbl.abuseat.org identified 1817 spam messages
dnsbl.njabl.org identified 18 spam messages

Once I put on the abuseat.org spam dropped considerably and no customer complained of mail not getting through.

Just my $0.02
Rob

Re:so-- by your logic

[Impy the Impiuos Imp]

As long as it isn't leeching into the air or water or whaver and getting into the US, then no, the US is without recourse because the Canadians can do whatever the hell they want with their land.

And if it did leech, that would be a case for existing or future negotiations, with threats of military action a last resort (and one of pracical considerations as well -- is it worth it, is success likely, etc.)

Re:Minor nit-pick.

[undercanopy]

that's rarely an issue. the dns of your server doesn't need to match the domainname on your outgoing email. Most places jsut require that there be ANY rdns on an ip. Some get so specific as to check that the Rdns matched the server HELO, and others make sure that the reverse name resolved to the IP in the reverse.

requiring the domain on the email to match any of those is just plain silly and i've never, ever seen evidence of this.

Re: The IP Address

[Russ Nelson]

You mean like spamhaus.org.uk ?

Spamhaus is popular *because* they're good

[billstewart]

Spamhaus is popular because they run a good, well-maintained list, and are very conservative about only putting people on there who belong there, and not doing the heavy-collateral-damage approach that some other lists do. Additionally, they're focused on taking the big high-volume spammers and tracking them down, as opposed to blocking the ISP of every zombie out there.
They can and presumably do make mistakes, but they're about the best out there.

Most ISPs need more protection that just burning CPU on Spamassassin - diverting obviously untrustable email at the SMTP handshake instead of accepting the message is pretty critical, and the way the SMTP protocols work, if you refuse the message then, any correctly-configured legitimate email sender will get feedback, as opposed to if you accept the message and then dump it. (You can do milter-things to process the message body before accepting the message, but there are enough known-bad sources that you can kill before they get that far that it saves you a lot of CPU and transmission.)

Simply greylisting mail kills off a surprising fraction of spam, including mail from most zombies and most of the unused-address-space-BGP-hacking senders. You could certainly use Spamhaus, and for that matter just about any RBL, to drive a greylist harder (e.g. 1 hour delay for listed sites, 5 minutes for unknowns.)

Re:Minor nit-pick.

[damium]

Actually it has more to do with DNS, the lists based on static/dynamic have several methods of checking on addresses before they are listed as dynamic most of them are based on DNS lookups. If your address has no RDNS it is likely going to be listed. If your address has an RDNS of dhcp-ip-ip-ip-ip.yourisp or ip-ip-ip-ip.yourisp it will be listed. An RDNS of static-ip-ip-ip-ip.yourisp will not be listed, usually anyway. Other non-address based RDNS also usually lands you in the clear. A list can't check to see if you are on DHCP or not unless your ISP publishes that kind of information but the RDNS name gives most people a clue about what kind of IP they are dealing with.

Re:I will explain this because I'm tired of this a

[Panoramix]

I think you should wait before changing anything. I don't think spamhaus.org.uk, or any other name besides spamhaus.org, will ever resolve the Spamhaus RBLs.

From Spamhaus' response [spamhaus.org] to the proposed order (proposed, people, by the spammer's counsel, no judge has ordered ICANN anything), it seems they'll intend to contest this. They mention they don't think that ICANN suspending them can actually happen, for reasons I in fact agree with (go read them at their site). They also mention that "one U.S. government agency has begun working on a response."

However, if worse comes to worst, they probably won't switch to any other domain name. They state: "... if Spamhaus gets around the court order by switching domain to maintain the blocking, the judge would very likely then rule us in criminal contempt. We don't want a criminal record for the sake of fighting spam. We normally help fit the spammers with criminal records, not the other way round."

Which I read as, if this order is enforced, and ICANN caves in and all that, there will be no more Spamhaus, period.

Which would really piss me off. The whole episode already already seems like a bad dream to me. To see Spamhaus destroyed by some spammer scum would be just depressing. One thing's for certain, though: it'll be a cold day in hell before any site I manage will exchange traffic with this spammer.