The Spamhaus Project

From Wikipedia, the free encyclopedia

The Spamhaus Project is a completely volunteer effort founded by Steve Linford in 1998 that aims to track e-mail spammers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German expression for an ISP or other firm which spams or willingly provides service to spammers.

Contents 1 Spamhaus DNSBLs 2 Registry of Known Spam Operations 3 Don't Route Or Peer List 4 e360 Lawsuit 5 See also 6 References 7 External links

[edit] Spamhaus DNSBLs

Spamhaus is responsible for three widely-used anti-spam DNSBLs — the Spamhaus Block List (SBL), the Exploits Block List (XBL), and the Policy Block List (PBL). Many internet service providers and other Internet sites use these free services to reduce the amount of spam they take on. The SBL, XBL and PBL collectively protect over 500 million e-mail users, according to Spamhaus' web page (December 2006). Like most DNSBLs, their use is controversial.

The Spamhaus Block List (SBL)^[1] targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services^[2]. The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below.

The Exploits Block List (XBL)^[3] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by two contributing DNSBL operations — the Composite Blocking List (CBL) and the Not Just Another Bogus List (NJABL) lists.

The Policy Block List (PBL)^[4] is a Dialup Users List, it tries to list all dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections'. Much of the data is provided to Spamhaus by the owners (ISPs) of the IP address space. It is similar to the original MAPS DUL, the former Wirehub/Easynet Dynablocker (discontinued 2003-12-01^[5], and the continuation of the Dynablocker at NJABL and SORBS.

Spamhaus's DNSBLs are offered as a free public service to mail server operators on the Internet. ISPs and other large sites doing large numbers of queries can also sign-up for an rsync-based feed of these DNSBLs, which Spamhaus calls its Data Feed^[6], at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list^[7], and they must also pass a background check to make sure they do not knowingly or intentionally provide services to spammers.

Spamhaus also provides two combined DNSBL lists. One is the SBL+XBL^[8], which allows users to query sbl-xbl.spamhaus.org once and get return codes from both lists. A newer combination is called ZEN^[9] (named after founder Linford's dog), which allows users to query zen.spamhaus.org once and get return codes from the SBL+XBL and the newer PBL.

[edit] Registry of Known Spam Operations

The Spamhaus Registry of Known Spam Operations (ROKSO)^[10] is a database of "hard-core spam gangs" -- spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly-sourced information about these persons and their business and at times criminal activities.

As Spamhaus operates in the United Kingdom, it is subject to the Data Protection Act which restricts its ability to publish private information legally. For this reason, ROKSO publishes only information gathered from public sources such as newspapers, court records, incorporation filings, and other public records. Spamhaus also keeps additional information on spammers for disclosure only to law enforcement agencies.

[edit] Don't Route Or Peer List

The Spamhaus Don't Route Or Peer (DROP) List^[11] is a text file delineating so-called "zombie" (stolen) CIDR blocks and netblocks which are "totally controlled by spammers or 100% spam hosting operations", as shown by SBL listings, with the numbers of the underlying listings as comments. It is intended not to include netblocks registered to ISPs and sublet to spammers, but only those blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to block network traffic from and to those blocks.

[edit] e360 Lawsuit

In September 2006 an American spammer named David Linhardt, operating as "e360 Insight LLC", sued Spamhaus for blacklisting his website. Spamhaus initially succeeded in moving the case from state to federal court, but then stopped defending itself against the lawsuit, because it is based in the United Kingdom and outside the jurisdiction of United States courts^[12][13]. The American court awarded e360 $11,715,000 in damages^[14][15], and Spamhaus announced that they would ignore the judgment. e360 attempted to force ICANN to remove the domain records of Spamhaus^[16]. This raised issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names^[17][18], and ICANN protested^[19] that they had neither the ability, nor the authority, to remove the domain records of Spamhaus, which is a UK-based not-for-profit organization. On 2006-10-20, Judge Charles Kocoras signed a statement that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment^[20][21].

[edit] See also

• Comparison of DNS blacklists
• SpamCop
• E-mail spam
• Anti-spam techniques (e-mail)
• news.admin.net-abuse.email

[edit] References

1. ^ Spamhaus Block List (SBL)
2. ^ Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. http://www.spamhaus.org/sbl/policy.html Retrieved 2007-02-04.
3. ^ Spamhaus Exploits Block List (XBL)
4. ^ Spamhaus Policy Block List (PBL)
5. ^ easynet.nl abuse handling dept. "dynablocker.html". Easynet.nl website. http://basic.wirehub.nl/dynablocker.html Retrieved 2007-02-04.
6. ^ Spamhaus Data Feed
7. ^ Spamhaus's top ten worst spam service ISPs list
8. ^ Linford, Steve. "How do I use the SBL?". The Spamhaus Project website. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#11 Retrieved 2007-02-04.
9. ^ Spamhaus ZEN
10. ^ Spamhaus Registry of Known Spam Operations (ROKSO)
11. ^ The Spamhaus Don't Route Or Peer List (DROP)
12. ^ Leyden, John. "Spamhaus fights US court domain threat". The Register. 2006-10-10. http://www.theregister.co.uk/2006/10/10/spamhaus_domain_threat/ Retrieved 2007-02-04.
13. ^ Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=1 Retrieved 2007-02-04.
14. ^ Evers, Joris. "Spam fighter hit with $11.7 million judgment". CNET News.com. 2006-09-14. http://news.com.com/Spam+fighter+hit+with+11+million+judgment/2100-7350_3-6116009.html Retrieved 2007-02-04.]
15. ^ "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006". The Spamhaus Project website. http://www.spamhaus.org/archive/legal/e360/kocoras_order_6_10.pdf 2006-10-06. Retrieved 2007-02-04. (PDF version of PROPOSED ORDER)
16. ^ Linford, Steve. "Court Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=3 Retrieved 2007-02-04.
17. ^ Linford, Steve. "responds here". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=4 (No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily, Spammer Cajoles ICANN To Ban Spamhaus, http://groups.google.com/group/can.internet.highspeed/msg/d7fd46181af17980, and http://groups.google.com/group/news.admin.net-abuse.email/msg/384a3cb77617a762 as of 2007-02-04.)
18. ^ Carvajal, Doreen. "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times. 2006-10-16. http://www.nytimes.com/2006/10/16/technology/16spam.html?ex=1318651200&en=cd20af3993bc7480&ei=5090&partner=rssuserland&emc=rss Retrieved 2007-02-04.
19. ^ "Spamhaus Litigation Update". ICANN. 2006-10-10. http://www.icann.org/announcements/announcement-10oct06.htm Retrieved 2007-02-04.
20. ^ "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006". ICANN. 2006-10-20. http://www.icann.org/legal/spamhaus/denial-proposed_order-19oct06.pdf Retrieved 2007-02-04. (signed version of denial without prejudice of Plaintiffs’ motion [26] for a rule to show cause)
21. ^ "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". Cheap Web Hosting Directory. 2006-10-30. http://www.cheaphostingdirectory.com/news-domain-firm-tucows-and-icann-win-spamhaus-litigation-2513.html Retrieved 2006-02-04.

[edit] External links

• The Spamhaus Project website

v • d • e This article is part of the Spamming series.
E-mail spam	DNSBL • Spamhaus • Anti-spam techniques • Spambot • Address munging • SORBS E-mail authentication • Directory Harvest Attack • SpamCop • Dictionary spamming
Spamdexing	Google bomb • Keyword stuffing • Cloaking • Link farm • Web ring Referer spam • Blog spam • Spam blogs
Telemarketing	Autodialer • Mobile phone spam • VoIP spam
Scams	Phishing • Advance fee fraud • Lottery scam • Make money fast • Pump and dump
Misc.	Messaging spam • Newsgroup spam • Flyposting History of spamming • Network Abuse Clearinghouse