The Spamhaus Project
real-time DNS blocklists | |
Employees | 38 (as of March 2013)[1] |
---|---|
Website | www |
The Spamhaus Project is an international organisation based in the
Anti-spam lists
The Spamhaus Project is responsible for compiling several widely
Spamhaus distributes the lists in the form of DNS-based blacklists (
The Spamhaus Block List index of known spammers.
The Exploits Block List [10] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, virus-infected PCs & servers and other types of trojan-horse exploits." That is to say it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes information gathered by Spamhaus as well as by other contributing DNSBL operations such as the Composite Blocking List (CBL).
The Policy Block List
The Domain Block List
The Botnet Controller List[13] was released in June 2012 and is a list of IP addresses. It lists IP addresses of which Spamhaus personnel believe to be operated by cybercriminals for the exclusive purpose of hosting botnet Command&Control infrastructure. Such infrastructure is commonly used by cybercriminals to control malware infected computers.
The Composite SnowShoe List[14] is an automatically produced dataset of IP addresses that are involved in sending low-reputation email. Listings can be based on HELO greetings without an A record, generic looking rDNS or use of fake domains, which could indicate spambots or server misconfiguration. CSS is part of SBL.
The Spamhaus white list[15] was released in October 2010 and was a whitelist of IPv4 and IPv6 addresses. This list was intended to allow mail servers to separate incoming email traffic into 3 categories: good, bad, and unknown. Only verified legitimate senders with clean reputations were approved for whitelisting and there were strict terms to keeping a Spamhaus Whitelist account.
The domain white list
Spamhaus also provides two combined lists. One is the SBL+XBL[16] and the second is called "zen" and stylized in all caps,[17] which combines all the Spamhaus IP address-based lists.
Register of known spam operations
The Spamhaus register of known spam operations is a database of spammers and spam operations who have been terminated from three or more ISPs due to spamming. It contains publicly sourced information about these persons and their domains, addresses and aliases.[18]
This database allows ISPs to screen new customers, ensuring that listed spammers find it difficult to get hosting.[19]
There is a special version available to law enforcement agencies, containing data on hundreds of spam gangs, with evidence, logs and information on illegal activities of these gangs considered too sensitive to publish in the public part of ROKSO.
Don't route or peer list
The Spamhaus DROP("don't route or peer") List is a text file delineating
Companies
The Spamhaus Group consists of a number of independent companies which focus on different aspects of Spamhaus anti-spam technology or provide services based around it. At the core is the Spamhaus Project SLU,[22] a not-for-profit company based in Andorra which tracks spam sources and cyber threats such as phishing, malware and botnets and publishes free DNSBLs. Commercial services are managed by a British data delivery company Spamhaus Technology Ltd.,[23] based in London UK which manages data distribution services for large scale spam filter systems.
Awards
- National Cyber Forensics Training Alliance 2008 Cyber Crime Fighter Award [24]
- Internet Service Providers Association's Internet Hero of 2003 Award[25]
- Greatest Contribution to anti-spam in the last 10 years presented to Spamhaus by Virus Bulletin Magazine.[26]
Conflicts
e360 lawsuit
In September 2006, David Linhardt, the
Following the default ruling in its favour, e360 filed a motion to attempt to force ICANN to remove the domain records of Spamhaus until the default judgement had been satisfied.[28] This raised international issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names,[32][33] and ICANN protested[34] that they had neither the ability nor the authority to remove the domain records of Spamhaus, which is a UK-based company. On 20 October 2006, Judge Kocoras issued a ruling denying e360's motion against ICANN, stating in his opinion that "there has been no indication that ICANN [is] not [an] independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case", because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e., Spamhaus' refusal to satisfy the default judgement] neither will we impose a sanction that does not correspond to the gravity of the offending conduct".[35][36]
In 2007, Chicago law firm
Following the successful Appeal by
Both parties appealed, but e360's case for increasing the damages was sharply criticized by Judge Richard Posner of the Seventh Circuit: "I have never seen such an incompetent presentation of a damages case," Posner said. "It's not only incompetent, it's grotesque. You've got damages jumping around from $11 million to $130 million to $122 million to $33 million. In fact, the damages are probably zero."[39] and for a second time the Court of Appeals vacated the damages award.
Finally, on 2 September 2011 the Illinois court reduced the
In the course of these proceedings, in January 2008 e360 Insight LLC filed for bankruptcy and closed down, citing astronomical legal bills associated with this court case as the reason for its demise.[41]
Spamhaus versus nic.at
In June 2007, Spamhaus requested the national
Blocking of Google Docs IPs
In August 2010, Spamhaus added some Google-controlled IP addresses used by Google Docs to its SBL spam list, due to Google Docs being a large source of uncontrolled spam. Google quickly fixed the problem and Spamhaus removed the listing. Though initially wrongly reported by some press to be IPs used by Gmail, later it was clarified that only Google Docs was blocked.[45]
CyberBunker dispute and DDoS attack
In March 2013,
Spamhaus alleged that CyberBunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, was behind the attack; CyberBunker did not respond to the BBC's request for comment on the allegation;[55] however, Sven Olaf Kamphuis, the owner of CyberBunker, posted to his Facebook account on 23 March "Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project 'spamhaus.org,' which thinks it can dictate its views on what should and should not be on the Internet."[48] According to The New York Times Kamphuis also claimed to be the spokesman of the attackers, and said in a message "We are aware that this is one of the largest DDoS attacks the world had publicly seen", and that CyberBunker was retaliating against Spamhaus for "abusing their influence". The NYT added that security researcher Dan Kaminsky said "You can’t stop a DNS flood ... The only way to deal with this problem is to find the people doing it and arrest them".[50]
The attack was attributed by network engineers to an anonymous group unhappy with Spamhaus,[50] later identified by the victims of the attack as Stophaus,[48] a loosely organized group of "bulletproof spam and malware hosters".[57]
On 26 April 2013, the owner of CyberBunker, Sven Olaf Kamphuis, was arrested in Spain for his part in the attack on Spamhaus. He was held in jail for 55 days pending extradition to the Netherlands, was released pending trial, and was ultimately found guilty and sentenced to 240 days in jail, with the remaining days suspended.[58][59]
The arrest of ‘Narko’: The British National Cyber Crime Unit revealed that a London schoolboy had been secretly arrested as part of a suspected organised crime gang responsible for the DDoS attacks.[60] A briefing document giving details of the schoolboy's alleged involvement states: "The suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies."
Ames v. The Spamhaus Project Ltd
In 2014, Spamhaus was sued by California-based entrepreneurs Craig Ames and Rob McGee, who were involved with a bulk email marketing services business, initially through a US corporation called Blackstar Media LLC, and later as employees of Blackstar Marketing, a subsidiary of the English company Adconion Media Group Limited, which bought Blackstar Media in April 2011. Although an initial motion by Spamhaus to strike out the claims failed,[61] they ultimately prevailed when the claimants dropped their case and paid Spamhaus' legal costs.[62]
See also
- Anti-spam techniques (email)
- Brian Haberstroh
- Comparison of DNS blacklists
- news.admin.net-abuse.email
- SpamCop
References
- ^ "About The Spamhaus Project". The Spamhaus Project. Archived from the original on December 14, 2021. Retrieved March 26, 2013.
- ^ "Cyberattack on anti-spam group Spamhaus has ripple effects". CBS News. Archived from the original on 17 May 2022. Retrieved 1 March 2014.
- ^ "Dutchman arrested over huge web attack". BBC News. 26 April 2013. Archived from the original on 17 May 2022. Retrieved 1 March 2014.
- ^ a b Arthur, Charles (19 October 2006). "Can an American judge take a British company offline?". The Guardian. Archived from the original on 17 May 2022. Retrieved 1 March 2014.
- ^ "DNSBL Fair Use Policy". The Spamhaus Project. Archived from the original on 2024-04-11. Retrieved 2024-04-17.
- ^ "Spamhaus Datafeed". spamhaus.org. Archived from the original on 2022-07-30. Retrieved 2019-02-12.
- ^ "Understanding DNSBL Filtering". spamhaus.org. Archived from the original on 2019-01-03. Retrieved 2019-02-12.
- ^ "Spamhaus Block List (SBL)". spamhaus.org. Archived from the original on 2019-02-14. Retrieved 2019-02-12.
- ^ Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. Archived from the original on 2019-02-19. Retrieved 2019-02-12.
- ^ "Spamhaus Exploits Block List (XBL)". spamhaus.org. Archived from the original on 2019-02-16. Retrieved 2019-02-12.
- ^ "Spamhaus Policy Block List (PBL)". spamhaus.org. Archived from the original on 2019-02-17. Retrieved 2019-02-12.
- ^ "Spamhaus Domain Block List (DBL)". spamhaus.org. Archived from the original on 21 December 2021. Retrieved 5 July 2013.
- ^ "Spamhaus Botnet Controller List (BCL)". spamhaus.org. Archived from the original on 26 August 2020. Retrieved 18 June 2014.
- ^ "Composite Snowshoe (CSS)". spamhaus.org. Archived from the original on 2022-01-06. Retrieved 2022-01-06.
- ^ a b "Spamhaus White List (SWL)". spamhaus.org. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
- ^ Linford, Steve. "How do I use the SBL?". The Spamhaus Project website. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
- ^ "Spamhaus ZEN". spamhaus.org. Archived from the original on 2019-02-16. Retrieved 2019-02-12.
- ISBN 978-1-4493-9056-3.
- ISBN 978-1-4919-1379-6.
- ^ ISBN 978-1-4200-6710-1.
- ^ "Frequently Asked Questions (FAQ)". spamhaus.org. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
- ^ "Spamhaus Organization FAQ". spamhaus.org. Archived from the original on 2021-04-20. Retrieved 2021-06-18.
- ^ "Spamhaus Technology Ltd". spamhaus.org. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
- ^ "NCFTA Award". The Spamhaus Project. 29 September 2008. Archived from the original on 13 February 2019. Retrieved 12 February 2019.
- ^ Sherriff, Lucy (20 February 2004). "Spamhaus crowned Internet heroes of 2003". The Register. Archived from the original on 13 July 2013. Retrieved 5 July 2013.
- ^ "MXTools' Partner Spamhaus Receives Prestigious Virus Bulletin VBSpam Award". Prweb.com. Archived from the original on 2013-07-06. Retrieved 2013-07-05.
- ^ Leyden, John (2006-10-10). "Spamhaus fights US court domain threat". The Register. Archived from the original on 2007-01-28. Retrieved 2007-02-04.
- ^ a b Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Archived from the original on 27 July 2013. Retrieved 5 July 2013.
- ^ "MP calls for suspension of judge in Spamhaus case". Computeractive. 2006-10-10. Archived from the original on 2012-03-30. Retrieved 2011-03-23.
- CNET News.com. Archivedfrom the original on 2019-02-13. Retrieved 2019-02-12.
- ^ "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006 (PDF version of Proposed Order)" (PDF). The Spamhaus Project website. 2006-10-06. Archived (PDF) from the original on 2018-05-27. Retrieved 2019-02-12.
- ^ Linford, Steve. "Responds here". The Spamhaus Project website.(No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily Archived 2007-09-27 at the Wayback Machine, Spammer Cajoles ICANN To Ban Spamhaus Archived 2006-10-17 at the Wayback Machine, Groups.google.com Archived 2008-05-24 at the Wayback Machine, highspeed and Groups.google.com Archived 2012-11-04 at the Wayback Machine, abuse.email as of 2007-02-04.)
- ^ Carvajal, Doreen (2006-10-16). "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times. Archived from the original on 2007-03-11. Retrieved 2007-02-04.
- ^ "Spamhaus Litigation Update". ICANN. 2006-10-10. Archived from the original on 2007-01-25. Retrieved 2007-02-04.
- ^ "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006 (signed version of denial without prejudice of Plaintiffs' motion [26] for a rule to show cause)" (PDF). ICANN. 2006-10-20. Archived (PDF) from the original on 2007-01-15. Retrieved 2007-02-04.
- ^ "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". Cheaphostingdirectory.com. 2006-10-30. Archived from the original on 2007-09-29. Retrieved 2006-02-04.
- ^ Masnick, Mike (16 June 2010). "Spammer's $11 Million Win Against Anti-Spammer Spamhaus, Reduced To $27,000". techdirt.com. Archived from the original on 22 June 2010. Retrieved 23 November 2010.
- ^ "Case 1:06-cv-03958 - Document 242 - Filed 06/11/10" (PDF). Retrieved 3 April 2013.
- ^ " Appeals judges berate spammer for "ridiculous," "incompetent" litigation" Archived 2017-02-27 at the Wayback Machine, Timothy B. Lee, June 14, 2011, artechnica.com
- ^ Jenkins, Quentin (5 September 2009). "Spamhaus Victory in Final Appeal in E360 Case". The Spamhaus Project. Archived from the original on 3 May 2014. Retrieved 5 July 2013.
- ^ "e360 Has Gone Bust". Newsgroup: news.admin.net-abuse.email. Archived from the original on 2012-11-07. Retrieved 2009-05-06.
- ^ a b c "Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at Nic.at". spamhaus.org. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
- ^ a b "Spamhaus.org setzt Österreichs Domainverwaltung unter Druck" (in German). heise.de. 19 June 2007. Archived from the original on 1 July 2007. Retrieved 22 July 2007.
- 'The DNS providers of the domains deleted the domain entries.'
- ^ "Spamhaus: We Blocked Google Docs Not Gmail". Softpedia. 20 August 2010. Archived from the original on 22 August 2010. Retrieved 21 August 2010.
- ^ "Open DNS Resolver Project". Archived from the original on 2013-03-27. Retrieved 28 March 2013.
- ^ "Deep Inside a DNS Amplification DDoS Attack" (blog). CloudFlare. 30 October 2012. Archived from the original on 28 March 2013. Retrieved 28 March 2013.
- ^ a b c Eric Pfanner; Kevin J. O'Brien (29 March 2013). "Provocateur Comes Into View After Cyberattack". The New York Times. Archived from the original on 30 March 2013. Retrieved 30 March 2013.
- ^ "Spamhaus' Blackmail War". CyberBunker. Archived from the original on 22 June 2013. Retrieved 23 June 2013.
- ^ a b c d Markoff, John; Nicole Perlroth (27 March 2013). "Firm Is Accused of Sending Spam, and Fight Jams Internet". The New York Times. Archived from the original on 28 March 2013. Retrieved 27 March 2013.
- ^ "The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)" (blog). CloudFlare. 20 March 2013. Archived from the original on 27 March 2013. Retrieved 27 March 2013.
- ^ P. Ferguson; D. Senie (May 2000). "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing". The Internet Engineering Task Force (IETF). Archived from the original on 27 February 2010. Retrieved 28 March 2013.
- ^ John Markoff; Nicole Perlroth (27 March 2013). "Attacks Used the Internet Against Itself to Clog Traffic". The New York Times. Archived from the original on 28 March 2013. Retrieved 28 March 2013.
- ^ Nichole Perlroth (29 March 2013). "Devices Like Cable Boxes Figured in Internet Attack". The New York Times. Archived from the original on 30 March 2013. Retrieved 30 March 2013.
- ^ a b "Global internet slows after 'biggest attack in history'". BBC. 27 March 2013. Archived from the original on 31 May 2018. Retrieved 20 June 2018.
- ^ "The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)" (blog). CloudFlare. March 20, 2013. Archived from the original on March 27, 2013. Retrieved March 27, 2013.
- ^ KrebsOnSecurity (13 May 2013). "Conversations with a Bulletproof Hoster, STOPhaus v Spamhaus". Krebs on Security. Archived from the original on 9 June 2013. Retrieved 24 June 2013.
- ^ Nicole Perlroth (26 April 2013). "Dutch Man Said to Be Held in Powerful Internet Attack". The New York Times. Archived from the original on 27 April 2013. Retrieved 15 May 2013.
- ^ Paganini, Pierluigi (November 16, 2016). "Hacker behind Spamhaus attack will not spend any time in the jail". Security Affairs. Archived from the original on April 17, 2024. Retrieved April 17, 2024.
- ^ Martin Bentham (26 September 2013). "London schoolboy secretly arrested over 'world's biggest cyber attack'". London Evening Standard. Archived from the original on 26 September 2013. Retrieved 26 September 2013.
- ^ "Ames & anor v The Spamhaus Project Ltd & anor, Reference [2015] EWHC 127 (QB)" (PDF). 5rb.com. 27 January 2015. Archived (PDF) from the original on 25 October 2016. Retrieved 25 October 2016.
- ^ Linford, Steve (12 June 2015). "Case Dismissed: Ames & McGee v The Spamhaus Project". The Spamhaus Project website. Archived from the original on 25 October 2016. Retrieved 25 October 2016.
External links