On Futureproofing Spamhaus 146
BMcWilliams writes "Spamhaus director Steve Linford announced a new funding plan Tuesday. According to Linford's announcement, large ISPs and big corporate users of the Spamhaus zone transfer service (renamed the Spamhaus Data Feed Service) will be required to pay an annual subscription fee ranging between $190 and $14,500.(The free public-query mirrors will continue to exist.) The point of the new plan is to ensure that 'the millions of users who rely on our anti-spam systems can be assured we'll be here for as long as spammers plague the Internet'."
email (Score:2, Funny)
No Need (Score:3, Funny)
Bleck. (Score:2, Interesting)
Re:Bleck. (Score:2)
If you don't have to deal with spam, you will someday. And you're paying cents for the benefit of everyone. You pay for a lot of things you don't use, this won't be the first.
Re:Bleck. (Score:5, Insightful)
Heh... I love it, it shows that not too many folks understand about how Spamhaus operates, and may be relying on distant memories of the Mail Abuse Prevention System (MAPS). Both organizations, Spamhaus and MAPS, have operated on a free-to-all, volunteer-run system, accepting donations where they could be had to fund themselves. Back in July 2001, MAPS moved to a fee-based for all (except for educational and single operator systems, which could sign a waiver and have free access) model, while Steve Linford kept MAPS in its free-for-all state, where it continues to operate today.
However, several large users, including world governments, have voiced their opinions that they love what Spamhaus has done, however, how can they rely on a free service that may not be in operation in a year or two due to legal shenanigans like what Richter is pulling against Spamcop??
That, in a nutshell, is what's happening here. No one has ever paid to use Spamhaus other than through voluntary contributions. This changes nothing, the blocklist service and website will still remain free to all comers, and those that have large userbases that want to depend on Spamhaus as a going concern can help by paying a fee for use of a zone transfer service to their own database or dns servers.
Simple, ain't it?? The little guys win, the big guys win, the spammers lose.
Very true. (Score:3, Interesting)
Cost Offsets (Score:5, Insightful)
Even then a lot of businesses may actually save money through reducing bandwidth costs due to spam. I hope they don't force those savings onto you... :)
Q.
Re:Cost Offsets (Score:5, Informative)
Even then a lot of businesses may actually save money through reducing bandwidth costs due to spam. I hope they don't force those savings onto you...
Good points. Using the Spamhaus XBL and SBL actually saves a decent-sized ISP more than its cost in a given year in bandwidth, storage and CPU cycles.
Additionally Spamhaus is letting operators of free DNSBL mirrors continue the Zone Transfer for free. Perhaps additional ISPs will be given the option of getting the Zone Transfer for free in exchange for setting up another public mirror.
Re:Very true. (Score:5, Insightful)
2) Spamhaus recommends organizations that get 200,000+ emails a day sign up for the service. Conservatively, I think, we can estimate that would mean 100,000 users ( some get considerably more, most not at all ). At the high end, it's 14,500 a year. So, 14500/100000 = 14.5 cents a YEAR per user. I'll give you a fiver, if you shut up about the cost for the next 30+ years about it.
3) Say I'm way off, and the number is more like 20,000 users. That puts us at about 73 cents per year per user.
If you really can't afford that, how the hell are you able to sit here on the internet and gripe about it?
4) Spam, annually, costs you way more. Or, more accurately, they cost your provider more, which in turn, gets passed on to you. So what they are doing is a cost saving measure.
So, in closing, let me say this: Stop bitching, you are wrong.
Comment removed (Score:5, Informative)
Re:Very true. (Score:2)
It's still not a lot, but I know the way the beancounters think... if it's not free it must be justified, and if it doesn't have an immediate benefit then there's no chance.
Re:Very true. (Score:1)
Spam is free for the sender, but we're required to have equipment that would have been enough for an ISP 4 times our size 5-6 years ago [numbers in the last paragraph were made up on the spot, but are meant to provide an example of cost]
Re:Very true. (Score:1)
Re:Very true. (Score:2)
Oh? Do you have any facts behind that? How about some sound reasoning? Shit, I'd take a wild shot in the dark.
Forced costs (Score:1)
Re:Very true. (Score:2, Insightful)
Of course if your ISP's rates go up you could always switch ISP's. I don't think these are large fees for these ISP's that need the service, especially AOL. And the reason you don't get spam at AOL is because they are already doing a lot of spam filtering.
Re:Very true. (Score:1)
Re:Very true. (Score:1)
You say that you only get 1-2 spam...ever think that's cuz your ISP uses spamhaus (or something like it)?
Re:Very true. (Score:2)
And of course you are still free to switch to an ISP that doesn't subscribe to the Spamhaus premium service. Spamhaus can't force you to pay for anything unless you agree to let them, perhaps implicitly by continuing to use an ISP which pays them.
Re:Very true. (Score:2)
You could always vote with your feet and your wallet. There have to be plenty of operators out there that will cater to what you're looking for, even if it is email that's not filtered for you in any way, shape or form. Run your own servers if that's what concer
World governments (Score:5, Funny)
Gee, I leave my tinfoil hat off for just one lousy week and there's not just one but multiple world governments. I was just getting to grips with overthrowing a few national governments.
Do I get to choose which world government I'm under? Given the choice I, for one, would like to welcome my new illuminati overlords.
Re:World governments (Score:2)
There, I said it. Happy?
Re:Bleck. (Score:1)
The money is only demanded from companies using SpamHaus. Much like lots of the other really good things on the internet. For example AVG antivirus is free for home users, but if you want to use it in your business, it'll cost you a fee.
The pricing scheme looks pretty fair also, I'm guessing the lowest price is for smaller-ish businesses, while the h
Right, but... (Score:1)
Re:Right, but... (Score:3, Insightful)
Even if a small ISP who can't afford to simply swallow the cost passed it down to customers, you'd only be seeing a tiny increment on your monthly bill . And by tiny I am thinking in the figure of 10 or 20 cents. Do the math.
Small ISP "FooNet" has 1000 customers. Th
Re:Right, but... (Score:2)
Sign. Me. Up.
Re:Right, but... (Score:2)
I can easily see some ISP saying "hey, it only costs us 10 cents per user, but hey, let's add a couple of bucks to the bill to cover the inevitable paperwork, and other sundry items that we can make them think are remotely related and we'll call it a filtration surcharge."
you benefit by.... (Score:1)
In an abstract way, sure. (Score:1)
Re:Bleck. (Score:4, Insightful)
Yeah I am really worried the 15 grand is going to be passed onto me from my multi-billion dollar ISP.
I expect I will need to refinance my house to keep my internet connection.
Spamhaus is providing a service that cuts costs for ISP's (due to savings in resources not needed for the handling of spam) so it only makes sense to throw some cash thier way in return.
Penny pinching of the magnitude you are posting is ammusing. Next you will be saying the free coffee provided to the programmers at most ISP should be cut due to the large toll it provides on the cost to end user services (which is much more than 15 grand) or workers should provide for thier own toilet paper and soap. Cut the company softball team too! The 35 dollar's I pay for broadband is too high!
Re:Bleck. (Score:5, Insightful)
Are you suggesting that ISP customers are entitled to a service for nothing?? If customers are unhappy with a (probably tiny) increase in ISP charges to address the problem, they can always switch to a cheaper ISP ... and
learn to enjoy their spam.
I get maybe one spam e-mail a day.
And how many extra spam e-mail do you think you would you receive if AOL stopped using the Spamhaus RBL?? (If AOL doesn't use the RBL the question is moot anyway.)
Re:Bleck. (Score:4, Insightful)
I was just about to blast you for your apparent refusal to spend a whole five seconds thinking this through, but I see that you have an AOL address, so I'll assume your question was asked with all sincerity.
There are several ways you benefit from this:
- First is that you might already be benefiting. Since you currently get spam, that means that spammers have your address. Getting only one a day probably means that your ISP already is using spam filtering. How do you know that Spamhaus's databases aren't part of it?
- Good spam filtering helps keep costs down, lowering your bills. A network engineer at a major ISP told me that if they removed their spam defenses, they'd promptly crash; they don't have the capacity to handle the doubling or tripling of mail traffic that would result. $15k per year is nothing compared to tripling your ISP's mail handling and storage capacity.
- People will see your messages. If I turned off my filters, less then one in ten of the items in my inbox would be real mail. Without good filtering, I'd accidentally delete a lot of real messages, especially ones from unknown correspondents.
- The people you want to communicate with will still use email. Some people, especially marginal internet users like grandparents and small children, are already starting to abandon email as a medium, despite our best efforts at keeping the spam out. Without good tools like Spamhaus's lists, more and more people will just give up on their spam-choked inboxes.
So basically, if you use email at all, it's worth supporting the fight against spam, even if you don't personally get any at the moment.Relative costs: (Score:2)
Part of the reason why you get so little spam is organizations like spamhaus.
Compare the top-end $14,500 cost of spamhaus to the $400,000 price tag for one of the highest-end routers. If Spamhaus saves MSN from buying 2 more intel servers, then they'll recover their costs.
For the largest ISP's (we're talking t
Re: (Score:1, Flamebait)
Re:Bleck. (Score:2)
Perhaps one a day gets through the AOL spam blocking/filtering. If they turn all of that off, do you think you'll still get one per day?
Re:Bleck. (Score:1)
Maybe you don't understand how this works. A relatively small number of network operators (ISP's and other businesses that get a lot of mail) drive enough queries against the Spamhaus lists that it is worthwhile for them to have a full copy locally. IF your mail provider is one such entity, they are almost cerainly already using Spamhaus' lists and so you are simply not getting all the spam aimed at you. If it is not worthwhile for your mail provider to get a data feed from Spamhaus because their users don
Re:Bleck. (Score:2)
Yes, there is. (Score:2)
Re:Yes, there is. (Score:1)
Re:Yes, there is. (Score:1)
Re:YES, nihirnighthawk@aol.com (Score:2)
1. one man's "-1 troll" is another man's "+5 funny" (and this AC owes me a new keyboard...apparently mine doesn't like cherry coke)
2. you had the balls to say "I only get one spam a day" and didn't think anything would happen? Puh-leeeeeease.
I dunno... (Score:5, Interesting)
The point of the new plan is to ensure that 'the millions of users who rely on our anti-spam systems can be assured we'll be here for as long as spammers plague the Internet
As they eliminate spam, spam becomes less profitable, thus decreasing the need for them. Not only that, but the less spam, the less people will request their services, as they can do it in-house. What do you guys think?
Lets get it out of the way now....
1. Block spam
2. ????
3. Profit.
There. Are you trolls happy?
Self-eliminating business model. (Score:5, Insightful)
MS claims that Hotmail receives 2 Billion spams a day. (That's 2x10^9 to you friends across the puddle). I don't see that going away, more's the pity.
Re:Self-eliminating business model. (Score:1, Funny)
Re:Self-eliminating business model. (Score:5, Funny)
Re:Self-eliminating business model. (Score:2)
I used to get about 6 a day, then suddenly, about 3 months ago, all the spam stop getting delivered into my inbox.
ALL. Well i think about 1 month ago, 1 got through, but that was it.
Re:Self-eliminating business model. (Score:1)
Around the big blackout last August my friend commented that his spam in his hotmail account went down to almost nothing. I short while later, I also noticed the same thing. For an account that got 4 spams within a few hours of signing up, I can now check it once per week and maybe remove 5 spam emails. I admit I have some stuff directed to a junk folder, but I a
No spam in my Hotmail account (Score:2)
I've never publicised the email address.
More importantly the address is obscure. I've seen /.ers offer their so-called "obscure" email addresses and I've thought them all laughably likely to be hit in a dictionary attack.
Mine is 14 characters, mixing letters and numbers, as a sentence implying a certain head of state doing something naughty. Easy to rememe
What exactly is the point? (Score:3, Insightful)
Do you get any email at all?
Spam is all about the signal to noise ratio, you know.
Re:What exactly is the point? (Score:2)
Spam is all about the signal to noise ratio, you know.
is completely wrong.
Ratios of spam, and false positives and false negatives are relevant to spam detection.
But by and large only absolutes are relevant to amount of spam received. The fact business colleagues send me 1,000 messages a day does not change the amount of spam I receive. I would neither receive less or more spam if they increased or decreased their so-called signal.
Spam is not proprotional to non-s
Re:Self-eliminating business model. (Score:2)
Re:I dunno... (Score:1, Interesting)
Yes it is. And therefore, they have a financial incentive to allow some amount of spam through. This keeps the spammers around while also letting customers know that the spam problem still exists. They'd need to play both sides to stay in business.
Pipe-full-of-fun-kit-number-7.
Re:I dunno... (Score:2)
Re:I dunno... (Score:1)
it'll help in 2 ways (Score:2, Interesting)
or to provide money as a cushion against suits? and hurt in one, if you're a corporate bulk user (not bulk like that) you'll pay, for something that saves your company money.
Re:it'll help in 2 ways (Score:2, Interesting)
This says it all... (Score:3, Informative)
In the meantime, thanks largely to ineffective spam laws passed by governments, we're having to step up the fight against spam with more resources....
Not that the gov't can do much anyway, but, it could do more. I think the fees are reasonable and I hope they are accepted and paid graciously.
Happy Trails!
Erick
GRsecurity, anyone? (Score:4, Interesting)
Re:GRsecurity, anyone? (Score:1)
I'll fund them for life... (Score:5, Funny)
Re:I'll fund them for life... (Score:1)
They can fund themselves for life... (Score:2)
Re:They can fund themselves for life... (Score:3, Insightful)
Still free for most (Score:5, Interesting)
Spamhaus advises organizations set up a zone transfer if they're receiving 200,000+ e-mails per day. I doubt the average user (or small organization, corporation, etc.) will be receiving that much e-mail in a day (at least for now...)
Heh (Score:5, Insightful)
Don't they mean, as long as e-mail exists; in it's current form, anyway?
Oblig. Simpsons quote (Score:3, Interesting)
This is not a bad thing. (Score:5, Insightful)
The fact that it keeps Spamhaus a viable concern is another plus.
Re:This is not a bad thing. (Score:2)
If a corporate IS department is running their own mail servers, it would be wll worth the money.
Just speculation...
Wouldn't most corporations prefer a whitelist-type solution in the first place? I'm just thinking of a recent story where email inquiries largely went unanswered.
The dog ate my homework, some idiot (who has since been fired) must have deleted your message, I never received your original email, we had a virus, etc..
It's a pretty good and plausible deny situation, isn't it?
Re:This is not a bad thing. (Score:2)
It may be a pittance to all of corporate, but it is by no means a trivial sum to a single IT department who must justify the expense up a few levels. Your returns cannot be quantified -- it's not as if spamhaus is alone in producing a savings from effective spam filtering. Even if they are the most effective, the difference between spamhaus and the next
Corporate thinking and expensing. (Score:5, Insightful)
I may be an idiot, but it seems to me that most organisations could justify any of the amounts listed by doing some simple cost benefit analysis.
My understanding is that Spamhaus allows you to blackhole IP blocks that are known to tolerate\encourage spam.
If you step back and work out the cost of bandwidth to accept all of that spam, versus the cost to pay Spamhaus to blackhole it, it probably works out in favour of paying for Spamhaus.
Here in
Literally... (Score:5, Funny)
This takes the sound bite "prices may vary" to a new level.
Re:Literally... (Score:1)
Prostitution's still got 'em beat.
No pun there.
Re:Literally... (Score:2)
This seems a lot like the donation box at a museum. No reqired payment for walking through, but there's a table of suggested donations based on how much you should be able to pay, and most people are going to pay it because how else does the museum stay in business...
Re:Literally... (Score:2)
How to Stop Spam (Score:2, Interesting)
SMTP has a security hole: any connecting client can assert any sender address. This flaw has been exploited by spammers to forge mail. The result: your mailbox fills up with bounces to messages that you didn't send. Close the hole, and we can easily block spammers by sender domain.
SPF closes the hole by using a DNS record that says which hosts can send email with a from address in the domain. The record is a simple TXT record tha
Re:How to Stop Spam (Score:4, Insightful)
As an aside, I don't think that making it an RFC necessarily makes it patent free.
Patents (Score:1)
IANAPL
Re:How to Stop Spam (Score:4, Interesting)
Yea, right. My mailbox isn't filling up with messages I didn't send. It's just plain filling up. This method is no more difficult to defeat that the current content-based anti-spam methods and requires major upgrades to both DNS and MTAs.
Of course this is a Microsoft idea. Rather than improve the system, in typical Microsoft fashion they want to employ a new standard indigenous to their systems. Another marketing ploy that promises an amazing improvement that would never materialize.
While some improvements to DNS authentication could prove helpful, they're not worth the trouble because in the end, this idea is little more than another flavor of whitelisting, which has proven to be most effective by a small config change to most MTAs and services like Spamcop, Sorbs and Spamhaus's RBL.
What you're proposing is that the burden be switched from MTA to MTA+DNS. The problem is that it's not that much more difficult for spammers to forge additional DNS records in most cases.
Yes, this scheme might address zombie proxy armies, BUT that presupposes that the major ISPs would actually properly manage their DNSes, which they DON'T NOW, so why would they update the new DNS records properly? They WOULDN'T. It's better to have the DNS records managed by an independent third party such as Spamhaus or Spamcop, that sysops can choose to use that are more responsible and more accurate in determining which hosts are allowed to deliver SMTP traffic.
Re:How to Stop Spam (Score:2)
It is very difficult to forge DNS records (one needs access to the legitimate name server). What is not difficult is creating legitimate DNS records. However, if spammers have to buy legitimate domains, then we can easily fix this by blacklisting those domains (and possibly revoking them). This can actually be done quite agressivel
Re:How to Stop Spam (Score:1)
Re:How to Stop Spam (Score:1)
Re:How to Stop Spam (Score:4, Informative)
SPF isn't flawed, the application is flawed. Put in a trouble ticket to the company that makes BlackBoard group learning systems and tell them they need to add outbound SMTP gateway support. That's a seriously misbehaved application if it just assumes it can send mail directly out. We haven't allowed users to send mail directly out for 12 years.. everyone has to relay through a central mail gateway for logging purposes.
Re:How to Stop Spam (Score:5, Informative)
1. SPF is text based; Caller ID is XML based (even though no other email header or DNS record is).
2. SPF verifies the envelope sender; Caller ID verifies the From header of the email. While both will be the same in many cases, they do not have to be.
Re:How to Stop Spam - Filter it at the SMTP level. (Score:1)
Re:How to Stop Spam (Score:1)
Good or bad? (Score:4, Interesting)
All content in that record except *one* line is completely wrong and/or severely outdated. The bad content reflects an old customer long gone (booted late 2002) whose IP-ranges were mixed up with Dynamic Pipe. All that remains valid is a single nameserver (freya.wildrhino.com) belonging to a different customer/alledged spammer: Wild Rhino.
If the info should be correct that entire record should be removed and the
But Steve does not want to admit his mistakes here, and one can wonder just how many other records in his system are equally flawed, mislisted or plain false. If the incorrectness is rampant throughout, one can wonder just what these businesses would be buying. I think Steve needs to learn a bit about humility and responsibility before he starts making money big-time on this. Because making money off lies and false pretenses has always been the domain of those he claims to hate the most: SPAMMERS.
Re:Good or bad? (Score:4, Informative)
ey, dude, steve won't exactly be "making money big time" on this, as you assert in your post. The whole point for this price structure is to ensure the continued longevity of an essentially free-for-most, not-for-profit service. get it? And yeah maybe that money will give them more resources to deal with fringe cases such as the one you're outlining. The fact is, at some point, an ISP gave that IP block to a spammer. And for some reason spamhaus doesn't seem to feel confident about de-listing that block, maybe there's a good reason for that, i'll give spamhaus the benefit of the doubt any day. Maybe that'll teach ISPs to more carefully scrutinize who they give blocks to, and be more mindful of what sort of traffic goes on there.
Re:Good or bad? (Score:1)
Maybe that'll teach ISPs to more carefully scrutinize who they give blocks to...
First of all, most startup ISPs will not know how to research the hats of potential customers and will thus be innocent in assigning an IP block to a spammer. And in the western world any customer must be presumed innocent until proved otherwise (to the ISP that is).
Re:Good or bad? (Score:2)
Summary : A small, startup ISP isn't bright enough to get rid of their spammer, so they get listed as supporting spam.
And you have the gall to bitch about being listed! So my point is
Futureproofing? (Score:2)
Waterproofing - making sure water can't get in.
Spamhaus is a GoodThing (TM) - is futureproofing it a good idea?
The Spamhaus XBL remains free for AXFR (Score:2, Informative)
Spamhaus is selling access to two lists.
One of them, the SBL, is a list used to apply pressure to ISPs. It doesn't stop that much spam. It's a political tool, just the same as the MAPS RBL was.
The other, the XBL, is extremely effective at stopping spam. But Spamhaus doesn't run the XBL. They're just downloading the (freely available) CBL and BOPM lists, then selling access to them for thousands of dollars a year.
Linford? (Score:2)
Something tells me Lindows's new company name isn't going to last...
Re:Spamhaus and IronPort (Score:2, Informative)
Re:Spamhaus and IronPort (Score:1, Informative)
No, Spamhaus has no affiliation with IronPort! (Score:5, Informative)
You are confusing Spamhaus with SpamCop...
Spamhaus has no affiliation with IronPort!
Re:Spamhaus and IronPort (Score:1)
I haven't passed judgement yet on the association of Ironport with Spamcop. It's possible (albeit a slim possibility) that Ironport are part of the good guys, but it remains to be seen.
Confusion of two anti-spam sites (Score:3, Informative)
Several people have posted that I've confused Spamhaus with SpamCop. Sorry. It was careless on my part. My appologies to Spamhaus.
Re:Spamhaus and IronPort (Score:2)
Second, while you claim you don't like *anyone* to do mass email, you are posting on Slashdot, and you have a registered account here. I'd bet you that Slashdot would qualify under the "mass email" category. They use email when people register accounts, they email people to give them the current headlines, results of their moderations, to let people know someone either replied to or moderated a comment - that's lots