Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Spam The Internet Your Rights Online

Dutch ISP Files Police Complaint Against Spamhaus 218

judgecorp writes "Dutch ISP A2B has filed police complaints against anti-spam project Spamhaus, calling its CEO 'nuts' and accusing him of blackmail. Spamhaus added all A2B's addresses to a spam blacklist, when A2B did not obey the letter of its demands in blocking a spammer."
This discussion has been archived. No new comments can be posted.

Dutch ISP Files Police Complaint Against Spamhaus

Comments Filter:
  • Incorrect summary (Score:5, Interesting)

    by TechLA ( 2482532 ) on Thursday October 13, 2011 @01:39PM (#37703920)
    A2B DID block the spammer, they blocked his ip. What Spamhaus wanted was stop routing traffic for the whole CyberBunker (who route traffic for The Pirate Bay etc) who are not spammers. They had a single customer that spammed, and A2B as upstream provider blocked that ip instead. What they didn't do was block the innocent CyberBunker completely, and after that Spamhaus added A2B - completely third party - to their blacklist. That's complete bullshit and blackmail.
    • Ah, that may explain it. If so, my comments below can be ignored. Instead, I'll say that this seems to be an over-reaction from both Spamhaus and A2B. Spamhaus for blacklisting, A2B for involving police when it seems unneccesary.
    • by Anonymous Coward on Thursday October 13, 2011 @01:47PM (#37704004)

      If spamhaus starts blacklisting entities that do not spam, people will stop trusting and using spamhaus. Police or no, Spamhaus is harming itself when it oversteps its natural bounds.

    • by lee1 ( 219161 )
      So how is the summary "incorrect"?
  • GO!

    Seriously, anti-spam organizations tend to be as self righteous as born-again and on the wagon alcoholic evangelists.

    Isn't it time to kill email?

    • If you don't like email, don't use it.

      If you don't like spamhaus, don't use their blocklist. How hard is that?

      Spamhaus lists IP addresses that send spam. If the ISP ignores complaints or moves the spammers to a different IP, then it will list the netblock or the whole ISP. Those of us who use their list appreciate it. It reduces the load on my email servers by thousands per day. Don't blame the messenger.

      • by fyngyrz ( 762201 )

        If you don't like spamhaus, don't use their blocklist. How hard is that?

        The problem is, when entities upstream from users (both senders and receivers) are deluded into using Spamhaus, and that in turn screws up those user's email -- the users themselves have zero recourse. So it isn't a matter of simply "deciding not to use a list." Spamhaus and every operation like them are exercising power over people who are defenseless, and who never authorized any such interference.

        • If you have a static IP and control over your DNS you can run your own mail server and do whatever you want. If you are on a cable modem and your ISP controls your domain, then you aren't really on the internet, are you? Just drink the kool-aid. Personally, I've never used my ISP's email service.

          In any case, spamhaus lists are mostly automated. The data they use to list you might be supplied by your own ISP who are running the spamtraps and supplying the lists of dynamic addresses that aren't supposed t

          • When you send email, it doesn't necessary go directly from person A's PC to person B's PC. Any of the intervening machines can use an RBL - with or without your knowledge or permission. Even if you own your own mail server, I can promise an RBL somewhere along the line is still filtering what hits it. Even if you proclaim 'I do not choose to use this service!' - no one will hear you.

            I've also had customers end up on the blacklist incorrectly for reasons as innocuous as some 3rd party contracted inexpe
            • I've also had customers end up on the blacklist incorrectly for reasons as innocuous as some 3rd party contracted inexperienced low-level techie ticked the wrong box on their Exchange management interface when trying to fix an unrelated problem.

              Good. People who leave open relays are exactly the people I don't want to get mail from.

  • by Nom du Keyboard ( 633989 ) on Thursday October 13, 2011 @01:47PM (#37704006)
    Spamhaus publishes their Opinion about who are spam problems. It's a lot like Slashdot posts, which are the various contributor's Opinions. You can individually choose to believe, or not believe, any post(s) that you wish. And other ISP's can choose to accept, or reject, Spamhaus's Opinions about who and where troublesome spammers are. An Opinion is a very long way away from the accusation of Judge, Jury, and Executioner and only a fool would have made that unwarranted leap.
    • by TheCarp ( 96830 ) <[ten.tenaprac] [ta] [cjs]> on Thursday October 13, 2011 @01:53PM (#37704076) Homepage

      Right, except that many people just configure their mail servers to take that opinion as gospel, and spamhaus certainly makes it easy to do so and encourages it.

      So legally, you are indeed right. However, the end result is that their opinion carries a lot of weight, mostly because many many people just blindly apply it.

      So, in effect, they become judge jury and executioner, in that, once their opnion is that you have transgressed, you will instantly be blackballed all over the internet. They have become little more than a bully, which is too bad because, I mostly like them and mostly agree that this is the right way to operate.

      Of course.... I JUST posted my experience with them (or I should say, the experience that I came back from vacation to find one of my co-admins had): []

      • Right, except that many people just configure their mail servers to take that opinion as gospel, and spamhaus certainly makes it easy to do so and encourages it.

        What other people do is not Spamhaus's responsibility. If I were to post here to Slashdot for everybody to take all of their money and throw it into the ocean to support world peace, I'm not responsible that somebody actually did that. Put the blame where it actually lies, and it doesn't lie with Spamhaus.

        • by TheCarp ( 96830 )

          Um right, so we pretty much agree then, except that you refuse to accept the use of the "judge jury and executioner" analogy except in the most strict sense. Ok Fine.

          Is the problem that their opinions suck? Or is that that people listen to them? Actually, the problem is that their opinions suck AND people listen to them.

          If their opinions sucked and people ignored them, we would have no issue and nothing to talk about.

          If their opinions were good and people listened, we would have no issue (other than a philo

        • If you know that people listen to your opinion and do what you say, and you say things that can harm someone else, you can be held accountable. See any cult or mob leader who knows his followers hang on his words. They just say "it would be a shame if something happened to that ISP" and suddenly its servers are underwater wearing concrete shoes.

          Plenty of leaders have been convicted for crimes based on this chain of events.

        • What other people do is not Spamhaus's responsibility.

          So it's okay for me to shout "Fire!" in a crowded theatre, since I'm not responsible for others' reactions to what I say? Thanks!

      • by Spazmania ( 174582 ) on Thursday October 13, 2011 @03:09PM (#37705052) Homepage

        the end result is that [Spamhaus'] opinion carries a lot of weight, mostly because many many people just blindly apply it.

        Mostly because Spamhaus rarely lists address ranges that aren't involved in spamming and network abuse, and even more rarely for long. Spamhaus EARNED its reputation for cautious listing at the same time others like SORBS earned reputations for over-zealousness.

        That's why I'm surprised to see Slashdot folks taking these accusations seriously without any posted evidence. When Spamhaus lists an IP block, they document it publicly including their reasons. Sometimes it's because an organization has been caught moving spammers around inside their IP block. Sometimes there are other reasons. Usually they're pretty good reasons.

        Where's the copy of that posting?

        I know back when I ran an ISP, Spamhaus was the one I -didn't- have problems with.

        • by TheCarp ( 96830 )

          Hmmm I must admit, I came back from a vacation to find all this out.... do they keep a historical record of all this after a block is removed?

          I have been meaning to investigate more, but, since it was a solved issue by the time I got back, and I have been busy with other projects, I only spent an hour or so looking for more information and finding little to nothing. If there is a "right place" to go look, I would love to know. Apparently we were on the "SBL" list.

          My co-admin sent me a URL reference but, whe

          • I seem to recall it being a little tricky to get to the data after it's delisted. I'll grant you that Spamhaus should do better there.

      • Compare Spamhaus with your local reporter who focuses mainly on restaurant reviews. Every week, he visits a new restaurant and writes a review. Some restaurants may end up with a good review and get lots of traffic as a result. Some may end up with a bad review, causing lots of people to avoid their restaurant, thus losing business. Same principles apply here. It's like saying, "We tried to talk to the owner to get things fixed, but we couldn't. We're now leaning on the waitress, to see if she will help us

      • Spamassassin in default configuration uses Spamhaus as one of several RBLs, but just being listed on Spamhaus is not enough to be blocked. It adds 2-3 points to the spam score, and 5 points are needed. Other RBLs are used as well, as is other scoring. It is just one of many bits. Relying on a single RBL to block mail without further thought is a bad idea of course.

    • Once you make your opinions public, you can be charged with libel and malicious defamation of character in most countries. Especially in a case like this where many ISPs use Spahaus' lists so there are real, direct socio-economic consequences for wrongly blacklisting someone. (Not saying that's what happened here.)
    • by macraig ( 621737 ) <> on Thursday October 13, 2011 @02:43PM (#37704732)

      Spamhaus publishes their Opinion about who are spam problems. It's a lot like Slashdot posts, which are the various contributor's Opinions.

      What a quaint mis-framing by using the word "opinion" rather than what it actually is: a declaration. It's much more affirmative than a mere "opinion".

      This, BTW, is precisely why ALL blacklists are a crappy idea that ultimately always lead to this scenario. Crowdsourcing this sort of privacy/security function to anonymous people with unverified credibility leads to the well being poisoned with deliberate or unintended misinformation. They are even vulnerable to ill-intentioned people with axes to grind and a willingness to wreck significant swaths of the Internet to exact their vengeance.

    • by sjames ( 1099 )

      If you misrepresent your opinion with malicious intent or with reckless disregard for truth and you cause damage as a result, you can be in quite a lot of trouble legally.

    • by zmooc ( 33175 )

      It's not an opinion. Whether mail is spam or not can be objectively decided and thus is not an opinion. Therefore any statement on whether someone sent spam is not an opinion either. It's either a fact, a lie or a mistake.

      And since spamming is illegal, claiming someone sends spam is defamation, which is illegal in many countries, including the Netherlands and the rest of the EU, where spamhaus has registered offices. Therefore they're probably not that far away from losing in court at all.

    • Eh..... this is grey waters... I honestly think that Spamhaus is making an assertion of fact to a third party, and could be liable for defamation. It's well enough into the grey area that it would have to be settled by the court.

    • by Hentes ( 2461350 )

      True, but here in Europe free speech is limited by e.g. libel laws. If the ISP can demonstrate that the claims were false and caused them damage then they have a chance to win.

  • Yes, ISP's need to be responsible and take action against spammers, and yes, ISP's who continually fail to do so on a significant scale over a long period of time are fair game to block, but in this particularly instance it sounds like Spamhaus's actions may have been abusive and rather arrogant. I use Spamhaus's blocklist myself, but organizations like Spamhaus and Cisco SenderBase need to take some responsibility to ensure that they are not unduly effecting legitimate businesses and networks. Taking lar
    • It seems like there gripe was the primary ISP was refusing to do anything about it they then move to the feeder ISP's until they fix it. By routing there traffic they are aiding spam. Ever expanding there blacklist to push companies to do something is the only method they get something done. By the time they are complaining to a providers providers it's been a issue for a long time. That dutch ISP should never have to block one of it's clients, clients IP's they should have required them to act

    • ...organizations like Spamhaus and Cisco SenderBase need to take some responsibility to ensure that they are not unduly effecting legitimate businesses and networks. Taking large-scale blanket actions that effect many legitimate sites undermines the anti-spam industry as a whole, because it makes it more difficult for people to rely on anti-spam products/services.

      Spammers hide among legitimate businesses and hosting providers often don't do enough, unless their feet are continually held to the fire, to weed them out. Spamhaus can't cut off the account of the abusers at the various hosting providers, so they do the next best thing and make it in the best interests of those hosting providers to clean up their acts. Just take a moment to think about where we'd be without Spamhaus.

      • Just take a moment to think about where we'd be without Spamhaus.

        Actually, just about where we are right now. Most major mail providers don't use Spamhaus at all... it certainly doesn't affect delivery to GMail or Yahoo or anything like that. They use heuristic analysis of the messages (stuff like Spamassassin), coupled with Greylisting, forced delays in the server greeting, and throttling based on number of recipients. And it works. I don't get any spam at all to my inbox. None. And I've had the same address for nearly 6 years, now. And I don't use Spamhaus, SORBS, or a

  • Choosing to use and trust Spamhaus is a completely voluntary activity by companies that don't wish to receive spam. It is usually only one of many strategies people use to try to block spam. Most use it simply as advice for scoring, some us it to block smtp from hosts completely. Whatever.

    If spamhaus gets it wrong too often (and they do make mistakes) then people will stop using it. There's little any authority can do about it though. Spamhaus publishes its opinion and others choose to follow it.

  • by xrayspx ( 13127 )
    They are hugely annoying to deal with if you send any volume of mail at all. I worked at a job in which we sent tens of thousands of order status emails per day (were there upsell attempts? Of course there probably were, but the thrust of the mail was "thanks for ordering, have a confirmation number"), and all it takes is a couple of people marking them as spam to get Spamhaus to start blacklisting you, your upstream ISP, your dogwalker's busdriver's cousin's hairdresser, etc.

    I know they claim that the
  • I don't expect this will get modded up, because I'm only a mail admin with years of experience, and what do I know. Vive la web 2.0 etc.

    Spamhaus don't list people unless they've got a very good reason - that's why the majority of email providers, and likely your mail feed is using SBL. Steve is not crazy, and incidentally, business details are not subject to data protection provisions under the EU directive, so it is absolutely fine to say you kicked a spammer.

    Lie down with the dogs, get up with the fle

  • Here's what these people seem to say.

    When it comes to piracy - "ISPs shouldn't be policing the internet!"
    When it comes to spam - "ISPs should be policing the internet!"

  • by Calydor ( 739835 )

    Considering only the information readily available via. summary and article, how is this any different from what the DHS are/were doing with ICE, taking out ... was it 86,000 sites to hit one target? When that happened Slashdot was up in arms about the insanity, was that just because DHS is loathed and Spamhaus generally isn't? Am I missing some important detail (other than DHS = Government, Spamhaus = vigilante freelancers) that puts this all in perspective?

  • This story really rubs me the wrong way. They make it sound like Spamhaus has their fingers on the Internet's routing tables and at any whim can block or unblock networks that they don't like. This is simply not the case.

    Spamhaus is no different from an op ed journalist or a food critic: All offer opinions about varying matters of public interest. Spamhaus, in this case, publishes an opinion in the form of a list of IP network ranges. In their opinion these networks can or may be responsible for transm

  • Just a point of clarification.

    Spamhaus runs several DNSBLs: SBL, PBL, XBL.

    I use their XBL. It works great. Don't be confused thinking there's just one "spamhaus list", saying things like "anyone who uses spamhaus is a <insulting term>".

    People should know what they're getting into when they subscribe to a DNSBL. DNSBLs are best used as part of a scoring system, rather than as an ultimate authority.

    Regarding Spamhaus's SBL:

    The SBL database will normally include IPs identified to Spamhaus's best abil

"No, no, I don't mind being called the smartest man in the world. I just wish it wasn't this one." -- Adrian Veidt/Ozymandias, WATCHMEN