| The Spamhaus Project |
Article Index for The |
Website Links For Project |
Information AboutThe Spamhaus Project |
| CATEGORIES ABOUT THE SPAMHAUS PROJECT | |
| 1998 establishments | |
| engineering projects | |
|
SPAMHAUS DNSBLS Spamhaus is responsible for three widely used anti-spam DNS Blocklists ( DNSBL s) — the Spamhaus Block List (SBL), the Exploits Block List (XBL), and the Policy Block List (PBL). Many Internet Service Provider s and other Internet sites use these free services to reduce the amount of spam they take on. The SBL, XBL and PBL collectively protect over 500 million e-mail users, according to Spamhaus' web page (December 2006). Like most DNSBLs, their use is Controversial . The Spamhaus Block List (SBL) Spamhaus Block List (SBL) targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services.. The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below. The Exploits Block List (XBL) Spamhaus Exploits Block List (XBL) targets "illegal 3rd party exploits, including Open Proxies , worms/viruses with built-in spam engines, and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by two contributing DNSBL operations — the Composite Blocking List ( CBL ) and the Not Just Another Bogus List ( NJABL ) lists. The Policy Block List (PBL) Spamhaus Policy Block List (PBL) is a list that serves many of the same functions of a Dialup Users List , but really it is not a DUL. The PBL lists not only dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections', but static assignments that shouldn't be sending email without prior arrangement. Examples of such are an ISP's core routers, corporate users required by policy to send via their internal mail server, and unassigned IP addresses. Much of the data is provided to Spamhaus by the owners (ISPs) of the IP address space. Spamhaus's DNSBLs are offered as a free public service to mail server operators on the Internet. ISPs and other large sites doing large numbers of queries can also sign-up for an Rsync -based feed of these DNSBLs, which Spamhaus calls its Data Feed Spamhaus Data Feed , at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list Spamhaus's top ten worst spam service ISPs list , and they must also pass a background check to make sure they do not knowingly or intentionally provide services to spammers. Spamhaus also provides two combined DNSBLs. One is the SBL+XBL., which allows users to query sbl-xbl.spamhaus.org once and get return codes from both lists. A newer combination is called '''ZEN''' Spamhaus ZEN (named after founder Linford's dog), which allows users to query zen.spamhaus.org once and get return codes from the SBL+XBL and the newer PBL. REGISTER OF KNOWN SPAM OPERATIONS The Spamhaus Register of Known Spam Operations (ROKSO) Spamhaus Register of Known Spam Operations (ROKSO) is a database of "hard-core spam gangs" -- spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly-sourced information about these persons and their business and at times criminal activities. As Spamhaus operates in the United Kingdom , it is subject to the Data Protection Act which restricts its ability to publish private information legally. For this reason, ROKSO publishes only information gathered from public sources such as newspapers, court records, incorporation filings, and other public records. Spamhaus also keeps additional information on spammers for disclosure only to law enforcement agencies. DON'T ROUTE OR PEER LIST The Spamhaus Don't Route Or Peer (DROP) List The Spamhaus Don't Route Or Peer List (DROP) is a text file delineating so-called "zombie" (stolen) CIDR Blocks and netblocks which are "totally controlled by spammers or 100% spam hosting operations", as shown by SBL listings, with the numbers of the underlying listings as comments. It is intended not to include netblocks registered to ISPs and sublet to spammers, but only those blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to block network traffic from and to those blocks. E360 LAWSUIT In September 2006 an American spammer named David Linhardt, operating as "e360 Insight LLC", filed suit in an Illinois state court against Spamhaus for blacklisting his website. Spamhaus initially succeeded in moving the case from state to federal court, but then stopped defending itself against the lawsuit, because it is based in the . Retrieved 2007-02-04 . (PDF version of PROPOSED ORDER) e360 filed a motion in Federal court to force . that they had neither the ability, nor the authority, to remove the domain records of Spamhaus, which is a UK-based not-for-profit organization. On 2006-10-20 , U.S. Federal District Court Judge Charles Kocoras, for the Northern District of Illinois, issued a ruling denying e360's motion, stating in his opinion, that "there has been no indication that ICANN not independent entit[y Spamhaus , thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, " {Link without Title} hile we will not condone or tolerate noncompliance with a valid order of this court Spamhaus' refusal to satisfy the default judgment neither will we impose a sanction that does not correspond to the gravity of the offending conduct.""Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006". . SPAMHAUS VERSUS NIC.AT In June 2007 Spamhaus requested the national Registry of Austria Nic.at unregister a number of domains because of their use for Phishing purposes Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at Nic.at . The registry nic.at rejected that request and argued that they would break Austrian law when doing so. Further nic.at argued that the respective DNS-providers should remove the domain. To put more pressure on the Austrian registry Spamhaus put the mail server of nic.at for several days on their spam blacklist which caused interference of the mail traffic. Domainnews.com nic.at domains blacklisted by Spamhaus Spamhaus.org setzt Österreichs Domainverwaltung unter Druck . Currently Spamhaus has a pointer entry ( SBL55483 ) for the single IP address 192.174.68.0/32 to highlight nic.at apparent role in supporting phishing. This listing does not block any email, since this address is unused. Most of the phishing domains have since been deleted/suspended by the respective DNS-providers. SPAMHAUS TRADEMARKED Spamhaus has been given the blessing of Hormel , to trademark the name Spamhaus in the European Union.http://blog.clickz.com/070417-212734.html SEE ALSO
REFERENCES EXTERNAL LINKS
|
|
|