The Spamhaus Project

Last updated
The Spamhaus Project
Founded1998 (1998)
Founder Steve Linford
Founded at London, England
TypeNonprofit company limited by guarantee
FocusFighting email spam and associated forms of computer crime
Headquarters Andorra la Vella
Area served
Worldwide
Employees38 (as of March 2013) [1]
Website www.spamhaus.org

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Contents

Anti-spam lists

The Spamhaus Project is responsible for compiling several widely [2] used anti-spam lists. Many [3] internet service providers and email servers use the lists to reduce the amount of spam that reaches their users. In 2006, the Spamhaus services protected 650 million email users, including the European Parliament, US Army, the White House and Microsoft, from billions of spam emails a day. [4]

Spamhaus distributes the lists in the form of DNS-based blocklists (DNSBLs). The lists are offered as a free public service to low-volume mail server operators on the internet. [5] Commercial spam filtering services and other sites performing large scale usage must instead sign up for a commercial account through Spamhaus Technology its partner for distribution. Spamhaus outlines the way its DNSBL technology works in a document called "Understanding DNSBL Filtering." [6]

The Spamhaus Blocklist (SBL) [7] targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to, known spammers, spam operations, and spam-support services. [8] The SBL's listings are partially based on the ROKSO index of known spammers.

The Exploits Blocklist (XBL) [9] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, virus-infected PCs & servers and other types of trojan-horse exploits." That is to say it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes information gathered by Spamhaus as well as by other contributing DNSBL operations such as the Composite Blocking List (CBL).

The Policy Blocklist (PBL) [10] is similar to a Dialup Users List. It lists not only dynamic IP addresses but also static addresses that should not be sending email directly to third-party servers. Examples of such are an ISP's core routers, corporate users required by policy to send their email via company servers, and unassigned IP addresses. Much of the data is provided to Spamhaus by the organizations that control the IP address space, typically ISPs.

The Domain Blocklist (DBL) [11] was released in March 2010 and is a list of domain names, which is both a domain URI blocklist and RHSBL. It lists spam domains including spam payload URLs, spam sources and senders ("right-hand side"), known spammers and spam gangs, and phish, virus and malware-related sites. It later added a zone of "abused URL shorteners", a common way spammers insert links into spam emails.

The Combined Spam Sources (CSS) [12] is an automatically produced dataset of IP addresses that are involved in sending low-reputation email. Listings can be based on HELO greetings without an A record, generic looking rDNS or use of fake domains, which could indicate spambots or server misconfiguration. CSS is part of SBL.

The ZEN Blocklist [13] is a combined list, which includes all the Spamhaus IP-based DNS Blocklists.

The Botnet Controller List (BCL) [14] was released in June 2012 and is a list of IP addresses. It lists IP addresses of which Spamhaus personnel believe to be operated by cybercriminals for the exclusive purpose of hosting botnet Command&Control infrastructure. Such infrastructure is commonly used by cybercriminals to control malware infected computers.

The Spamhaus DROP ("Don't Route Or Peer") lists are JSON files delineating CIDR blocks and ASNs that have been stolen or are otherwise "totally controlled by spammers or 100% spam hosting operations". [15] [16] As a small subset of the SBL, it does not include address ranges registered to ISPs and sublet to spammers, but only those network blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to drop all network traffic to and from the listed blocks. [15] The DROP webpage FAQ [17] states the data is free for all to download and use. In 2012 Spamhaus Technology offered a BGP feed of the same data.

The Spamhaus Register of known spam operations (ROKSO) is a database of spammers and spam operations who have been terminated from three or more ISPs due to spamming. It contains publicly sourced information about these persons and their domains, addresses and aliases. [18]

ROKSO is no longer available to the public. However, there is a special version available to law enforcement agencies, containing data on hundreds of spam gangs, with evidence, logs and information on illegal activities of these gangs.

Companies

The Spamhaus Group consists of a number of independent companies which focus on different aspects of Spamhaus anti-spam technology or provide services based around it. At the core is the Spamhaus Project SLU, [19] a not-for-profit company based in Andorra which tracks spam sources and cyber threats such as phishing, malware and botnets and publishes free DNSBLs. Commercial services are managed by a British data delivery company Spamhaus Technology Ltd., [20] based in London UK which manages data distribution services for large scale spam filter systems.

Awards

Conflicts

e360 lawsuit

In September 2006, David Linhardt, the owner-operator of American bulk-emailing company "e360 Insight LLC", [4] filed a lawsuit in Illinois USA against Spamhaus in the UK for blacklisting his bulk mailings. Spamhaus being a British organisation with no ties to Illinois or the U.S. had the case moved from the state court to the U.S. Federal District Court for the Northern District of Illinois and asked to have the case dismissed for obvious lack of jurisdiction. [24] [25] The Illinois court however, presided over by Judge Charles Kocoras, ignored the request for dismissal and proceeded with the case against British-based Spamhaus without considering the jurisdiction issue, prompting British MP Derek Wyatt to call for the judge to be suspended from office. [26] Not having had its objection to jurisdiction examined, Spamhaus refused to participate in the U.S. case any further and withdrew its counsel. Judge Kocoras however, angry at Spamhaus having ‘walked out’ of his court, deemed British-based Spamhaus to have "technically accepted jurisdiction" by having initially responded at all, and awarded e360 a Default Judgement totalling US$11,715,000 in damages. Spamhaus subsequently announced that it would ignore the judgement because default judgements issued by U.S. courts without a trial "have no validity in the U.K. and cannot be enforced under the British legal system". [27] [28]

Following the default ruling in its favour, e360 filed a motion to attempt to force ICANN to remove the domain records of Spamhaus until the default judgement had been satisfied. [25] This raised international issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names, [29] [30] and ICANN protested [31] that they had neither the ability nor the authority to remove the domain records of Spamhaus, which is a UK-based company. On 20 October 2006, Judge Kocoras issued a ruling denying e360's motion against ICANN, stating in his opinion that "there has been no indication that ICANN [is] not [an] independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case", because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e., Spamhaus' refusal to satisfy the default judgement] neither will we impose a sanction that does not correspond to the gravity of the offending conduct". [32] [33]

In 2007, Chicago law firm Jenner & Block LLP took up Spamhaus's case pro bono publico and successfully appealed the default ruling. The U.S. federal Court of Appeals for the Seventh Circuit vacated the damages award and remanded the matter back to the district court for a more extensive inquiry to determine damages.

Following the successful Appeal by Jenner & Block LLP in 2010 Judge Kocoras reduced the $11.7 million damages award to $27,002 [34] —$1 for tortious interference with prospective economic advantage, $1 for claims of defamation, and $27,000 for "existing contracts". [35]

Both parties appealed, but e360's case for increasing the damages was sharply criticized by Judge Richard Posner of the Seventh Circuit: "I have never seen such an incompetent presentation of a damages case," Posner said. "It's not only incompetent, it's grotesque. You've got damages jumping around from $11 million to $130 million to $122 million to $33 million. In fact, the damages are probably zero." [36] and for a second time the Court of Appeals vacated the damages award.

Finally, on 2 September 2011 the Illinois court reduced the damages award to just $3 (three dollars) total, and ordered the plaintiff e360 to pay to Spamhaus the costs of the appeal for the defence. [37]

In the course of these proceedings, in January 2008 e360 Insight LLC filed for bankruptcy and closed down, citing astronomical legal bills associated with this court case as the reason for its demise. [38]

Spamhaus versus nic.at

In June 2007, Spamhaus requested the national domain registry of Austria, nic.at, to suspend a number of domains, claiming they were registered anonymously by phishing gangs for illegal bank phishing purposes. [39] The registry nic.at rejected the request and argued that they would break Austrian law by suspending domains, even though the domains were used for criminal purposes, and demanded proof that the domains were registered under false identities. [39] [40] For some time the domains continued to phish holders of accounts at European banks. Finally, Spamhaus put the mail server of nic.at on their SBL spam blacklist under the SBL's policy "Knowingly Providing a Spam Support Service for Profit" for several days which caused interference of mail traffic at nic.at. [40] All of the phishing domains in question have been since deleted or suspended by their DNS providers. [39] [41]

Blocking of Google Docs IPs

In August 2010, Spamhaus added some Google-controlled IP addresses used by Google Docs to its SBL spam list, due to Google Docs being a large source of uncontrolled spam. Google quickly fixed the problem and Spamhaus removed the listing. Though initially wrongly reported by some press to be IPs used by Gmail, later it was clarified that only Google Docs was blocked. [42]

CyberBunker dispute and DDoS attack

Diagram showing the role of open resolvers, improperly configured servers vulnerable to IP address spoofing Dns-amplification-attack open-resolver englishV73GT.png
Diagram showing the role of open resolvers, improperly configured servers vulnerable to IP address spoofing

In March 2013, CyberBunker, an internet provider named after its former headquarters in a surplus NATO bunker in the Netherlands [45] that "offers anonymous hosting of anything except child porn and anything related to terrorism" [46] was added to the Spamhaus blacklist used by email providers to weed out spam. [47] Shortly afterwards, beginning on March 18, [48] Spamhaus was the target of a distributed denial of service (DDoS) attack exploiting a long-known vulnerability in the Domain Name System (DNS) which permits origination of massive quantities of messages at devices owned by others using IP address spoofing. [49] [50] Devices exploited in the attack may be as simple as a cable converter box connected to the internet. [51] The attack was of a previously unreported scale (peaking at 300 Gbit/s; an average large-scale attack might reach 50 Gbit/s, and the largest previous publicly reported attack was 100 Gbit/s) was launched against Spamhaus's DNS servers; as of 27 March 2013 the effects of the attack had lasted for over a week. Steve Linford, chief executive for Spamhaus, said that they had withstood the attack, using the assistance of other internet companies such as Google to absorb the excess traffic. Linford also claimed that the attack was being investigated by five different national cyber-police-forces around the world, later confirmed in news reports as being the FBI, Europol, the British National Crime Agency (NCA), the Dutch Police National High Tech Crime Unit (NHTCU), and the Spanish National Police. [52] Spamhaus also hired Cloudflare, a DDoS mitigation company, to assist them by distributing their internet services across Cloudflare's worldwide network, [53] after which the focus of the attack was redirected to the companies that provide Cloudflare's network connections. [47]

Spamhaus alleged that CyberBunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, was behind the attack; CyberBunker did not respond to the BBC's request for comment on the allegation; [52] however, Sven Olaf Kamphuis, the owner of CyberBunker, posted to his Facebook account on 23 March "Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project 'spamhaus.org,' which thinks it can dictate its views on what should and should not be on the Internet." [45] According to The New York Times Kamphuis also claimed to be the spokesman of the attackers, and said in a message "We are aware that this is one of the largest DDoS attacks the world had publicly seen", and that CyberBunker was retaliating against Spamhaus for "abusing their influence". The NYT added that security researcher Dan Kaminsky said "You can’t stop a DNS flood ... The only way to deal with this problem is to find the people doing it and arrest them". [47]

The attack was attributed by network engineers to an anonymous group unhappy with Spamhaus, [47] later identified by the victims of the attack as Stophaus, [45] a loosely organized group of "bulletproof spam and malware hosters". [54]

On 26 April 2013, the owner of CyberBunker, Sven Olaf Kamphuis, was arrested in Spain for his part in the attack on Spamhaus. He was held in jail for 55 days pending extradition to the Netherlands, was released pending trial, and was ultimately found guilty and sentenced to 240 days in jail, with the remaining days suspended. [55] [56]

The arrest of ‘Narko’: The British National Cyber Crime Unit revealed that a London schoolboy had been secretly arrested as part of a suspected organised crime gang responsible for the DDoS attacks. [57] A briefing document giving details of the schoolboy's alleged involvement states: "The suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies."

Ames v. The Spamhaus Project Ltd

In 2014, Spamhaus was sued by California-based entrepreneurs Craig Ames and Rob McGee, who were involved with a bulk email marketing services business, initially through a US corporation called Blackstar Media LLC, and later as employees of Blackstar Marketing, a subsidiary of the English company Adconion Media Group Limited, which bought Blackstar Media in April 2011. Although an initial motion by Spamhaus to strike out the claims failed, [58] they ultimately prevailed when the claimants dropped their case and paid Spamhaus' legal costs. [59]

In 2018, The Spamhaus Project was sued by Netirons LLC, Fiber Grid, and Sonjara Oü, three internet service providers operating in Europe and the United States. These companies accused Spamhaus of defamatory practices and unfair business disruption. Spamhaus had unilaterally blacklisted their domain "webexxpurts" and multiple IP addresses, effectively cutting them off from key online services and damaging their business reputation.

A French court ruled in July 2018 that Spamhaus’s actions constituted an "obviously unlawful disturbance." The court ordered Spamhaus to remove the defamatory content and pay damages. Despite multiple legal appeals between 2019 and 2021, Spamhaus was repeatedly found in violation of the ruling, leading to increasing financial penalties.

In 2022, the Aix-en-Provence Court of Appeal reaffirmed the previous decisions, rejecting Spamhaus’s attempts to evade accountability by disputing the court’s jurisdiction. The case highlighted the dangers of private entities unilaterally branding companies as malicious actors without due process. The ruling reinforced that organizations like Spamhaus do not have the unchecked power to blacklist businesses arbitrarily and harm their operations without legal consequences. [60]

  1. "About The Spamhaus Project". The Spamhaus Project. Archived from the original on December 14, 2021. Retrieved March 26, 2013.
  2. "Cyberattack on anti-spam group Spamhaus has ripple effects". CBS News . 27 March 2013. Archived from the original on 17 May 2022. Retrieved 1 March 2014.
  3. "Dutchman arrested over huge web attack". BBC News. 26 April 2013. Archived from the original on 17 May 2022. Retrieved 1 March 2014.
  4. 1 2 Arthur, Charles (19 October 2006). "Can an American judge take a British company offline?". The Guardian. Archived from the original on 17 May 2022. Retrieved 1 March 2014.
  5. "DNSBL Fair Use Policy". The Spamhaus Project. Archived from the original on 2024-04-11. Retrieved 2024-04-17.
  6. "Understanding DNSBL Filtering". spamhaus.org. Archived from the original on 2019-01-03. Retrieved 2019-02-12.
  7. "Spamhaus Block List (SBL)". spamhaus.org. Archived from the original on 2019-02-14. Retrieved 2019-02-12.
  8. Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. Archived from the original on 2019-02-19. Retrieved 2019-02-12.
  9. "Spamhaus Exploits Block List (XBL)". spamhaus.org. Archived from the original on 2019-02-16. Retrieved 2019-02-12.
  10. "Spamhaus Policy Block List (PBL)". spamhaus.org. Archived from the original on 2019-02-17. Retrieved 2019-02-12.
  11. "Spamhaus Domain Block List (DBL)". spamhaus.org. Archived from the original on 21 December 2021. Retrieved 5 July 2013.
  12. "Combined Spam Sources (CSS)". spamhaus.org. Archived from the original on 2022-01-06. Retrieved 2022-01-06.
  13. "Spamhaus ZEN". spamhaus.org. Archived from the original on 2019-02-16. Retrieved 2019-02-12.
  14. "Spamhaus Botnet Controller List (BCL)". spamhaus.org. Archived from the original on 26 August 2020. Retrieved 18 June 2014.
  15. 1 2 Harold F. Tipton; Micki Krause (17 March 2008). Information Security Management Handbook, Sixth Edition. CRC Press. pp. 56–. ISBN   978-1-4200-6710-1.
  16. "Don't Route Or Peer Lists (DROP)". Spamhaus. Retrieved 29 June 2024.
  17. "Frequently Asked Questions (FAQ)". spamhaus.org. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
  18. Robert Jones (7 October 2005). Internet Forensics. "O'Reilly Media, Inc.". pp. 219–220. ISBN   978-1-4493-9056-3.
  19. "Spamhaus Organization FAQ". spamhaus.org. Archived from the original on 2021-04-20. Retrieved 2021-06-18.
  20. "Spamhaus Technology Ltd". spamhaus.org. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
  21. "NCFTA Award". The Spamhaus Project. 29 September 2008. Archived from the original on 13 February 2019. Retrieved 12 February 2019.
  22. Sherriff, Lucy (20 February 2004). "Spamhaus crowned Internet heroes of 2003". The Register. Archived from the original on 13 July 2013. Retrieved 5 July 2013.
  23. "MXTools' Partner Spamhaus Receives Prestigious Virus Bulletin VBSpam Award". Prweb.com. Archived from the original on 2013-07-06. Retrieved 2013-07-05.
  24. Leyden, John (2006-10-10). "Spamhaus fights US court domain threat". The Register . Archived from the original on 2007-01-28. Retrieved 2007-02-04.
  25. 1 2 Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Archived from the original on 27 July 2013. Retrieved 5 July 2013.
  26. "MP calls for suspension of judge in Spamhaus case". Computeractive . 2006-10-10. Archived from the original on 2012-03-30. Retrieved 2011-03-23.
  27. Evers, Joris (2006-09-14). "Spam fighter hit with $11.7 million judgment". CNET News.com. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
  28. "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006 (PDF version of Proposed Order)" (PDF). The Spamhaus Project website. 2006-10-06. Archived (PDF) from the original on 2018-05-27. Retrieved 2019-02-12.
  29. Linford, Steve. "Responds here". The Spamhaus Project website.(No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily Archived 2007-09-27 at the Wayback Machine , Spammer Cajoles ICANN To Ban Spamhaus Archived 2006-10-17 at the Wayback Machine , Groups.google.com Archived 2008-05-24 at the Wayback Machine , highspeed and Groups.google.com Archived 2012-11-04 at the Wayback Machine , abuse.email as of 2007-02-04.)
  30. Carvajal, Doreen (2006-10-16). "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times . Archived from the original on 2007-03-11. Retrieved 2007-02-04.
  31. "Spamhaus Litigation Update". ICANN. 2006-10-10. Archived from the original on 2007-01-25. Retrieved 2007-02-04.
  32. "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006 (signed version of denial without prejudice of Plaintiffs' motion [26] for a rule to show cause)" (PDF). ICANN. 2006-10-20. Archived (PDF) from the original on 2007-01-15. Retrieved 2007-02-04.
  33. "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". Cheaphostingdirectory.com. 2006-10-30. Archived from the original on 2007-09-29. Retrieved 2006-02-04.
  34. Masnick, Mike (16 June 2010). "Spammer's $11 Million Win Against Anti-Spammer Spamhaus, Reduced To $27,000". techdirt.com. Archived from the original on 22 June 2010. Retrieved 23 November 2010.
  35. "Case 1:06-cv-03958 - Document 242 - Filed 06/11/10" (PDF). Retrieved 3 April 2013.
  36. " Appeals judges berate spammer for "ridiculous," "incompetent" litigation" Archived 2017-02-27 at the Wayback Machine , Timothy B. Lee, June 14, 2011, artechnica.com
  37. Jenkins, Quentin (5 September 2009). "Spamhaus Victory in Final Appeal in E360 Case". The Spamhaus Project. Archived from the original on 3 May 2014. Retrieved 5 July 2013.
  38. "e360 Has Gone Bust" . Newsgroup:  news.admin.net-abuse.email. Archived from the original on 2012-11-07. Retrieved 2009-05-06.
  39. 1 2 3 "Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at Nic.at". spamhaus.org. Archived from the original on 2019-02-13. Retrieved 2019-02-12.
  40. 1 2 "Spamhaus.org setzt Österreichs Domainverwaltung unter Druck" (in German). heise.de. 19 June 2007. Archived from the original on 1 July 2007. Retrieved 22 July 2007.
  41. Sokolov, Daniel AJ (21 June 2007). "Nic.at weist Spamhaus-Darstellung zurück" [Nic.at rejects Spamhaus' statement]. heise online (in German). Heinz Heise. Archived from the original on 23 October 2012. Retrieved 25 January 2019. German: Die DNS-Provider der Domains haben die Einträge gelöscht., lit. 'The DNS providers of the domains deleted the domain entries.'
  42. "Spamhaus: We Blocked Google Docs Not Gmail". Softpedia. 20 August 2010. Archived from the original on 22 August 2010. Retrieved 21 August 2010.
  43. "Open DNS Resolver Project". Archived from the original on 2013-03-27. Retrieved 28 March 2013.
  44. "Deep Inside a DNS Amplification DDoS Attack" (blog). CloudFlare. 30 October 2012. Archived from the original on 28 March 2013. Retrieved 28 March 2013.
  45. 1 2 3 Eric Pfanner; Kevin J. O'Brien (29 March 2013). "Provocateur Comes Into View After Cyberattack". The New York Times. Archived from the original on 30 March 2013. Retrieved 30 March 2013.
  46. "Spamhaus' Blackmail War". CyberBunker. Archived from the original on 22 June 2013. Retrieved 23 June 2013.
  47. 1 2 3 4 Markoff, John; Nicole Perlroth (27 March 2013). "Firm Is Accused of Sending Spam, and Fight Jams Internet". The New York Times . Archived from the original on 28 March 2013. Retrieved 27 March 2013.
  48. "The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)" (blog). CloudFlare. 20 March 2013. Archived from the original on 27 March 2013. Retrieved 27 March 2013.
  49. P. Ferguson; D. Senie (May 2000). "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing". The Internet Engineering Task Force (IETF). Archived from the original on 27 February 2010. Retrieved 28 March 2013.
  50. John Markoff; Nicole Perlroth (27 March 2013). "Attacks Used the Internet Against Itself to Clog Traffic". The New York Times. Archived from the original on 28 March 2013. Retrieved 28 March 2013.
  51. Nichole Perlroth (29 March 2013). "Devices Like Cable Boxes Figured in Internet Attack". The New York Times. Archived from the original on 30 March 2013. Retrieved 30 March 2013.
  52. 1 2 "Global internet slows after 'biggest attack in history'". BBC. 27 March 2013. Archived from the original on 31 May 2018. Retrieved 20 June 2018.
  53. "The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)" (blog). CloudFlare. March 20, 2013. Archived from the original on March 27, 2013. Retrieved March 27, 2013.
  54. KrebsOnSecurity (13 May 2013). "Conversations with a Bulletproof Hoster, STOPhaus v Spamhaus". Krebs on Security. Archived from the original on 9 June 2013. Retrieved 24 June 2013.
  55. Nicole Perlroth (26 April 2013). "Dutch Man Said to Be Held in Powerful Internet Attack". The New York Times. Archived from the original on 27 April 2013. Retrieved 15 May 2013.
  56. Paganini, Pierluigi (November 16, 2016). "Hacker behind Spamhaus attack will not spend any time in the jail". Security Affairs. Archived from the original on April 17, 2024. Retrieved April 17, 2024.
  57. Martin Bentham (26 September 2013). "London schoolboy secretly arrested over 'world's biggest cyber attack'". London Evening Standard. Archived from the original on 26 September 2013. Retrieved 26 September 2013.
  58. "Ames & anor v The Spamhaus Project Ltd & anor, Reference [2015] EWHC 127 (QB)" (PDF). 5rb.com. 27 January 2015. Archived (PDF) from the original on 25 October 2016. Retrieved 25 October 2016.
  59. Linford, Steve (12 June 2015). "Case Dismissed: Ames & McGee v The Spamhaus Project". The Spamhaus Project website. Archived from the original on 25 October 2016. Retrieved 25 October 2016.
  60. "Cour d'appel d'Aix-en-Provence - RG n° 21/10553". www.courdecassation.fr. 8 September 2022. Retrieved 2025-01-29.{{cite web}}: CS1 maint: url-status (link)

See also

Related Research Articles

<span class="mw-page-title-main">Domain name</span> Identification string in the Internet

In the Internet, a domain name is a string that identifies a realm of administrative autonomy, authority or control. Domain names are often used to identify services provided through the Internet, such as websites, email services and more. Domain names are used in various networking contexts and for application-specific naming and addressing purposes. In general, a domain name identifies a network domain or an Internet Protocol (IP) resource, such as a personal computer used to access the Internet, or a server computer.

A Domain Name System blocklist, Domain Name System-based blackhole list, Domain Name System blacklist (DNSBL) or real-time blackhole list (RBL) is a service for operation of mail servers to perform a check via a Domain Name System (DNS) query whether a sending host's IP address is blacklisted for email spam. Most mail server software can be configured to check such lists, typically rejecting or flagging messages from such sites.

A whitelist or allowlist is a list or register of entities that are being provided a particular privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied, unrecognized, or ostracized.

Various anti-spam techniques are used to prevent email spam.

<span class="mw-page-title-main">Steve Linford</span> CEO of The Spamhaus Project

Stephen John "Steve" Linford is a British entrepreneur and anti-spam campaigner best known for founding The Spamhaus Project.

<span class="mw-page-title-main">Email spam</span> Unsolicited electronic advertising by email

Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoidable, and repetitive. Email spam has steadily grown since the early 1990s, and by 2014 was estimated to account for around 90% of total email traffic.

In computer networks, a reverse DNS lookup or reverse DNS resolution (rDNS) is the querying technique of the Domain Name System (DNS) to determine the domain name associated with an IP address – the reverse of the usual "forward" DNS lookup of an IP address from a domain name. The process of reverse resolving of an IP address uses PTR records. rDNS involves searching domain name registry and registrar tables. The reverse DNS database of the Internet is rooted in the .arpa top-level domain.

Leonid Aleksandrovitch Kuvayev, who usually goes by the name of Leo, is a Russian/American spammer believed to be the ringleader of one of the world's biggest spam gangs. In 2005, he and six business partners were fined $37 million as a result of a lawsuit brought by the Massachusetts attorney general. It was found that they were responsible for millions of unsolicited e-mails per day. According to Spamhaus he could be the "Pharmamaster" spammer who performed a denial-of-service attack (DDoS) against the BlueSecurity company. Kuvayev is also behind countless phishing and money mule recruiting sites hosted on botnets. He has been called a "spam czar", and a "virtual criminal".

SpamCop is an email spam reporting service, allowing recipients of unsolicited bulk or commercial email to report IP addresses found by SpamCop's analysis to be senders of the spam to the abuse reporting addresses of those IP addresses. SpamCop uses these reports to compile a list of computers sending spam called the "SpamCop Blocking List" or "SpamCop Blacklist" (SCBL).

SORBS was a list of e-mail servers suspected of sending or relaying spam. It had been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users.

<span class="mw-page-title-main">Bulletproof hosting</span> Internet service for use by cyber-criminals

Bulletproof hosting (BPH) is technical infrastructure service provided by an Internet hosting service that is resilient to complaints of illicit activities, which serves criminal actors as a basic building block for streamlining various cyberattacks. BPH providers allow online gambling, illegal pornography, botnet command and control servers, spam, copyrighted materials, hate speech and misinformation, despite takedown court orders and law enforcement subpoenas, allowing such material in their acceptable use policies.

<span class="mw-page-title-main">CyberBunker</span> Former Internet service provider

CyberBunker was an Internet service provider located in the Netherlands and Germany that, according to its website, "hosted services to any website except child pornography and anything related to terrorism". The company first operated in a former NATO bunker in Zeeland, from which it got its name, and later in another former NATO bunker in Traben-Trarbach, Germany. Sven Olaf Kamphuis referred to CyberBunker as the Republic of CyberBunker and referred to himself as the Minister of Telecommunications and Foreign Affairs.

The Abusive Hosts Blocking List (AHBL) was an internet abuse tracking and filtering system developed by The Summit Open Source Development Group, and based on the original Summit Blocking List (2000–2002). Its DNSBLs were shut down on Jan 1, 2015 and now appear to be blacklisting the entire Internet.

In networking, a black hole refers to a place in the network where incoming or outgoing traffic is silently discarded, without informing the source that the data did not reach its intended recipient.

SURBL is a collection of URI DNSBL lists of Uniform Resource Identifier (URI) hosts, typically web site domains, that appear in unsolicited messages. SURBL can be used to search incoming e-mail message bodies for spam payload links to help evaluate whether the messages are unsolicited. For example, if http://www.example.com is listed, then e-mail messages with a message body containing this URI may be classified as unsolicited. URI DNSBLs differ from prior DNSBLs, which commonly list mail sending IP addresses. SURBL is a specific instance of the general URI DNSBL list type.

Not Just Another Bogus List (NJABL) was a DNS blacklist.

<span class="mw-page-title-main">Blacklist (computing)</span> Criteria to control computer access

In computing, a blacklist, disallowlist, blocklist, or denylist is a basic access control mechanism that allows through all elements, except those explicitly mentioned. Those items on the list are denied access. The opposite is a whitelist, allowlist, or passlist, in which only items on the list are let through whatever gate is being used. A greylist contains items that are temporarily blocked until an additional step is performed.

Email spammers have developed a variety of ways to deliver email spam throughout the years, such as mass-creating accounts on services such as Hotmail or using another person's network to send email spam. Many techniques to block, filter, or otherwise remove email spam from inboxes have been developed by internet users, system administrators and internet service providers. Due to this, email spammers have developed their own techniques to send email spam, which are listed below.

<span class="mw-page-title-main">Response policy zone</span> Internet firewall mechanism for DNS

A response policy zone (RPZ) is a mechanism to introduce a customized policy in Domain Name System servers, so that recursive resolvers return possibly modified results. By modifying a result, access to the corresponding host can be blocked.

easyDNS Technologies Inc. is a Canadian Internet service provider which supplies DNS and web hosting services and operates a mail service called EasyMail. The company is headquartered in Toronto, Ontario.

References

    This page is based on this Wikipedia article
    Text is available under the CC BY-SA 4.0 license; additional terms may apply.
    Images, videos and audio are available under their respective licenses.