back to article Deluge of of entries to Spamhaus blocklists includes 'various household names'

Spam-tracking service Spamhaus reported Tuesday that some of the world's biggest brands are getting loose with their email practices, causing its spam blocklists (SBL) to swell significantly. "Our researchers are observing mail being repeatedly sent to multiple mailboxes that have NEVER accepted one single message from the …

  1. Kevin McMurtrie Silver badge
    Facepalm

    IT much?

    It's amusing when somebody screams about Spamhaus being a corrupt shadowy net traffic overlord conspiracy because they're blocked without ANY spam being sent, but they're outsourcing e-mail to a 3rd party. Quoted Tweeter #1 is outsourcing mail to the global king of phishing, Google. Tweeter #2 is complaining about Spamhaus without being listed on Spamhaus so I'm not sure what the actual complaint is.

    Spamhaus is an opt-in feature on the receiving end. It's used because people like it.

    1. boblongii

      Re: IT much?

      I ran my own email server for years but I gave up in the end because Spamhaus kept blocking basically any email coming from my ISP's range. I had a static IP from them and I had SPF records set up and never sent any spam, just normal work and family & friends emails. But I got blocked anyway.

      So, yeah, fuck 'em.

      1. Anonymous Coward
        Anonymous Coward

        Re: IT much?

        I had similar problems with Spamhaus. It took an age to get unblocked and there was never any evidence to support their reasons for blocking.... No-one else was blocking our email servers, we sent very few e-mails and in the end some of our clients setup email accounts with providers who weren't using Spamhaus in order to continue working.

        This was some years ago so perhaps it's better now and I haven't had any problems with them for several years now.....

        I appreciate that it's a sad reality that we need services like Spamhaus and I even use them myself but it's a huge pain in the doodahs when you get in their bad books through no fault of your own with no way to get out.....

        1. original_rwg
          Happy

          Re: IT much?

          I too run my own mail server and when my I ended up on a blocked list it was because the smarthost I was using was the offending spam-merchant. I stopped using the smarthost and set up an SPF record but some months later got on to a Spamhaus blocklist because my fixed IP was not on their list of 'authorised mail senders' (Who knew there was one?).

          Getting myself removed was relatively simple. Their unblocking service web page had an option to select if you run your own mail server. I chose that and within a few hours I could send mail again.

          1. NATTtrash

            Re: IT much?

            Getting myself removed was relatively simple.

            With everything said about Spamhaus, it is good to highlight this too.

            Then again, let's also make a remark about the other side of the coin. Every noticed that, if you mark these annoying emails from Microsoft (or something similar, hotels, car rental, Amazon) about "Hey look what the others on SharePoint have been saying" as the junk it is, it never is blocked or send to your Junk folder?

      2. Anonymous Coward
        Anonymous Coward

        Re: IT much?

        I've have my own email server for a couple of decades, and SpamHaus delisting has always been very straightforward and fast. My single IP address was easily taken out of my ISP's block.

        Google and Microsoft were comparatively much more difficult.

      3. Anonymous Coward
        Anonymous Coward

        Re: IT much?

        Spamhaus blocks IPs ISPs declare as assigned to consumer internet connections, even if you get a static one. But they are listed in the PBL - not the SBL. If someone is using that, or the ZEN blacklist that also contains the PBL, you will be blocled.

        You have to ask explicitly to ask them to delist the IP. See https://www.spamhaus.org/pbl/

      4. Diogenes8080

        Re: IT much?

        Assuming the problem isn't a difference of opinion over what constitutes spam (and that definition is a spectrum running from valid _recent_ prior relationships through many shades to the clearly criminal) then the reasons a sender can end up on an IP blocklist like Spamhaus are:

        - the sender's monitor isn't effective and at some point someone /is/ sending spam via the IP

        - the sender's system can be abused to bounce spam back to a spoofed third party

        - the IP is shared

        - the service provider does harbour and rotate questionable senders, and a block has been escalated

        Remember that if Spamhaus or any other major bureau is listing your IP, other system administrators are looking and taking action. I'll happily drop a /16 and accept some collateral damage if it's in the best interest of my recipients.

    2. Phones Sheridan Silver badge

      Re: IT much?

      What I can’t understand is how this is a story. When will Ms Dobberstein write a follow up “spammers try to get Spamhaus cancelled on Twitter (and we write an article about it). Fails miserably”

  2. cantankerous swineherd

    accor hotels are on there I hope. never using them again.

  3. Anonymous Coward
    Anonymous Coward

    Lack of feedback

    One of my clients was blocked on Tuesday and we can find no evidence of any spam being sent, either on the mail server itself, on in the NAT sessions list on the firewall.

    If they just included the sender and the subject of the offending email, or the message id, or some bit of info that would help narrow it down it would help enormously.

    In this particular case there was only a handful of people in the office but it still wasted hours of our time in investigating potential sources.

    1. boblongii

      Re: Lack of feedback

      "In this particular case there was only a handful of people in the office but it still wasted hours of our time in investigating potential sources."

      Well, there you have it - Spamhaus's time wasn't wasted, so why would they care?

    2. VoiceOfTruth

      Re: Lack of feedback

      -> we can find no evidence of any spam being sent

      Did you read the link in the article? Here's a quote: "Our researchers are observing mail being repeatedly sent to multiple mailboxes that have NEVER accepted one single message from the sender."

      Perhaps you or your clients have a mailing list which has a lot of dead email addresses on it. I have seen this personally many many time.

      1. Jellied Eel Silver badge

        Re: Lack of feedback

        Did you read the link in the article? Here's a quote: "Our researchers are observing mail being repeatedly sent to multiple mailboxes that have NEVER accepted one single message from the sender."

        Seems to me to be the very definition of unsolicited commercial email. Plus the policy change has been effective because it's raised awareness, despite spam (not Spam) being probably still the #1 most hated feature of the Internet.

        Personally, I'd like to see them add a rule to auto block any company that uses 'noreply@' or 'donotreply@' as a return address. I rather doubt spammers (ie any of the many 'respectable' corporates) bother to monitor those mailboxes. Fortunately, we can still write our own rules.

        1. Anonymous Coward
          Anonymous Coward

          Re: Lack of feedback

          "auto block any company that uses 'noreply@' or 'donotreply@' as a return address."

          Many financial institutions, local, state, and federal dep'ts use such a return address.

          1. Jellied Eel Silver badge

            Re: Lack of feedback

            Many financial institutions, local, state, and federal dep'ts use such a return address.

            And? The point is they shouldn't, especially when it's unsolicited and frequent. If the To: address is invalid, the email will bounce to that address anway. But if you've got your own mail setup, just rewrite the address to ceo@, sales@ and marketing@ and see if they gain clue. It's generally pointless to try postmaster@, even though that's technically correct. They don't monitor that account because it gets 'too much email'.

            I wonder why?

            1. J. Cook Silver badge
              Flame

              Re: Lack of feedback

              And many, MANY, MANY automated processes use a 'no-reply' address as well, for small, unimportant things like:

              confirmation of a password change

              confirmation of account changes (address, contact information, etc.)

              the occasional confirmation of a purchase or shipment (technically, it should use something like a customer service queue, but some companies...)

              blocking those would probably be a bad idea, actually. and adding the company's entire domain because of it? HORRIBLE idea. I don't give a load of dingo's kidneys how easy it is to get removed from a blacklist, getting put on there because of this idea is an absolutely stupid idea and it would increase the legit email admin's workload rather a lot, along with sowing discontent from the company's userbase.

              1. Anonymous Coward
                Anonymous Coward

                Re: Lack of feedback

                > confirmation of a password change

                It costs nothing to have the admin responsible for the user database or customer support as the case might be, monitoring that mailbox.

                1. Helcat

                  Re: Lack of feedback

                  As ever, there is a cost as someone has to spend time (and occasionally effort) to monitor the email address. Just ask anyone who runs a help desk when they get issues sent in via email - each has to be read and processed.

                  There is a darn good reason to use 'do not reply' senders - automate alerts, or notifications such as the password or account change : These are information emails that you wouldn't expect a response to, yet may be hit by 'auto response' emails such as 'out of office' which would make monitoring for genuine responses much harder.

                  However, the content of the email should include instructions on how to reply if there is need that will notify the sender if there is an issue (the password reset notifications, for example - you might need to alert the sender that you haven't requested the reset and to start an investigation into a potential hack). I would argue there should be a response address in every such email, just in case it was sent to the wrong recipient. But that does not have to be the sender address.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: Lack of feedback

                    > As ever, there is a cost

                    Yes, and you're asking the hapless recipient to for the bill.

                    > These are information emails that you wouldn't expect a response to

                    You might need to adjust your expectations.

                    > yet may be hit by 'auto response' emails such as 'out of office'

                    Have you heard of Sieve?

                    > which would make monitoring for genuine responses much harder.

                    You seem to have missed the part where I mention that I have actual operational experience with this, going back many years.

                    Based on my *actual* experience, it doesn't cause any significant overheads and is very well received by end users who feel someone actually cares about them.

                    Of course if your organisation is incompetent, you'll manage to make a hash of it one way or another.

                    > I would argue there should be a response address in every such email, just in case it was sent to the wrong recipient. But that does not have to be the sender address.

                    Any more terrible ideas you'd like to share?

                    Just let people hit reply and get in touch with the right person on your end. If you don't know how to do it, find someone to assist. It's not rocket science, and I speak from experience.

                2. Cav Bronze badge

                  Re: Lack of feedback

                  "It costs nothing to have the admin responsible for the user database or customer support as the case might be, monitoring that mailbox."

                  Tell me you have no clue what it would actually cost without telling me...

            2. Cav Bronze badge

              Re: Lack of feedback

              Another ridiculous comment.

              I create literally hundreds of automated processes that send out alerts using noreply. Recipients need to put a ticket into the help desk system not be emailing issues at all hours to people who may be on leave. By submitting a ticket to the system anyone able to help will do so, once the ticket is assigned to the correct team. And why don't we use the team's email in the automated message? Because it gets spammed by suppliers and filled with inquiries from users who can't be bothered to contact the correct team! You then tie up team members having to wade through junk and forward emails to the correct department. Noreply is valid and the only sane way to proceed. This is an alert or a simple serving of information etc. If you need to contact someone, find the correct person to do so.

              The problem is that the world is full of spammers and idiots. Sales would be inundated with finance questions, marketing would receive emails concerning build maintenance etc, etc, because idiots don't check who they are emailing. And all of those accounts you list would be constantly filled with junk from spammers trying to sell crap, relevant or not.

              Seriously, I do wonder if half the people commenting actually do work in an IT field.

              1. Anonymous Coward
                Anonymous Coward

                Re: Lack of feedback

                > Seriously, I do wonder if half the people commenting actually do work in an IT field.

                Indeed. And I wonder about the competence level of those who do.

                The scenario that you describe is that of a hapless organisation, and/or one that treats its customers with contempt. The problems that you describe are of an organisational, not technical, nature.

                I'm starting to think that there might be a business opportunity offering half arsed organisations real solutions that are efficient and customer friendly. Unfortunately, half arsed organisations are often unable to appreciate that they have a problem at all.

              2. J. Cook Silver badge
                Pint

                Re: Lack of feedback

                Indeed. We should stop feeding the trolls.

                Besides, it's friday and almost Pub-O-Clock.

              3. JimC

                Re: Seriously, I do wonder if half the people commenting actually do work in an IT field.

                Without casting aspersions on any commenter on this thread, I realised long ago that many posters on the reg have not worked in IT in a large organisation, simply because they display the preconceptions and naivety I possessed before I worked in a large IT department.

                There isn't really going to be a cure for that. Certainly wouldn't want the Reg to be restricted to large org pros. Submit it's usually best just to imagine yourself metaphorically patting them condescendingly on the head and move on. After all those who know a comment is ridiculous already know, and those who don't probably won't be educated by a 2 or 3 para comment. Pace XKCD, someone is always wrong on the Internet!

          2. Anonymous Coward
            Anonymous Coward

            Re: Lack of feedback

            > Many financial institutions, local, state, and federal dep'ts use such a return address.

            Misuse, you mean.

            I'm sure there must be a few valid scenarios for sending from unmonitored addresses, but I can't think if a single one.

            Even if email is being sent by a bot or other automated process (say, a build complete notification, account recovery link, change of T&Cs, …) someone somewhere has responsibility over the automation and should be easily reachable.

            All my bots (process automation, not mailing list / spam / shit like that) over the years have always used that was monitored by someone in a position to do something about things. I never found that to cause any problems, on the contrary.

            1. Cav Bronze badge

              Re: Lack of feedback

              Ridiculous. I create literally hundreds of automated processes that send out alerts using noreply. Recipients need to put a ticket into the help desk system not be emailing issues at all hours to people who may be on leave. By submitting a ticket to the system anyone able to help will do so, once the ticket is assigned to the correct team. And why don't we use the team's email in the automated message? Because it gets spammed by suppliers and filled with inquiries from users who can't be bothered to contact the correct team!

              1. John Brown (no body) Silver badge

                Re: Lack of feedback

                Is this for internal employees or is this for your entire customer base? How do you handle it when someone fat fingers something and you have automated emails going to someone who should not be getting them? How does that person raise a ticket?

                I had an issue with a bank sending me monthly statement notifications for someone else with enough PII in it to make it a GDPR issue. I had a hell of a time getting this bank to take notice of me as I am not a customer. No email addresses on their site, just a "Contact Us" form that had REQUIRED fields I could not completes, not being a customer and not having account information. The sales people dealing with new customers didn't seem interested enough to respond. I eventually got a response after I spammed various likely email addresses like security@ fraud@ etc suggesting they contact me ASAP or wait for a letter from the Ombudsman, ICO or FCA.

      2. Doctor Syntax Silver badge

        Re: Lack of feedback

        Did you read the bit in the OP which said "If they just included the sender and the subject of the offending email, or the message id, or some bit of info that would help narrow it down it would help enormously."

      3. Strahd Ivarius Silver badge
        Facepalm

        Re: Lack of feedback

        Did you read the link in the article? Here's a quote: "Our researchers are observing mail being repeatedly sent to multiple mailboxes that have NEVER accepted one single message from the sender."

        So you are saying that Spamhaus is able to read ALL my mails, whatever the account I used, to check if the FIRST mail I get from any sender is legit or not?

        Are they operated by the NSA?

      4. JohnGrantNineTiles

        Re: Lack of feedback

        It's not unknown for spam senders to spoof the "from"" address, in the same way that phone spammers spoof the calling number. For a while I got a lot of spam that apparently came from the person that preceded me in IANA's list of private enterprise numbers (a public list with e-mail addresses in clear).

  4. Doctor Syntax Silver badge

    I'm surprised they haven't been sued for libel if they're not prepared to justify listing.

    1. Zippy´s Sausage Factory

      Now you mention it, I do wonder why nobody's done this yet. Especially in the English courts, where that sort of thing can get very messy and very expensive very quickly.

      1. Anonymous Coward
        Anonymous Coward

        That's one of the reason they moved outside UK - to avoid spammers with big pockets (spammers do real money, or there wouldn't be so many) would try to break them just with lawyers expenses.

        Anyway Spamhaus is just a reputation service - no one is forced to use it, and those who do prefer it to the thousands of crooks that want to do easy money exploiting other resources.

        Actually it would be time to jail spammers (most of their mails are actually frauds) and seize all their ill-gotten money.

        1. Doctor Syntax Silver badge

          "Just" a reputation service?

          Being a reputation service is the core of the problem if, as some of these stories claim, besmirching reputations without good cause.

          It's no use saying no one is forced to use it - the use is at the discretion of the receivers. If someone is being wrongly accused by them of spamming they have no say at all in this.

          1. Anonymous Coward
            Anonymous Coward

            "besmirching reputations without good cause."

            It looks to me with very good causes - from my mail logs whatever is identifies as spam by Spamhaus is actual spam which is trying to reach my system and consume resources without any "good cause" to mail me. And people forced to waste their time to delete lots of unsolicited email is another "cood cause" to stop IPs sending it.

            I understand people who believe to make quick money by setting up some kind of "bulk mailing system" and utterly ignoring the **laws** that forbid spam utterly hate Spamhaus - but the fact that law enforcement agencies have not the time and resources to go after each of them because they break the law while trying to avoid detection means people will defend themselves in other ways.

            So, if your mail reputation is low - ask yourself why....

            1. Anonymous Coward
              Anonymous Coward

              Re: "besmirching reputations without good cause."

              > whatever is identifies as spam by Spamhaus is actual spam

              So their tests have acceptably high power, but that doesn't say anything about significance.

              In other words, how good is it at *not* classing legit emails as spam? That is what is being discussed here.

      2. spireite Silver badge

        The problem is that it gets very messy and expensive for the person/entity doing the suing as well.

    2. Jellied Eel Silver badge

      People have tried in the past, usually without much success because often the industry supports their efforts. Plus if you clearly state the rules for inclusion, I suspect it'd be hard to argue defamation, especially when the actual blocking/harm is done by other parties who want the service and to reduce spam.

      One of my proudest moments as a fledgling network engineer working for one of the largest global ISPs was about this. I used to monitor the net.abuse newsgroups for mentions of us, or our AS or IP ranges and spotted people complaining about open relays.

      Our sysadmins seemed disinterested, so I kicked it up the food chain muttering things about being a good neighbour, reputation damage etc and the relays were closed the next day. Then there was a nice post from one of the complainers saying they'd spoken with a neteng, and next day, the problem had stopped. And from an enlightened self-interest pov, so had the traffic levels on some very expensive transatlantic capacity.

      1. Doctor Syntax Silver badge

        "Plus if you clearly state the rules for inclusion, I suspect it'd be hard to argue defamation"

        And yet people are saying it is hard to argue. Just read the story and comments here where people are claiming they're being listed and not able to find out why when they can't work out what they're doing which is against the rules. In such a circumstance the obvious option for someone in that position is to force them into court to put up or shut up. If, as the article suggests, major corporations are getting blocked, then this is likely to happen.

        1. Jellied Eel Silver badge

          In such a circumstance the obvious option for someone in that position is to force them into court to put up or shut up. If, as the article suggests, major corporations are getting blocked, then this is likely to happen.

          Check this out-

          https://en.wikipedia.org/wiki/Sanford_Wallace

          In the late 1990s, his company, Cyber Promotions, aka Cyberpromo, was widely blacklisted as a source of unsolicited email. Wallace's high-profile pro-spam stance and unrepentant persistence earned him the derisive nickname 'Spamford'.

          Because his antics were a big reason why groups like Spamhaus came into being. And Wallace insisted he was a major, legitimate business. Industry played wack-a-mole with his entities trying to reduce the flow of spam. That also lead to pressure against 'spam friendly' ISPs and hosting companies, including blacklisting in an attempt to get those to take their ToS seriously.

          Sure, it can affect other customers of those providers, but how your ISP responds to potential blacklisting problems is also a pretty good test of their customer and tech support services. There have been downsides, eg customer complains their customer isn't getting their mail, so just fire off a test mail to 'thisisabouncetest@' and see if you get a reply back, which should show mail routing path. Or dig mx <domain>, telnet to port 25 and say HELO. If it didn't answer, it was probably because the receiver's mail server was down. Responses to the spam deluge eventually made those simple & handy tests impossible though.

          Ultimately it's still up to the recipient whether to block a domain, IP range or <whatever>. Net Neutrality might make it harder for ISPs in future though because some spammers.. I mean bulk email services already object to ISPs restricting their 'right' to free and unfiltered spamming.

    3. Charlie Clark Silver badge

      No case to answer

      It's certainly not libel: they are not making fraudulent or defamatory claims about people. Spamhaus is a data aggregation service, complete with T&Cs which other entities choose to use to filter e-mail. There is no guarantee of e-mail transmission anywhere.

      1. Doctor Syntax Silver badge

        Re: No case to answer

        LDS's comment hits the nail on the head. They're a reputation service. If they make decisions about reputations which impact on people they should be prepared to stand over them. There seem to be numerous complains that they're not doing that. It may be that their decisions are 100% justified but if so why not explain them?

        1. Anonymous Coward
          Anonymous Coward

          Re: No case to answer

          Explaining too much about how they identify spam would help spammer trying to avoid that. Spamtraps do work because you don't know where they are.

          This article is exactly about some know entities sending bulk emails to addresses that should not receive them.

          I saw that in my logs too - old, defunct addresses still receiving mails - the server do answer those addresses do not exist still those sending never take the time to clean their lists.

          I used to have a "catchall" mailbox to get those messages, but had to remove it because the time wasted to check in the thousands of spam messages was not worth the chance that anything useful could be sent there.

          1. Anonymous Coward
            Anonymous Coward

            Re: No case to answer

            What he said ^

            I've seen the same things on my own mail server. Spamming is clearly something they all learn in business school, and as a result they are invariably pissed when their victims protest.

            I just had "the talk" with a (legit) business which had all of a sudden decided we wanted their new weekly newsletters. Their excuse was something along the lines of "What? This is not spam, it is our precious high quality marketing material! We want what's best for you!". Obviously you can't argue with self-absorbed jerks like that, so it's off to the blocklist for you me sweeties.

        2. VoiceOfTruth

          Re: No case to answer

          Nobody is compelled to use Spamhaus' service. Spamhaus' logic and reason are explained on its web site.

          1. stungebag

            Re: No case to answer

            That's good. So please explain how a mail sender opts out of Spamhaus' service. For the absence of doubt I'm not talking about deliberate spammers, just somebody who, for instance, finds themselves sending from a listed IP block because somebody using their ISP so smarthost has managed to screw up (or got compromised).

            1. This post has been deleted by its author

            2. VoiceOfTruth

              Re: No case to answer

              Speak to your ISP and ask them why they had such lack policies that allowed or caused this to happen. If you don't get a suitable reply, move to a more reputable ISP.

            3. Anonymous Coward
              Anonymous Coward

              Re: No case to answer

              Why a sender should opt-ouf from a receiver decision? When you send a mail to me you are entering my private space and using my resources, so it's me that decides what goes through and what doesn't. Do you allow random people decide they can enter your house to show you their merchandise?

              If you have problems with a blacklist you have to ask your ISP to contact Spamhaus - unless you are your own ISP with a valid ASN, etc.

              If your ISP does nothing, that's probably the reason Spamhaus blacklisted it - it got spam complains and decided to do nothing as well - because, you know, money.

            4. Phones Sheridan Silver badge

              Re: No case to answer

              You’re asking “how does a mail sender opt out of Spamhaus’s service”. That’s easy. The answer is you ask the recipient to whitelist you, because the recipient’s mail server is blocking you, not Spamhaus.

        3. Charlie Clark Silver badge

          Re: No case to answer

          It's analogous to the credit rating services such as Moodys: they're is no recourse on their assessment either.

  5. Anonymous Coward
    Anonymous Coward

    I've had problems with them for years. One of my clients who is an international film house and distributor was trying to email Channel 4 from their dedicated server and it wasn't going through (this was almost 20 years ago). Just disappearing into the ether. The server was thoroughly checked and there were no breaches or spam being sent. In the end Spamhaus had blocked an entire range (not just a block) because of one offending IP. This just seems draconian at best. It's akin to blocking a whole council estate because of what is happening in one house in a set of huge tower blocks.

    I get why server admins use Spamhaus, but they must miss A LOT of genuine communication by doing so. Seems more trouble than it's worth to be honest.

    1. Anonymous Coward
      Anonymous Coward

      Except what you describe has nothing to do with SpamHaus: they do not make email vanish.

      The mail admin of Channel 4 did, and their decision to not provide a bounce to the sender goes against SpamHaus recommendations. My server sends a bounce, it includes a link, just click on it to get an explanation and how to get the IP out of the list.

      1. luminous

        Errr yes it does. They blocked the entire subnet mask for ONE offending IP. Channel 4 did not do that. Channel 4 did decide to use Spamhaus, but it's Spamhaus who blocked the mask for one offending IP. Why can't they just block the one offending IP?

        1. Anonymous Coward
          Anonymous Coward

          Probably that great company has chosen a cheap ISPs that was sending out a lot of spam. Lately I was receiving a lot of showshoe spam from IPs all relating to Serverion BV - a Netherlands company who looks to be very, very spam friendly. Such companies do deserve to have whole IP blocks listed, and their customers if legitimate ones need to choose a better ISP.

          1. Doctor Syntax Silver badge

            "their customers if legitimate ones need to choose a better ISP."

            This is victim blaming. How do they find out why they're being blocked to know to choose a better MSP and how do they find out who's better.

            I have no sympathy whatsoever for spammers but care needs to be taken avoid collateral damage.

            1. Anonymous Coward
              Anonymous Coward

              No, this is not victim blaming - the victim is always who gets so much spam overloading its system. It's good practice to check the reputation of IPs assigned to you, before using them for anything important, if you don't own your ones (and if your are really a big firm you should own your ones), If their reputation is bad you should ask your ISP "WTF?", and ask them to be changed. You should also check for your ISP reputation - there are those known to be crooks friendly. After all, don't you check the reputation of other suppliers? Or buying shady goods is OK for you because it is cheaper?

              My mail servers do answer you're being blocked because your are in a specific blacklist. But I don't get millions of spam messages per day.

              Large systems which may hit by millions of spam messages may decide to drop the connection as soon as the IP is identified as bad because that saves resources.

              Some worst offenders may be blocked at the firewall level. I'm blocking several IP blocks from ISPs that looks to actively help snowshoe spammers, letting them change IP blocks quickly.They won't receive an error message.

          2. stungebag

            I got on the list because I was using Demon Internet. An early and clued-up ISP. The idea that it's your fault for using a dodgy ISP is plain stupid.

            1. X5-332960073452
              FAIL

              Err, you were using Demon, an ISP that had many open SMTP relays in the early day, and wonder why they ended up on a spam block list?

        2. Jellied Eel Silver badge

          Errr yes it does. They blocked the entire subnet mask for ONE offending IP. Channel 4 did not do that.

          That's often a CIDR thing. Unless C4 was only assigned a /32, the safest way to solve the problem, or at least make sure the company was aware of a problem would be to block any/all netblocks assigned to that company. Problem of course is that assumes the 'spammer' actually had their own assignment(s), but if they did, they should also have been aware of RIPE (etc) rules regarding abuse and abuse contact details.

        3. Charlie Clark Silver badge

          For a while I had problems with e-mail being blocked. This was due to IP addresses from the ISP being blocked having being compromised. It was annoying not only because I wasn't running a server, but I was always able to get the IP unblocked fairly quickly. Haven't hard problems since the ISP went IPv6, though I did recently have a struggle with Google re. SPF records.

        4. iron Silver badge

          No they didn't. Are you proposing that Spamhaus has full control of Channel 4's internet?

          Spamhaus published a list that said the offending addresses were guilty of being a bad Internet neighbour.

          Channel 4 used that list to block you.

          1. Doctor Syntax Silver badge

            That list affected the reputation of the entire ISP of MSPs customers, innocent as well as guilty. That is wrong.

            1. stiine Silver badge

              By whom? Spamhaus or Channel 4? I'd suggest Channel 4.

              1. luminous

                It wasn't C4 that was blocked, it was our server. We had a dedicated server with a dedicated IP. Spamhaus' systems, at least back then, do not allow a whitelisting of an IP if it is within a subnet mask that has been blocked. This is an innocent user being blocked because of other people's actions on other IP addresses. We were with Aplus.net in 2003 (I know, my early days of experience with hosting), but still, this system seems too draconian.

                The twitter user in the article seems to have Google as his email provider. His website is hosted elsewhere, the domain has been blocked by Spamhaus because the server or subnet it is on has some bad actors, and now his emails are blocked because his domain is in the email headers. This seems just too much...

                1. Anonymous Coward
                  Anonymous Coward

                  Spamhaus may escalate listings if the ISP is really bad at spamming. The ISP abuse contacts are notified - if they do nothing and the issue become huge then bad things might happen.

                  See https://www.spamhaus.org/sbl/policy/ - Escalation listing. Today Spamhaus may escalate more carefully than in the past, but it still can happen.

                  Too many ISPs are reluctant to kick spammers out of their networks - spammers do pay and are ready to buy a lot of resources to get their spam through, "pecunia non olet".

                  You may buy a single host and a single IP, spammers are ready to pay for tens or hundreds of them, and change them quickly.

                  It's spammers that created a damage to you, and the ISP doing nothing - not Spamhaus.

                  If a whole city zone becomes dangerous, do you go there just because there's a good restaurant? Could the restaurant complain it is losing customers because people tell "hey, be careful to go there, it's dangerous!" And would you open a restaurant there? Who is the culprit, people not going there and telling others to avoid it, or the crooks that made the area dangerous, and the local authority doing nothing?

                  1. luminous

                    Yeah... but hang on... Spamhaus' policy is that if there is one bad restaurant in the whole city, then the whole city is dangerous... no... I can avoid the red light district or port areas at night quite easily and go to the safe areas instead. Why not just block the bad areas? Too many good places get caught in the crossfire. And some of these are businesses that suffer real damage with a Spamhaus block, like lost sales and customers. The emails don't work and they just get frustrated and go elsewhere.

                    1. DryBones

                      And we're right back to the company using SpamHaus not providing a bounce email like SpamHaus recommends. Again, not SpamHaus.

                      1. Anonymous Coward
                        Anonymous Coward

                        Again, if Spamhaus blocks a full range when one (1) IP is sending spam, it is Spamhaus responsibility.

                        If they are not technically proficient enough to block one (1) IP, they should stop their business.

                    2. Anonymous Coward
                      Anonymous Coward

                      A netblock blacklisted doesn't mean the whole ISP is blacklisted - as an ISP usually has several ones, unless it's very, very small. Of course if you're in one of that netblocks you won't be happy.

                      For the matter, many large ISPs have netblocks with bad reputations, because they were abused. Here if you open more than a PPPoE connection with the largest ISP, you will probably get an IP from blocks with bad reputation but for the first one. Being able to establish more than one PPPoE connection is a sort of courtesy, so users can't complain much.

                      But there are even ISPs so dedicated to spam and other unlawful activities - so called bullet-proof hosting they can cause big escalations - after Sodom and Gomorrah caused a full escalation too...

                      I've seen myself recently a spammer able to spam from most blocks assigned to an ISP - up to the point I blocked them all myself because they were sending very nasty spam. Messages sent to the abuse address were utterly ignored.

    2. katrinab Silver badge
      Unhappy

      I had to disable them because they seem to be blocking literally everything right now:

      katrina@aoki:~$ host 1.0.168.192.zen.spamhaus.org

      1.0.168.192.zen.spamhaus.org has address 127.255.255.254

      1. Anonymous Coward
        Anonymous Coward

        1.0.168.192.zen.spamhaus.org has address 127.255.255.254

        That is en error code. See:

        https://www.spamhaus.org/faq/section/DNSBL%20Usage#200

        You can't query Spamhaus lists from an "open" DNS server, like your ISP, or Google/Cloudflare, etc.

        You need your own DNS server - because free use has a limit of query, and they check which DNS does them.

    3. VoiceOfTruth

      -> In the end Spamhaus had blocked an entire range (not just a block) because of one offending IP

      I'll give you my take on this. On our servers, we have never seen even one legitimate email from Linode or Digital Ocean IP addresses. Not a single one. Nor did we ever see any legitimate traffic at all.

      What we do see (or did see) practically every day was script kiddie level scanning for vulnerabilities from IPs in those ranges. Should we keep adding their IPs one at a time, in the kind of certainty where I would put £1,000 on it that we would get more bad traffic from more of their IPs in the coming days? Or did we take the blunt instrument and block all traffic from those IPs completely and stop wasting our time on it? I'll let you decide the answer.

      I don't know what Spamhaus' practice was, as you say, about 20 years ago. Perhaps they had other reasons.

      1. simkin

        I do have legit servers on Linode

        But they send mail out through a commercial legit relay service that I pay a small amount to. Because yeah, Linode IP space is full of crud.

        1. Doctor Syntax Silver badge

          Re: I do have legit servers on Linode

          Of course you know to have emails originating from your legit relay. What t about someone not in the industry who doesn't know better trying to operate something legit from one of these ISPs? Is it right that they should suffer because of the service's other users?

          1. simkin

            Re: I do have legit servers on Linode

            If you're not "in the industry" you probably shouldn't be running an email server on the modern Internet. Sorry, but it's no longer for amateurs.

      2. Dr Paul Taylor

        legitmate email from Linode

        My website & email are on shared hosting that is itself hosted on Linode.

        I have a collaborator whose personal website is also (directly) hosted on Linode.

        We are both respected academics.

        I don't know who you are and probably have never had cause to send you emails, but it is ridiculous to suggest that all email from Linode addresses is spam.

        For me, having my own domain that is not under the control of Google, Microsoft, Apple, Facebook etc is an important democratic right in Cyberspace.

        Yet increasingly my emails (most of them typed by hand and addressed personally to colleagues and friends) are vanishing because those tyrants want to control my life.

        At least Spamhaus has a list that the public can query and correct - some sort of Due Process. The Internet tyrants work entirely in secret.

    4. Peter2 Silver badge

      I get why server admins use Spamhaus, but they must miss A LOT of genuine communication by doing so. Seems more trouble than it's worth to be honest.

      As with everything, it depends on how you use it. My anti spam filtering solution gives messages a score, and predefined things happen with certain score ranges. (eg, deliver to mailbox, quarantine, delete outright)

      Personally I do use Spamhaus, but the score imparted is just over that of quarantining just on the basis of being listed.

      However, you also get points deducted for using certain words, so a legitimate email containing words commonly used in our industry would get it through the spam filter despite being listed. An email not containing such words, and containing spammy words such as "unsubscribe", "viagra", etc etc etc would remain in quarantine, unless it pushed the score up to the point that it's deleted outright.

    5. Kevin McMurtrie Silver badge

      Email should never disappear. That's a serious configuration error.

      Mine refuses to accept delivery of spam. If any email to me vanishes, it's the sender's fault. I'm looking at you, SendGrid.

  6. Anonymous Coward
    Anonymous Coward

    One constant that never changes

    Spammers never say they send spam. They send "business emails", "customer engagement communication" or some such BS euphemism.

    In their own eyes, they're always inmocent victims of Big Bad Evil DNSRBL.

  7. VoiceOfTruth

    I agree with Spamhaus' reasoning

    -> Our researchers are observing mail being repeatedly sent to multiple mailboxes that have NEVER accepted one single message from the sender

    We don't use Spamhaus personally, but this justification is 100% hitting the nail on the head. There are certain old mailboxes on our mail servers, they have not been used for more than 18 years. We still see practically daily attempts at sending email to these mailboxes, often from supposedly "reputable" sources. They are always bounced with "Recipient address rejected: User unknown". Yet still these attempts come in. So while Spamhaus is a bit of a blunt instrument, its reasoning is sound.

    1. Anonymous Coward
      Anonymous Coward

      Re: I agree with Spamhaus' reasoning

      If the mail addresses exist, how do you get a "user unknown"?

      And why keep alive mailboxes that are have not been used for 18 years?

      1. VoiceOfTruth

        Re: I agree with Spamhaus' reasoning

        These are mailboxes which used to exist (> 18 years ago). To prevent reuse of the same email addresses the mailboxes still exist, but you can't use the email address - it is forever unique. Imagine JoeBloggs@somewhere.not some time in the past (even years ago). That account is long dead. A new user cannot sign up JoeBloggs@somewhere.not.

        The dead mailboxes only exist as entries in a database. There is nothing on disk. You can't send anything to them, you can't sign in using them.

  8. sitta_europea Silver badge

    A vote for Spamhaus.

    There seems to be a lot of anecdote here, some of it evidence of twenty-year-old grudges.

    Of the approximately fourteen DNSBLs that I use, Spamhaus is one of the very best and has been for many years.

    If it's listed by Spamhaus then it's because there's a *big* problem. They try really hard not to list big CIDR blocks but sometimes it's inevitable because the service providers are such tossers. For example, years ago, they listed a British Telecom IP4 /11 after trying for ages to get BT to take any notice when they were told of the problems they were causing. After the listing BT quickly took action, what a pity they were such plonkers in the first place. A step like that might mean there's some collateral damage but most of the time as a result of the conservative policies it's minimal. My feeling is that, if anything, Spamhaus policies are too conservative. I'd be pleased to see more pressure on both the incompetent and the downright anti-social providers. Spamhaus doesn't even list most of the Google and Microsoft spam sources which are amongst the biggest problems here. I wish they would, but I understand their published policies and respect their adherence to them.

    1. Kevin Johnston

      Re: A vote for Spamhaus.

      I used them too on my mail server until I moved provider to EE at which point no mail came through. Disabling the Spamhuas check unplugged the blockage so I have the choice of a provider which has been good in all other aspects and just deal with the Spam or else go back round the 'which ISP do I try next whack-a-mole

      1. Anonymous Coward
        Anonymous Coward

        Re: A vote for Spamhaus.

        I used to have the same issues with Network Solutions. Their 'network solution' was to use a different network...So we aren't using Network Solutions and more.

      2. Kevin Johnston

        Re: A vote for Spamhaus.

        I do love when you get all these downvotes but nobody will add a comment as to why they downvoted

    2. Anonymous Coward
      Anonymous Coward

      Re: A vote for Spamhaus.

      "Spamhaus policies are too conservative"

      Definitely, that's why we use in parallel our own (huge) blacklist, containing among others a lot of those newfangled TLDs -- yes, the whole TLD. As requested by our users, who were spammed silly by numerous fly-by-night domains on those TLDs (".casa", ".website",".top", just to name a few).

      And FYI, in 30 years no user has ever complained about legitimate mails disappearing. You can say whatever you want, but it works for us so we are not going to change it for some misguided cheapskates who chose to use spammer resources. Sorry, it's "lie down with dogs, wake up with the fleas" as they say.

  9. sreynolds

    I thought that the problem was obvious....

    In my opinion Spamhaus is the problem. If they admit that they are blocking emails of commercial entities then I would say it is time to pack up and rely on SPF and domain validation as this apparently works.

    1. sitta_europea Silver badge

      Re: I thought that the problem was obvious....

      [quote]

      In my opinion Spamhaus is the problem. If they admit that they are blocking emails of commercial entities then I would say it is time to pack up and rely on SPF and domain validation as this apparently works.

      [/quote]

      Spamhaus doesn't actually block anything, it offers an opinion which its users are free to ignore if they wish. For example if I want to, I can whitelist some poor schmuck who happens to be stuck with OVH.

      Apparently you've no idea what SPF is about so I suggest you take a look at RFC7208.

      1. sreynolds

        Re: I thought that the problem was obvious....

        I think I do know what SPF does. Ensures that the owner of the domain has somehow cryptographically ensured that email emanating from their domain belongs to them.

        I guess none of you get DMARC reports from google and/or microsoft showing you what email might have been forged from your domain.

        Therefore, if the email is unsolicited and does not stop, you can use the law(s) (and there are examples of commercial entities being fined for unsolicited texts and emails) to stop this. Spamhaus comes from a time when you used to accept email from any old address. Its not much better than baysian modedls of the 90s

        1. simkin

          Re: I thought that the problem was obvious....

          SPF does nothing cryptographically. You're thinking DKIM, which adds a signature.

          Neither actually authenticates an email or says anything about whether it is spam or not. Spammers use SPF and DKIM too. Especially the main-sleeze marketers this article is talking about.

          Combined with DMARC and aligned identifiers, SPF and DKIM do make it easier to whitelist some senders and identify From: address forgeries, though.

          1. deep_enigma

            Re: Spammers use SPF and DKIM too.

            ... And they're substantially better at setting them up correctly (in the purely technical sense) than most legitimate sites. :(

        2. Anonymous Coward
          Anonymous Coward

          Re: I thought that the problem was obvious....

          Spamhaus has also a blacklist of new domains registered in the previous 24h. Because another spammer tactic is to register domains by the sackful (helped by cheap registrars who don't care who register a domain and how pays for it... it's still money), use one to spam for short time, and then forget about it.

          Getting an SPF record for @ajanmoqiqpoqq.com is quite simple and it doesn't help at all on the receiving side. You can also build a DKIM record for it - still of no use to identify it as not spam.

          Moreover servers using IP-based blacklist will return an error (or drop the connection) as soon as the IP is verified. They might not t wait even for the FROM command, or to receive the whole message, parse the headers, check DKIM record and process it, and look for a DMARC policy All of them require many CPU cycles and you'll do that only for messages that passed the first spam filters.

          When statistics put spam at 50-80% of all emails sent, it's clear that mail servers spend most of their time processing spam. It becomes imperative to drop spam messages as soon as possible.

          Actually SPF/DKIM/DMARC are useful to combat email spoofing, not spam, although some spam might try spoofing as well, it is not the most of it.

      2. Doctor Syntax Silver badge

        Re: I thought that the problem was obvious....

        "it offers an opinion"

        I spend a large part of my career offering opinions in the form of witness statements. I had to be prepared to justify any of them if needed. I expect anyone doing the same thing to meet the same standards.

        1. Anonymous Coward
          Anonymous Coward

          Re: I thought that the problem was obvious....

          Ask any financial reputation system to justify their rating....

    2. iron Silver badge

      Re: I thought that the problem was obvious....

      Did you know that companies who send spam are all commercial entitites?

      Blocking mail from commercial entities is exactly what Spamhaus are supposed to do.

  10. Martin Summers

    If you think you've got problems with legitimate email being blocked, can you imagine working for Pfizer!

  11. Phones Sheridan Silver badge

    Back in the consulting days, the conversation tended to go.

    Them - "Our emails are being blocked, by Spamhaus, how do we get off it".

    Me - "How many addresses are you mailshotting?"

    Them (proudly)- "xxxx thousand".

    Me - "How many of those do you have a confirmed opt in for?"

    Them - " ..............!"

    Me - "How many of those opted out, and you ignored it?"

    Them - " .............!"

    Me - "Stop spamming and the problem will go away of it's own accord".

    Them - "We don't spam, these are genuine emails of interest to customers."

    Me - "How many of those do you have a confirmed opt in for?"

    Them - " ..............!"

    Me - "How many of those opted out, and you ignored it?"

    Them - " .............!"

    Me - "Stop spamming and the problem will go away of it's own accord".

    Rinse and repeat.

    I've never known Spamhaus to make mistakes, just mailshotters either ignoring opt-outs, or not having opt-ins in the first place. Solve those 2 problems, and the issue simply goes away.

    1. Anonymous Coward
      Anonymous Coward

      I've never known Spamhaus to make mistakes

      The only out and out mistake I've seen was accidentally listing one of Postini's netblocks for a couple of hours somewhere around 12-15 years ago.

  12. Anonymous Coward
    Anonymous Coward

    Spam me with irrelevant job vacancies...

    And you WILL get sent to the spam folder. As many recruitment agencies will have found.

    Start spamming me on long abandoned accounts on job sites to obscure accounts of mine and its a definite SPAM BAN.

  13. Big_Boomer Silver badge

    Spamhaus are NOT the problem, spammers are the problem!

    I have my own domain but I pay for it to be hosted, like many do. I have quite often had issues with emails being blocked due to the IP address of the email server being blacklisted. In 100% of those cases, the cause was a company whose email server was blasting out spam and their domain was hosted on the same host as my domain. Most of the time the issue was resolved within a few days, but in one instance I complained to the ISP who went into head-up-arse mode and nothing changed for months despite multiple calls and emails from me. So, I contacted Spamhaus directly and THEY contacted the ISP and within 24hrs the offending company was kicked off the server which then was delisted. I assume that Spamhaus threatened to list ALL of that ISPs servers if they didn't get their sh!t together. On renewal I moved to a different domain host (Krystal) and I have not had a single issue since then (thanks Simon!). If it wasn't for places like Spamhaus and your ISPs spam filters, you would currently be drowning in spam. Lots of companies use the Spamhaus lists because THEY WORK. If you don't like them, then chances are that you are a SPAMMER.

    1. Anonymous Coward
      Anonymous Coward

      Re: Spamhaus are NOT the problem, spammers are the problem!

      "their domain was hosted on the same host as my domain"

      You should have a different IP address and thus be a clearly different entity. Bigger hosting companies host many thousands of different websites, do you really think one bad apple in there would automatically block them all?

      Now if you use a cheapskate hosting solution where several websites live on the same IP address (redirected locally by the host), it's your fault: It means you took the risk of being bundled together with whoever is your co-tenant(s), since only your hosting company can keep you apart. You pay less, but you willingly take a risk, don't complain if it comes back to bite you.

      1. Anonymous Coward
        Anonymous Coward

        Re: Spamhaus are NOT the problem, spammers are the problem!

        The issue can happen when sharing a mail server managed by the ISP - which could put many different mail domains on a single IP. If someone starts to use that server to spam, it will get blacklisted - and with it any mail domain served by it.

        It happened to my lawyer a few years ago - I helped her to get out of that situation.

  14. Wayland

    Open Resolver Public DNS problem, 8.8.8.8

    I run my own email server on a Debian Linux machine I built myself. In the DNS resolvers file I set 1.1.1.1 and 8.8.8.8 for domain name lookup. I thought that was pretty standard but one of my clients with this setup on his server started getting the occasional bounce when when people were sending to him. Spamhaus were saying in the bounce;

    Service unavailable; Client host [18x.xxx.xx.xxx] blocked using

    zen.spamhaus.org; Error: open resolver;

    https://www.spamhaus.org/returnc/pub/74.63.25.239 (in reply to RCPT TO

    command)

    It turns out the solution is simple, remove all the resolvers from /etc/resolv.conf

    The server has bind so will do it's own resolving and apparently Spamhaus approve.

    I still don't comprehend what the problem is. Maybe someone could explain.

    1. Phones Sheridan Silver badge

      Re: Open Resolver Public DNS problem, 8.8.8.8

      Hi, a layman's explanation.

      Consider the following route that emails follow when Bob emails Joe

      Sender (Bob) -> Senders Mail Server (Twiki) -> Receivers Mail Server (Kryten) -> Receiver (Joe)

      Bob clicks send

      Bob's email is passed to Twiki

      Twiki Passes the email to Kryten

      Kryten delivers the email to Joe.

      - However When a DNSBL is involved

      Bob clicks send

      Bob's email is passed to Twiki

      Twiki informs Kryten an email is ready to be passed to it.

      Krytem looks up Twiki on Spamhaus (or other DNSBL) and finds a listing.

      Kryten tells Twiki that the email is being rejected, and if configured correctly, gives an accurate reason why.

      Twiki tells Bob that the email was rejected, along with whatever reason Kryten gave (if configured)

      If anything other than the above occurs, then either Kryten or Twiki is not configured to transport mail according to RFC standards and this is where things go wrong.

      So if I read your post above correctly, Bob is emailing Joe, and Joe gets the bounceback notification. This indicates either Twiki or Kryten is configured incorrectly because Bob should be getting the response his email did not get through, This isn't Spamhaus's fault. An admin has configured the mail transport incorrectly on their server.

      1. deep_enigma

        Re: Open Resolver Public DNS problem, 8.8.8.8

        No, it has nothing to do with any particulars of the mail transmission path. It's a DNS lookup volume issue.

        Spamhaus (and most other public DNSBLs) put a limit on how many DNS queries "you" can do for free. Most place that limit at 100k queries.

        That's a fairly large mail system - a small private system doing direct lookups will generate on the order of hundreds to maybe a low thousands per day.

        Each and every SMTP connection to your server will generate a query to the DNS cache you have configured. At a small scale, that will be passed on to Spamhaus' DNS servers each time because the cache timeout for DNSBL data is generally pretty short. As mail volume goes up, some of the lookups will be found in the cache instead, saving a query direct to Spamhaus.

        If you run your own cache, you'll stay within the free limits for quite some time - easily 10k+ mailboxes and 200k+ messages/day for general ISP mail traffic.

        However, if you're forwarding DNS queries to a big public cache, Spamhaus only "sees" the query from the public cache - there's no (trivial/simple) way to see the individual cache users. So the query volume from these shoots past that free 100k-query limit in a matter of a few minutes each day. DNS is pretty lightweight..... up until you start looking at large platforms, supporting literally billions of queries daily. It costs big money to run a system capable of supporting that query volume, so they insist high-volume users pay for either a datafeed or "authenticated" direct query service.

        1. Phones Sheridan Silver badge

          Re: Open Resolver Public DNS problem, 8.8.8.8

          I'm sorry but nothing you have said there, is relevant to what I said to Wayland.

          But to respond to your tangent. Spamhaus service is offered on a "free for non-commercial use" basis. If a commercial service uses it, tough titties if their email breaks, they got what they paid for.

          A non response from Spamhaus (i.e. a timeout), should be interpreted by the requesting mailserver as a non-listing because no positive response was made. If it isn't, then that's the local admins choice, or error.

          If Spamhaus return a "127.255.255.255" response on any of it's DNSBL services, that response indicates "Excessive queries" and again, the local mail server admin would specifically have to configure his mail server explicitly to reject emails as spam based on this response.

          Spamhause responses are either Postive* (found on the list), Negative* (not found on the list), or Informational* (Typing error in DNSBL name, Query via public/open resolver, Excessive number of queries etc). If a local admin has configured his mail server to reject mail, based on ANY response from Spamhaus, Positive, Negative or Informational, then that admin needs to RTFM.

          But again, none of this has anything to do with my reply to Wayland.

          *My examples are merely that, and are not a complete listing of Spamhaus responses.

  15. DCdave
    Devil

    Different strokes

    Lots of admins on here defending Spamhaus and saying it's easy to get off the lists, and as a sysadmin (but not responsible for email) I understand that, however as a user I have very much been collateral damage as a result of a single one of my email provider's servers being put on their list due to relatively spurious reasons.

    I will not forget the arrogant and unhelpful attitude of Spamhaus at the time. They just did not care about collateral damage and there wasn't a thing I could do about it.

    Of course, the problem was made immeasurably worse by my Dad's email provider mostly not sending a bounce, or occasionally sending one after 48 hours.

    Either way, absolutely nightmare of a problem to troubleshoot as an end user, the problem effectively manifested itself as "random" depending on where my provider's load balancer directed me - to the flagged server, my mail wouldn't get through, or to an unflagged server and my mail would get through.

    I don't know how the problem was eventually resolved, but it was months later, well after I had started using another provider just to keep in touch with my Dad.

    1. Anonymous Coward
      Anonymous Coward

      Re: Different strokes

      Unless you are your own ISP (and the IP is not blocked because the PBL), there's almost nothing as a user you can do because it is an ISP matter to solve, especially if your not the issue, so you have no control over it.

      It's your ISP that is not delivering the service you paid for, and it's your ISP that has to work to get de-listed. In a post above I told about my lawyer getting her mails blocked because her firm had delegated the management of their domain, website and mail to a company who used shared web and mail servers, because each customer was "small" enough. Inevitably, when one of them started spamming, all those on the same sever got blocked, because of IP-based blacklist and shared server. There is no way to "unblock" a single domain or user, in such situation. There are also domain-based blacklist, but since spammers are able to buy thousands and thousands of cheap domains quickly, while IPv4 addresses are now scarce, they are far less effective.

      To get her (and others) unblocked, the ISP had to act to remove the offending sender. Some ISPs drag their feet because it's lost money, or because they routinely ignore "abuse" messages. They might try to deflect their customers' rage towards Spamhaus ("spurious reasons" - who told you so?), but actually the issue is their lack of willingness to do anything to solve the situation.

      Unluckily there is no authority on the internet that can tell to an ISP "you're acting unlawfully - surrender your IPs and cease to operate", so people have to defend themselves in other ways, and that unluckily means sometimes someone can be caught in the middle.

      1. DCdave

        Re: Different strokes

        That's not quite correct - my ISP was delivering the service I paid for - my email was being sent in all cases. It was the receiving domain that was not delivering it to the intended recipient if and only if it came from a particular server (not domain) owned by my ISP.

        1. Anonymous Coward
          Anonymous Coward

          "my ISP was delivering the service I paid for"

          No, it let the IPs assigned to you to become blacklisted and didn't nothing to resolve the issue. So it wasn't delivering the service you expected.

          Think about a bank who routinely loses customers' money or leaks data - because lack of controls of what its employee do, is is delivering the service you are paying for? The fact it accepts your money and makes some payment isn't enough, you do expect a far more higher standard of service from your bank, including the safety of your money and your privacy.

          The receiving domain instead was delivering the service its customers paid for by blocking incoming spam, if it didn't its customer had all the rights to complain.

          I wonder why people from some services expect the higher standards, from others it's OK if they offer the lowest ones. Probably it's just greed and egoism - when your butts are at stake then they must offer the highest standards. which are not only expected, but should be mandated - when the damages are suffered by someone else, everything is fine, and a lame, cheap service are sought after.

          1. DCdave

            Re: "my ISP was delivering the service I paid for"

            Your premise is really quite ridiculous.

  16. This post has been deleted by its author

  17. schafdog

    Would like to monitor my IPs running a SMTP server, but I cannot find the informational list that the article is describing. What am I missing?

    1. Anonymous Coward
      Anonymous Coward

      I don't know if they refer to the CSS component of the SBL which returns 127.0.0.3 (see https://www.spamhaus.org/css/), instead of a proper SBL listing that returns 127.0.0.2, or to messages they send to IP owners notifying them of a spam issue before adding them to the SBL - from the article is not clear.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like