NationMaster - Encyclopedia: The Spamhaus Project

The Spamhaus Project is a volunteer effort founded by Steve Linford in 1998 that aims to track e-mail spammers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German expression for an ISP or other firm which spams or willingly provides service to spammers. Steve Linford, also nicknamed Stiff Linefeed following a fairly catastrophic Chinese mistranslation of his name [1], is the anti-spammer who founded Spamhaus. ... Year 1998 (MCMXCVIII) was a common year starting on Thursday (link will display full 1998 Gregorian calendar). ... E-mail spam, also known as bulk e-mail or junk e-mail is a subset of spam that involves sending nearly identical messages to numerous recipients by e-mail. ... â€œISPâ€ redirects here. ...

Spamhaus DNSBLs

Spamhaus is responsible for three widely used anti-spam DNS Blocklists (DNSBLs) — the Spamhaus Block List (SBL), the Exploits Block List (XBL), and the Policy Block List (PBL). Many internet service providers and other Internet sites use these free services to reduce the amount of spam they take on. The SBL, XBL and PBL collectively protect over 500 million e-mail users, according to Spamhaus' web page (December 2006). Like most DNSBLs, their use is controversial. A DNS Blacklist, or DNSBL (definition below), is a means by which an Internet site may publish a list of IP addresses that some people may want to avoid and in a format which can be easily queried by computer programs on the Internet. ... â€œISPâ€ redirects here. ... A DNS Blacklist, or DNSBL (definition below), is a means by which an Internet site may publish a list of IP addresses that some people may want to avoid and in a format which can be easily queried by computer programs on the Internet. ...

The Spamhaus Block List (SBL)^[1] targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services^[2]. The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below.

The Exploits Block List (XBL)^[3] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by two contributing DNSBL operations — the Composite Blocking List (CBL) and the Not Just Another Bogus List (NJABL) lists. An open proxy is a proxy server which is accessible by any Internet user. ... CBL is Composite Blocking List. ... CBL is Composite Blocking List. ... Not Just Another Bogus List, or NJABL, is a DNS-based Blackhole List (DNSBL). ... NJABL is Not Just Another Bogus List. ...

The Policy Block List (PBL)^[4] is a list that serves many of the same functions of a Dialup Users List, but really it is not a DUL. The PBL lists not only dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections', but static assignments that shouldn't be sending email without prior arrangement. Examples of such are an ISP's core routers, corporate users required by policy to send via their internal mail server, and unassigned IP addresses. Much of the data is provided to Spamhaus by the owners (ISPs) of the IP address space. A Dynamic Users List (DUL) is a type of DNSBL which contains the IP addresses an ISP assigns to its customer on a temporary basis, often using DHCP or similar protocols. ...

Spamhaus's DNSBLs are offered as a free public service to mail server operators on the Internet. ISPs and other large sites doing large numbers of queries can also sign-up for an rsync-based feed of these DNSBLs, which Spamhaus calls its Data Feed^[5], at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list^[6], and they must also pass a background check to make sure they do not knowingly or intentionally provide services to spammers. In computing, rsync is a computer program for Unix systems which synchronizes files and directories from one location to another while minimizing data transfer using delta encoding when appropriate. ...

Spamhaus also provides two combined DNSBLs. One is the SBL+XBL^[7], which allows users to query sbl-xbl.spamhaus.org once and get return codes from both lists. A newer combination is called ZEN^[8] (named after founder Linford's dog), which allows users to query zen.spamhaus.org once and get return codes from the SBL+XBL and the newer PBL.

The Spamhaus Register of Known Spam Operations (ROKSO)^[9] is a database of "hard-core spam gangs" -- spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly-sourced information about these persons and their business and at times criminal activities.

As Spamhaus operates in the United Kingdom, it is subject to the Data Protection Act which restricts its ability to publish private information legally. For this reason, ROKSO publishes only information gathered from public sources such as newspapers, court records, incorporation filings, and other public records. Spamhaus also keeps additional information on spammers for disclosure only to law enforcement agencies. The Data Protection Act (DPA) is a United Kingdom Act of Parliament. ...

Don't Route Or Peer List

The Spamhaus Don't Route Or Peer (DROP) List^[10] is a text file delineating so-called "zombie" (stolen) CIDR blocks and netblocks which are "totally controlled by spammers or 100% spam hosting operations", as shown by SBL listings, with the numbers of the underlying listings as comments. It is intended not to include netblocks registered to ISPs and sublet to spammers, but only those blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to block network traffic from and to those blocks. Warning! This Article contains disinformation. ...

e360 Lawsuit

In September 2006 an American spammer named David Linhardt, operating as "e360 Insight LLC", filed suit in an Illinois state court against Spamhaus for blacklisting his website. Spamhaus initially succeeded in moving the case from state to federal court, but then stopped defending itself against the lawsuit, because it is based in the United Kingdom and outside the jurisdiction of United States courts.^[11]^[12] The American court had no choice but to award e360 a default judgment totaling $11,715,000 in damages. Spamhaus subsequently announced that it would ignore the judgment.^[13]^[14] This article does not cite any references or sources. ...

e360 filed a motion in Federal court to force ICANN to remove the domain records of Spamhaus until the default judgment had been satisfied.^[15] This raised issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names,^[16]^[17] and ICANN protested^[18] that they had neither the ability, nor the authority, to remove the domain records of Spamhaus, which is a UK-based not-for-profit organization. ICANN headquarters ICANN (IPA /aÉªkÃ¦n/) is the Internet Corporation for Assigned Names and Numbers. ...

On 2006-10-20, U.S. Federal District Court Judge Charles Kocoras, for the Northern District of Illinois, issued a ruling denying e360's motion, stating in his opinion, that "there has been no indication that ICANN [is] not independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e. Spamhaus' refusal to satisfy the default judgment] neither will we impose a sanction that does not correspond to the gravity of the offending conduct."^[19]^[20] Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 293rd day of the year (294th in leap years) in the Gregorian calendar. ... A federal judge is a judge appointed in accordance with Article III of the United States Constitution. ... ICANN headquarters ICANN (IPA /aÉªkÃ¦n/) is the Internet Corporation for Assigned Names and Numbers. ...

Spamhaus versus nic.at

In June 2007 Spamhaus requested the national registry of Austria nic.at unregister a number of domains because of their use for phishing purposes ^[21]. The registry nic.at rejected that request and argued that they would break Austrian law when doing so. Further nic.at argued that the respective DNS-providers should remove the domain. A domain name registry is a database which keeps track of which domain name maps to which IP adress in the domain name system on the Internet. ... .at is the Internet country code top-level domain (ccTLD) for Austria. ... This phishing attempt, disguised as an official email from a (fictional) bank, attempts to trick the banks members into giving away their account information by confirming it at the phishers linked website. ...

To put more pressure on the Austrian registry Spamhaus put the mail server of nic.at for several days on their spam blacklist which caused interference of the mail traffic.^[22]^[23]. Currently Spamhaus has a pointer entry (SBL55483) for the single IP address 192.174.68.0/32 to highlight how nic.at supports phishing. This listing does not block any email, since this address is unused. Most of the phishing domains have since been deleted/suspended by the respective DNS-providers. ^{[citation needed]}

Spamhaus trademarked

Spamhaus has been given the blessing of Hormel, to trademark the name Spamhaus in the European Union.^[24] Hormel Foods Corporation NYSE: HRL is probably best known as the producer of SPAM luncheon meat. ...

See also

The following table lists technical information for a number of DNS blacklists. ... SpamCop is a free spam reporting service, allowing recipients of unsolicited bulk email (UBE) and unsolicited commercial email (UCE) to report the offense to the senders Internet Service Provider (ISP), and sometimes their web host. ... E-mail spam, also known as bulk e-mail or junk e-mail is a subset of spam that involves sending nearly identical messages to numerous recipients by e-mail. ... To prevent e-mail spam, both end users and administrators of e-mail systems use various anti-spam techniques. ... news. ...

References

^ Spamhaus Block List (SBL)
^ Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. http://www.spamhaus.org/sbl/policy.html Retrieved 2007-02-04.
^ Spamhaus Exploits Block List (XBL)
^ Spamhaus Policy Block List (PBL)
^ Spamhaus Data Feed
^ Spamhaus's top ten worst spam service ISPs list
^ Linford, Steve. "How do I use the SBL?". The Spamhaus Project website. http://www.spamhaus.org/faq/answers.lasso?section=Spamhaus%20SBL#11 Retrieved 2007-02-04.
^ Spamhaus ZEN
^ Spamhaus Register of Known Spam Operations (ROKSO)
^ The Spamhaus Don't Route Or Peer List (DROP)
^ Leyden, John. "Spamhaus fights US court domain threat". The Register. 2006-10-10. http://www.theregister.co.uk/2006/10/10/spamhaus_domain_threat/ Retrieved 2007-02-04.
^ Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=1 Retrieved 2007-02-04.
^ Evers, Joris. "Spam fighter hit with $11.7 million judgment". CNET News.com. 2006-09-14. http://news.com.com/Spam+fighter+hit+with+11+million+judgment/2100-7350_3-6116009.html Retrieved 2007-02-04.]
^ "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006". The Spamhaus Project website. http://www.spamhaus.org/archive/legal/e360/kocoras_order_6_10.pdf 2006-10-06. Retrieved 2007-02-04. (PDF version of PROPOSED ORDER)
^ Linford, Steve. "Court Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=3 Retrieved 2007-02-04.
^ Linford, Steve. "responds here". The Spamhaus Project website. http://www.spamhaus.org/legal/answer.lasso?ref=4 (No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily, Spammer Cajoles ICANN To Ban Spamhaus, http://groups.google.com/group/can.internet.highspeed/msg/d7fd46181af17980, and http://groups.google.com/group/news.admin.net-abuse.email/msg/384a3cb77617a762 as of 2007-02-04.)
^ Carvajal, Doreen. "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times. 2006-10-16. http://www.nytimes.com/2006/10/16/technology/16spam.html?ex=1318651200&en=cd20af3993bc7480&ei=5090&partner=rssuserland&emc=rss Retrieved 2007-02-04.
^ "Spamhaus Litigation Update". ICANN. 2006-10-10. http://www.icann.org/announcements/announcement-10oct06.htm Retrieved 2007-02-04.
^ "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006". ICANN. 2006-10-20. http://www.icann.org/legal/spamhaus/denial-proposed_order-19oct06.pdf Retrieved 2007-02-04. (signed version of denial without prejudice of Plaintiffs’ motion [26] for a rule to show cause)
^ "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". Cheap Web Hosting Directory. 2006-10-30. http://www.cheaphostingdirectory.com/news-domain-firm-tucows-and-icann-win-spamhaus-litigation-2513.html Retrieved 2006-02-04.
^ Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at Nic.at
^ Domainnews.com nic.at domains blacklisted by Spamhaus
^ Spamhaus.org setzt Österreichs Domainverwaltung unter Druck
^ http://blog.clickz.com/070417-212734.html

Steve Linford, also nicknamed Stiff Linefeed following a fairly catastrophic Chinese mistranslation of his name [1], is the anti-spammer who founded Spamhaus. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... Steve Linford, also nicknamed Stiff Linefeed following a fairly catastrophic Chinese mistranslation of his name [1], is the anti-spammer who founded Spamhaus. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... John Leyden (September 8, 1775 - August 28, 1811), British orientalist and man of letters, was born at Denhoim on the Teviot, not far from Hawick. ... Current logo of The Register. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 283rd day of the year (284th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... Steve Linford, also nicknamed Stiff Linefeed following a fairly catastrophic Chinese mistranslation of his name [1], is the anti-spammer who founded Spamhaus. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... CNET Networks Inc. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 257th day of the year (258th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 279th day of the year (280th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... Steve Linford, also nicknamed Stiff Linefeed following a fairly catastrophic Chinese mistranslation of his name [1], is the anti-spammer who founded Spamhaus. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... Steve Linford, also nicknamed Stiff Linefeed following a fairly catastrophic Chinese mistranslation of his name [1], is the anti-spammer who founded Spamhaus. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... The New York Times is a daily newspaper published in New York City and distributed internationally. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 289th day of the year (290th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... ICANN headquarters ICANN (IPA /aÉªkÃ¦n/) is the Internet Corporation for Assigned Names and Numbers. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 283rd day of the year (284th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... ICANN headquarters ICANN (IPA /aÉªkÃ¦n/) is the Internet Corporation for Assigned Names and Numbers. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 293rd day of the year (294th in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st Century. ... is the 35th day of the year in the Gregorian calendar. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 303rd day of the year (304th in leap years) in the Gregorian calendar. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 35th day of the year in the Gregorian calendar. ...

External links

Categories: All articles with unsourced statements | Articles with unsourced statements since June 2007 | Spamming | 1998 establishments | Engineering projects This article is about electronic spam. ... // A possible 19th century mass telegraph In the late 19th Century Western Union allowed telegraphic messages on its network to be sent to multiple destinations. ... The Network Abuse Clearinghouse assembles data on what its sponsors see as misuse of the Internet. ... E-mail spam, also known as bulk e-mail or junk e-mail is a subset of spam that involves sending nearly identical messages to numerous recipients by e-mail. ... Address munging is the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations who send unsolicited bulk e-mail. ... Bulk email software is software that is used to send email in large quantities. ... Dictionary spamming is a spamming technique where spammers attempt to guess E-mail addresses by using a dictionary attack based on adding plausible names as prefixes to known domain names. ... A Directory Harvest Attack or DHA is a technique used by spammers in an attempt to find e-mail addresses. ... A DNS Blacklist, or DNSBL (definition below), is a means by which an Internet site may publish a list of IP addresses that some people may want to avoid and in a format which can be easily queried by computer programs on the Internet. ... A spambot is a program designed to collect, or harvest, e-mail addresses from the Internet in order to build mailing lists for sending unsolicited e-mail, also known as spam. ... A pink contract is an agreement between an email spammer and his Internet service provider. ... An auto-dialer is an electronic device that can automatically dial telephone numbers to communicate between any two points in the telephone, mobile phone and pager networks. ... Flyposting is the act of placing advertising posters or flyers in illegal places. ... Messaging spam, sometimes called SPIM, is a type of spam targeting users of instant messaging services. ... Mobile phone spam is a form of spamming directed at the text messaging service of a mobile phone. ... Newsgroup spam is a type of spamming where the targets are Usenet newsgroups. ... Telemarketing office Telemarketing is a method of direct marketing in which a salesperson uses the telephone to solicit prospective customers to buy products or services. ... VoIP spam is an as-yet-nonexistent problem which has nonetheless received a great deal of attention from marketers and the trade press. ... To prevent e-mail spam, both end users and administrators of e-mail systems use various anti-spam techniques. ... Disposable email addressing (DEA) refers to an alternative way of sharing and managing email addressing. ... Ensuring a valid identity on an e-mail has become a vital first step in stopping spam, forgery, fraud, and even more serious crimes. ... SORBS (Spam and Open Relay Blocking System) is a controversial open proxy and open mail relay DNSBL. It has been augmented with complementary lists that include various other classes of hosts, allowing for customized email rejection by its users. ... SpamCop is a free spam reporting service, allowing recipients of unsolicited bulk email (UBE) and unsolicited commercial email (UCE) to report the offense to the senders Internet Service Provider (ISP), and sometimes their web host. ... List poisoning is a tactic for detecting or diverting e-mail spammers by tricking them into including invalid addresses into mailing lists. ... Bayesian spam filtering (pronounced Bays-ee-en, IPA pronunciation: , after Rev. ... Spamdexing or search engine spamming is the practice of deliberately creating web pages which will be indexed by search engines in order to increase the chance of a website or page being placed close to the beginning of search engine results, or to influence the category to which the page... Keyword stuffing is considered to be an unethical Search engine optimization (SEO) technique. ... A Google bomb (also referred to as a link bomb) is Internet slang for a certain kind of attempt to influence the ranking of a given page in results returned by the Google search engine, often with humorous or political intentions. ... This article does not cite any references or sources. ... On the World Wide Web, a link farm is any group of web pages that all hyperlink to every other page in the group. ... A webring in general is a collection of websites from around the Internet joined together in a circular structure. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... Doorway pages are web pages that are created to rank high in search engines for particular phrases with purpose to seduce or hoax you to watch another page. ... URL redirection, also called URL forwarding, domain redirection and domain forwarding, is a technique on the World Wide Web for making a web page available under many URLs. ... Link spam (also called blog spam or comment spam) is a form of spamming or spamdexing that recently became publicized most often when targeting weblogs (or blogs), but also affects wikis (where it is often called wikispam), guestbooks, and online discussion boards. ... Sping is short for ping spam. Pings are messages sent from blog and publishing tools to a centralized network service (Ping Server) providing notification of newly published posts or content. ... This article does not cite any references or sources. ... Spam in blogs (also called simply blog spam or comment spam) is a form of spamdexing. ... Referer spam is a kind of spamdexing (spamming aimed at search engines). ... This article does not cite any references or sources. ... An advance fee fraud is a confidence trick in which the target is persuaded to advance relatively small sums of money in the hope of realizing a much larger gain. ... A typical lottery scam begins with an unexpected email notification that You have won! a large sum of money in a lottery. ... Make money fast is a title of an electronically forwarded chain letter which became so infamous that the term is now used to describe all sorts of chain letters forwarded over the Internet, by e-mail spam or Usenet newsgroups. ... Microcap stock fraud, also known as microcap fraud, is a form of securities fraud involving stocks of microcap companies, generally defined as having a market capitalization of under $250 million. ... This phishing attempt, disguised as an official email from a (fictional) bank, attempts to trick the banks members into giving away their account information by confirming it at the phishers linked website. ... There are very few or no other articles that link to this one. ...

Contents

Spamhaus DNSBLs GA_googleFillSlot("encyclopedia_square");

Register of Known Spam Operations