Nameless and faceless

Ken Magill wrote about Spamhaus last week. In the article he commented about the volunteers.

By most accounts, the folks responsible for maintaining Spamhaus’s blacklists can be a very annoying group to deal with—mainly because they’re faceless and unforgiving.

Today, Ken published a response from Steve Linford, the head of Spamhaus. The response is well worth a read and I encourage you to head over to Ken’s site to read the whole thing.
I didn’t comment last week, mostly because I negatively reacted to the “faceless and unforgiving” comment.
I’ve had lots of interactions with Spamhaus volunteers over the years. And, yeah, I have had the occasional interaction that was frustrating on all sides. I was annoyed, my clients were annoyed and Spamhaus was annoyed. But these experiences are memorable because they’re so rare. Most of the time, the Spamhaus rep is polite and professional.
In my experience, Spamhaus is quite forgiving of honest mistakes. There was one memorable incident a few years ago where I got very descriptive email, including screenshots, from the CEO of one of my clients. That client had a spammer get on their network and trigger a SBL listing. One of the founders went in and disconnected the customer. But, the customer had called in and gotten their new abuse desk person on the phone and managed to get turned back on. Spamhaus was very understanding and the listing was taken down very promptly.
There are two situations where Spamhaus reps have “acted unforgiving.”

  1. When the resolution proposed by the listee won’t do anything to stop unsolicited mail.
  2. When there is a history of spam and broken agreements and repeat behaviour from that particular sender.

I think in both of these situations “unforgiving” is not unreasonable. Spamhaus’ goal is to protect their customer networks from spam. Delisting an entity when their proposed fix won’t actually fix whatever caused the listing in the first place makes no sense. Yes, it’s frustrating to the listee, but in this case Spamhaus’ role is to be the gatekeeper. Likewise, I think volunteers are smart to be cautious when dealing with someone who has repeatedly broken delisting agreements.
As for faceless, well, Ken has it semi-right. Spamhaus volunteers are regulars at MAAWG and I consider some of them friends. Here’s the thing, though, I work for my clients through the sbl-removals@ address, and there are actually listings where I couldn’t tell you which volunteer I was dealing with. It doesn’t really matter, though, they are SR-whatever and acting as a representative of Spamhaus.
The service Spamhaus provides is unique and important. Not only are their lists trusted by large ISPs, but their data is also trusted by law enforcement throughout the world. Without the work done by Spamhaus, a lot of us would have a lot more spam in our inboxes. I know sometimes they block IPs at the most inconvenient times: some delivery friends swear that Spamhaus reps know their vacation schedule.
Overall, though, the Internet is better for having the “nameless and faceless” Spamhaus volunteers than it would be otherwise.

Related Posts

Bit.ly gets you Blocked

URL shorteners, like bit.ly, moby.to and tinyurl.com, do three things:

Read More

Spamhaus changes

A number of ESPs are reporting an increase in SBL listings of big, well known brands. InterestingSBLs seems to confirm this.
Just on the month of June I see tweets reporting SBL listings for: Disney (again, and again) AAA Michigan, NRCC, the Mitt Romney campaign, Macy’s (again) Facebook, Walmart Brazil, Safeway, Bacardi.
What happened? I think there are a number of reasons for an increase in SBL listings of well known brands.
The first is that botnets are rapidly becoming a solved problem. That’s not to say that they’ve gone away, or that we should stop being vigilant about the spam and malicious mail coming out of them, but that there are more and better tools to deal with botnets than there have been in the past. That means that the folks at Spamhaus can look at different classes of unsolicited email.
I believe Spamhaus has some new mail feeds that let them see mail they were previously not seeing. Anyone who has multiple email addresses can tell you that the type of spam that one address gets is often vastly different than the type of mail another email address gets. When dealing with spamtrap feeds, that means that there is unsolicited mail that isn’t seen by the feed. I know there are companies who claim to have lists of hundreds of thousands of spamtraps, and I don’t doubt that some enterprising spammers have discovered Spamhaus spamtraps in the past. Adding new feeds means that Spamhaus will see spam that they were previously missing due to their traps being compromised.
As well as bringing up new feeds, I suspect Spamhaus has better tools to mine the data. This means they can see patterns and problem senders in a clearer way and list those that meet the Spamhaus listing criteria.
I’m not saying the Spamhaus standards have changed. Spamhaus has always said they will list anyone sending unsolicited bulk email. But, as with many organizations what they could do was limited by the available resources. That resource allocation has changed and they can deal with more senders.
What does all this mean for senders? In a perfect world it wouldn’t mean anything. Senders would actually be sending mail only to people who had asked to receive it. Senders would have good list hygiene and pull off abandoned addresses long before they could be turned into spamtraps.
But we all know this isn’t a perfect world. There are a lot of senders that have lists with years of cruft on them. And not all of those addresses on the list actually opted-in to receive that mail. Many of those senders have good stats, decent opens, low unknown user rates, and low complaint rates. But that doesn’t mean there aren’t problems with the lists. And those hidden problems may mean that just because you haven’t had a Spamhaus listing in the past doesn’t mean there isn’t going to be one in your future. It means senders who want to avoid SBL listings need to pay attention to list hygiene and dead addresses. It means the source of addresses and their audit trail is even more important than ever.
Meanwhile, ESPs are struggling to cope with the ongoing and increasing SBL listings.
EDIT: Mickey attributes some of the increase in listings to Spamhaus being better able to detect appended lists.

Read More

Spamhaus rising?

Ken has a good article talking about how many ESPs have tightened their standards recently and are really hounding their customers to stop sending mail recipients don’t want and don’t like. Ken credits much of this change to Spamhaus and their new tools.

Read More