Talk:The Spamhaus Project/Archives/2017

MIssing criticism section
This article does not mention the trouble Spamhaus is causing for normal computer users, mobile device owners and businesses. Their ridiculous policy of blackllisting dynamic (!) IPs for a long time that were used by baddies once a long time ago is causing innocent people a lot of trouble, money and inconvenience because the lists are not really maintained.

I just tried to get a dynamic run-off-the-mill t-mobile IP unlisted, after getting several blacklisted IPs in the usual "re-connecting in the hope I get a clean one this time" dance. It's impossible because these jackasses don't accept emails from any of the big mail providers and all I have is a Gmail account, so I can't get that off the list. There is no contact address for this so-called organization of self-proclaimed internet cops, so there is basically no way for their "victims" to rectify the situation. I have to contact my ISP to get that done, but even if they'd care to do something about it, I doubt they'd get anywhere. I don't like spam either but what Spamhaus does is just the most stupid way of fighting it and they should be kicked off the internet themselves.37.81.95.170 (talk) 01:17, 2 April 2013 (UTC)


 * You're apparently complaining that you were prevented from removing a DYNAMIC IP from Spamhaus... Were you running a mail server on your DYNAMIC IP? No? Then simply turn your SMTP AUTHENTICATION on like everybody else on the internet! Jeeeze. Nobody wants direct-to-MX SMTP from dynamic IPs. Do yourself a favour and go read the FAQ: http://www.spamhaus.org/faq/section/Spamhaus%20PBL PavelTishe (talk) 09:14, 4 January 2015 (UTC)

Some other perspective
The PBL removal only last a year. It should last as long as I pay for my fixed IP address, that way it will be flagged according to the current status and not acording to an unexpected timer that causes mail to fail and reduces the reputation of the IP address each time it fails without cause.


 * Really? "PBL removal should last as long as I pay for my fixed IP address"? You're saying that Spamhaus should have a link into your ISP's billing system to know when you stop paying for your IP address? PavelTishe (talk) 09:14, 4 January 2015 (UTC)


 * forum.slicehost.com
 * orensol.com
 * serverfault.com
 * forums.aws.amazon.com

Idyllic press (talk) 13:43, 20 June 2013 (UTC)

Wider spread of problems
I added the references above to the talk page because they were considered a bit too light for inclusion to the main article. They could not be followed previously by anyone as I did not list them which I have now done below. My reason was that I am not the only person who has suffered at the hands of Spamhaus policy. My contention is if they demand action other than the Internet RFCs do then they must have a way to work around this if others are not prepared to follow their non-standard rules. I just want my static IP address to remain off their lists and not have to unblock it every year. Because their policy affects comparatively few people who run mostly private SMTP hosts it gets little atention and there is no known remedy.

Spamhaus, as an operation that claims to protect the bulk of the internet mail users from pointless spam, likely suffer from some measure of attacks (quite a bit of that of late it seems). Some of the attacks are probably email based to which end they seem to have resorted to removing meaningful contact information from thir web site and the public sphere. They are also mostly indifferent to the problems caused by false positive flagging (by annual timer and though no fault) of legitemate and conforming servers on their PBL lists when their policies conflict with those of other organisations like Rackspace, AWS at Amazon and others that are not prepared or able to manage their static IP address space more dilligently as demanded by Spamhaus.

At this point every year they add static Rackspace IP addresses to their PBL which causes loss of service, loss of IP address reputation and ongoing problems with lingering filtering by gMail servers based on past listings. They unilaterally insist that IP address owners have to manage their static IP addresses and some owners like Rackspace do not do this.

They have placed a burden on Rackspace that Rackspace is unwilling to shoulder. This is not an RCF or other Internet standard that needs to be followed for compliance, this is a mechanism that Spamhaus elects to use to simplify their life. They could permanently remove an IP address from the PBL if it has had a request before to be flagged as a static mail sender IP address. Rackspace could notify Spamhaus that a paid static IP address is just that and should never go on the PBL. One party is arrogant and does insists on more from the internet than is specified, and the other is lazy and charges money for a static address that does not change claiming is must be a dynamic address because it is used in a server pool.

I added the REFERENCE LIST below as there was no way to follow the references above without looking at the source.

The attitude of Spamhaus to individuals by making it near impossible to contact them (give it a try) and their disdain for internet standards placing a unwanted burden on IP address owners are serious problems to their credibility.

Idyllic press (talk) 15:05, 15 August 2013 (UTC)


 * Are you making a suggestion about this Wikipedia article? talk pages are not a forum for general discussion of a topic. I understand that you must be frustrated, but as you said, none of those sources (three forum posts and a blog entry) are good enough for inclusion in the article. Saying they are a bit too light is a bit too generous. Grayfell (talk) 19:47, 15 August 2013 (UTC)

The STOPhaus DDoS attack
N.B: 'STOPhaus' ceased to exist after the arrests of two of its members and the exposure of all of the individuals involved in the 'STOPhaus' DDoS attack on Spamhaus in the Krebs on Security article "Inside ‘The Attack That Almost Broke the Internet’"



On March 15th, 2013, a coalition of spammers and spam-friendly hosting firms calling themselves 'STOPhaus' and alleged by Spamhaus to be cybercriminals initiated a large scale Operation and DDoS attack against Spamhaus, accusing Spamhaus of crimes such as extortion, blackmail, and computer sabotage along with a series of complaints concerning Spamhaus' infamous "escalation" process. The attack exploited a long-known vulnerability in the Domain Name System which permits origination of massive quantities of messages at devices owned by others using IP address spoofing. Devices exploited as one of the over 30,000 open recursive servers, or open resolvers, used in the attack may be as simple as a cable converter box connected to the internet. . The attack was of a previously unreported scale (peaking at 300 gigabits per second; an average large-scale attack might reach 50Gbps, and the largest previous publicly reported attack was 100Gbps) was launched against Spamhaus’s Domain Name System (DNS) servers; Other members of M3AAWG aka Messaging Anti-Abuse Working Group, such as Google, had made their resources available to help absorb the traffic. Spamhaus's CEO Steve Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world. Spamhaus alleged that CyberBunker, in cooperation with “criminal gangs” from Eastern Europe and Russia, were behind the attack; CyberBunker did not respond to the BBC’s request for comment on the allegation, but maintains that CB3ROB was not behind the attack on Spamhaus, but was merely a representative for the group known as The STOPhaus Movement.

According to what Cloudflare submitted to the New York Times, an Internet activist who said he was a spokesman for the attackers, Sven Olaf Kamphuis, said in a message, “We are aware that this is one of the largest DDoS attacks the world had publicly seen”, and that CyberBunker was retaliating against Spamhaus for “abusing their influence”. Despite this claim, Sven Olaf Kamphuis maintains that he did not make this statement and that Cyberbunker was not involved in the attack against Spamhaus. The NYT added that security researcher Dan Kaminsky said “You can’t stop a DNS flood ... The only way to deal with this problem is to find the people doing it and arrest them.” Apparently this OpenDNS issue was noted over a decade ago and was reported to be a problem that needed to be addressed. This seems to conflict with Dan Kaminsky On Apr 26, 2013 the owner of CyberBunker, Sven Olaf Kamphuis, was arrested in Spain for investigation into his alleged part in the attack on Spamhaus. He was later released while awaiting trial for multiple alleged computer crimes


 * The activist group group Anonymous was never involved. The fake 'Anonymous campaign' was posted to Pastebin by Andrew Jacob Stephens, a Florida-based spammer and hoodlum who pretends to be "Anonymous". Stephens is the same hoodlum who announced "Operation Wikipedia War, to bring Wikipedia to its knees" because Wikipedia editors would not allow Stephens to vandalize the Spamhaus entry. — Preceding unsigned comment added by PavelTishe (talk • contribs) 09:29, 4 January 2015 (UTC)

— Preceding unsigned comment added by 76.12.126.18 (talk • contribs) 10:30, 22 June 2013‎ (UTC)