You’d think an organization that is devoted to blocking unwanted spam would be beloved by the Internet.  After all, who wants an inbox full of get-rich-quick scams, Viagra knockoffs, and phishing malware?  Unfortunately, the most visible company claiming to provide this service – Spamhaus – is widely reviled.

I’m not sure I’ve ever read a thread on LowEndTalk – or any forum for that matter – where someone says “I really love Spamhaus”.  I’ve also never seen one where someone said “I had a really good interactions with Spamhaus customer service”.

Instead, what you universally see are comments stating:

• Spamhaus is quick to block, slow to cleanup errors
• Spamhaus is opaque and doesn’t provide enough information for people who caught in the crosshairs
• Spamhaus can’t seem to write a customer service message without having it drip – if not gush – with sneering arrogance.  I mean, the staff photo on their web site shows them turning their backs on everyone, so…

Here’s a couple cases in point.  First up is a story by Incognet, which is run by LowEndTalk’s @MannDude.  MannDude does not support spamming but he is very privacy-oriented.  A customer registered a .online domain that was an obvious joke.  The domain’s shared hosting served no spam (in fact, no email addresses were configured), and its lone index.html had no malware.

However, something SpamHaus’s automated system flagged it, and they put it on of their maybe blacklist, and now the registry puts a hold on the domain, crippling it.  The whole story reads like the plot to an Orwellian dystopian novel.  Instead of saying “sorry, let’s take a look,” SpamHaus replied “You are cordially invited to consider the type of customers you have attracted.”  You can almost feeling them looking over their glasses, like teenagers who’ve put on judicial robes to play court.

Recently @Mynymbox shared his story.  You can read it all on his blog, but here’s the gist:

We’ve been battling with Spamhaus for a few weeks now, as domains keep ending up on the DBL domain block list, even though they’re used for perfectly normal purposes. We’ve opened several tickets with Spamhaus and their standard answer is: “not suitable for removal”. Reason: “Bad Internet Neighbourhood” or in their words: “The domain is not eligible for removal while being associated with this neighbourhood.” If you want to question this, the ticket is usually closed without any comment.

In one of our last tickets, someone finally got in touch with us and revealed a few more details. The reason for the “Bad Internet Neighborhood” appears to be that we “had” registered some domain names that were used for phishing purposes. We removed these, of course, long time ago. The problem Spamhaus seems to have is that they cache their DNS server queries and don’t renew them, thus treating these already removed domains as active forever. This then results in domains ending up on the DBL.

Part of the problem in these cases is that you have providers who are privacy-focused.  MXroute’s @jar explains:

You can provide privacy focused/advertised hosting or you can be in good standing with Spamhaus. No amount of complaining is going to change that, and Microsoft is never going to stop using the Spamhaus DBL for any amount of privacy focused hosts (even if every single one joins together in protest) because no major brand is ever going to be your customer.

And frankly, privacy is one of the things that bad actors want the most so it’s a win-win from their perspective. There’s nothing on your network that enough people need to cause an actual scene, but there will be enough threats originating from your network between registration and reactive handling of abuse complaints that they’ll be facing a net positive by continuing their behavior. Most don’t even bother sending abuse complaints to hosting providers anymore anyway, the payoff no longer justifies the workload.

You don’t have to like it. Don’t shoot the messenger. These are just the facts. Best of luck, but you’re not winning this battle. It’s best to come to terms with it and accept it.

Unfortunately, both Microsoft and Google love Spamhaus, and both donate oceans of money, so they’re not going away any time soon.

Spamhaus reminds me of a military who decides to conduct a bombing campaign with absolutely no regard for collateral damage.  I think in their minds, getting rid of spam (and continuing to get funding) is so important that randomly disabling domains and subnets all over the place is of no consequence.

raindog308

Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.