SpamHaus RBL --- as bad as the spammers?

darklord1

Well-Known Member
Jul 8, 2006
58
0
156
cPanel Access Level
Root Administrator
I've found over the years that spamhaus and other Anti-spam software is GOOD, but seriously needs more work done.

I'm asking the community of cPanel users, as well as other users of linux systems to come together and address a singular problem that has not only come to my attention, but many others.

I've found that Spamhaus and others of it's like are not handled correctly.

In the past, I've seen a single client of mine, put my server on a blacklist(correctly). and was happy to get the client off, and apply additional measures dictated by the anti-spam company in place(notice I said dictated and NOT requested, or reasonably asserted). Then I replied back, and sometimes I'd get delisted, other times I'd get absolutely NO RESPONSE. I was then forced to change server ips.


At other times, I've found my server blocked due to another system entirely(being on the same network), and the whole range was blocked. And that time, I had to change hosts.

There has also been evidence of "Lack of response" is enough to keep you(or your range), blocked, despite that being on their list prevents your mail from reaching them or they just ignore it, and the spammer has been suspended/terminated.

They've also used the keeping you on their list in order to force you to provide customer information to them, such as the name of the individual who owns the account that was spamming(a contention I have yet to comply with).

I find that they abuse their position they've created and find their behavior absolutely destructive to business'

From a HOSTS point of view, not a spammer.

I AM 100% AGAINST SPAM, and want it removed from the world entirely. but when the cops become as bad as the criminals, someone needs to step in.

I would like to ask the community at large to 1, help me and/or others to create a spam database FAR better than spamhaus. I also ask that once this system is created, please stop using spamhaus, and remove it from cPanel and other control panels.

We need to stand up to these guys, it's horrible.

Other article(Not written by me, and is 3 years old, and I'm experiencing this same problem now):
SpamHaus – Irresponsible Net Citizens


Please also check out their Legal section:
The Spamhaus Project - Frequently Asked Questions (FAQ)

What? So I have no legal action to take against them.... legitimately, but due to their size, they are as powerful as Google, for example when google lists your site as malware... and I have no issues with Google whatsoever. Their listing is intelligently done, and removal is proceduralized and easily complied with as well as continual verification that their listing is accurate.

SpamHaus can I get my money back for the lost of data since you wont remove me?

The Spamhaus Project - Frequently Asked Questions (FAQ)
Last Section on their Legal Question:

Security for Costs
Due to the well-known untrustworthy nature of spammers, where a non-UK resident entity attempts to bring a lawsuit against Spamhaus in the UK, Spamhaus will in every case invoke the UK's Security for Costs law requiring the plaintiff to pay in full, in advance and before any legal case can commence, Spamhaus' entire legal cost estimate of defending the case, as a bond to prevent the plaintiff from skipping the country on losing the case without paying Spamhaus' legal costs in full.

Spammers should be advised that frivolous US-style SLAPP suits, filed in the hope of harassing one's opponent, are not possible in the UK.


The Internet is huge, and since there is absolutely no recourse that we can take legally, we should boycott and work hard to say, I'm not accepting this, and will work to fight this.


I would also like to suggest that a 3rd party investigates and maintains a list of Good working RBL's that are found to be operating with the standards set by the community.

I'd like your feedback on this.

Thank you,

Greg Borbonus

Please contact me at: gregborbonus [at] gmail [dot] com
Facebook: /http://facebook.com/rbl.standards
 
Last edited:

darklord1

Well-Known Member
Jul 8, 2006
58
0
156
cPanel Access Level
Root Administrator
Rbl standards

As a possible solution RBL's abusing their authority, I've obtained the domain name: rblstandards.org.

I fully intend for this to be a COMMUNITY driven site, I want everyone with an opinion on RBL's to show up and discuss their desires.

As there are FAR too many hosts and ISP's out there to incorporate, we will only be actively incorporating ISP's and hosts into our board. These members will all vote on various standards,that should be applied to RBL's,s ubmitted by members of the board and community members through our forums and/or RBL standard submit page.


After we all vote, a standards list will be made PUBLICLY available, as well as a list of RBL's that have actively adhered to the standards and are safe to use without worry that their conduct is unchecked.

We do not feel that it's a viable solution to have members of the board be owners of "banks and other corporations" but rather we need members of the community who have a stake in it. Those who not only want to block spam, but also protect the interests of hosts that are 1, not responsible for all the spam coming off their network as hosting is an industry that REQUIRES minimal manpower in order to have sustainability. Not even the big hosts can monitor each and every script on their server to stop possible spam.


TOGETHER, as a COMMUNITY, we can put an end to this cycle of abuse currently being employed by RBL's that cost companies money, time, and resources.

I personally think it's ridiculous that a host who has 1000+ domains on their network, has their ip blocked because 1 spammer on the network spams out a mailinglist, and then finds it's impossible to get delisted after they've spent several hours and hundreds of dollars complying with the standards of a 3rd party who has no standards of their own.

It's time we make some!

Join me on Facebook:
/http://facebook.com/rbl.standards

Contact me directly: gregborbonus [at] gmail [dot] com

In the making:
/http://rblstandards.org/
 

ChrisFirth

Active Member
PartnerNOC
Apr 10, 2008
35
0
131
cPanel Access Level
DataCenter Provider
In my opinion, SpamHaus is one of the better lists. If you think they are bad, try SORBS (not sure if it's any better since it has changed hands a while back) or UCEPROTECT (pay for delisting or wait 7 days). I have dealt with and still deal with a large amount of spam complaints on a daily basis - both from the sending and receiving end. I am yet to come across a case of being listed in error, every time the servers in my networks have been listed it has been due to a spam sender. When I have requested removals in the past it has been quick and painless.

(notice I said dictated and NOT requested, or reasonably asserted
To be fair, it is their spam list and they can do what they want with it. If the spam list is ****, then people don't use it. If it is good, people do use it.

At other times, I've found my server blocked due to another system entirely(being on the same network), and the whole range was blocked. And that time, I had to change hosts.
The cases of this I have heard have all been due to the hosting provider not doing anything about spam problems within their network. If they don't deal with the customers that ARE spamming then something else to get their attention needs to be done. In my opinion this is a good idea, it gives hosters and incentive to remove the spammers from their network. IMO the complaint for this should be directed to the host and not spamhaus, they don't just list net blocks for the fun of it.

They've also used the keeping you on their list in order to force you to provide customer information to them, such as the name of the individual who owns the account that was spamming(a contention I have yet to comply with).
I have not encountered this myself, but I am going to assume this is because the spammer is potentially listed on the ROKSO database.

I also ask that once this system is created, please stop using spamhaus, and remove it from cPanel and other control panels.
With the current policies and the way spamhaus currently works, I personally will not be changing any of my servers from the spamhaus list.

What? So I have no legal action to take against them.... legitimately, but due to their size, they are as powerful as Google, for example when google lists your site as malware... and I have no issues with Google whatsoever.
And rightly so. How would you like it if ever second person contacting you about your spam list threatens you with legal action? As I said earlier, there is a reason a large amount of servers use spamhaus and not other less known small DNSBL's - because it works and it works well. If the list is ****, then people won't use it.

SpamHaus can I get my money back for the lost of data since you wont remove me?
I don't understand where the data loss is coming from. If you send an email, most email clients keep a copy in a sent items folder. If you are sending attachments you will have a copy locally. Depending on the recipients mail server configuration you will get a bounce back stating your email has not been delivered, usually with the email text attached.


When I read further into your second post I saw this little gem:
also protect the interests of hosts that are 1, not responsible for all the spam coming off their network as hosting is an industry that REQUIRES minimal manpower in order to have sustainability.
Hosts are 100% responsible for the spam coming off their network. I can't believe I am reading this! If the spammers have no way to send spam it stops. If they are allowed to continue sending spam, they will. If you cannot grasp that simple concept your entire allocation of IP's should be blocked. If a customer is doing a DDoS attack is that also not your responsibility to deal with it? Without this being done there would be no point to running a DNSBL. If they don't list an entire netblock all the spammer has to do is jump to a different IP in the hosters range. Before long, the entire range will be blocked anyway.

From what you have said it sounds like this is the EXACT reason you are having problems - you are not looking after your network and other customers (the ones NOT spamming). Stop the spam flowing from your network and the problems will be solved. As it sounds like the hosting is rather spammer friendly, I am not too surprised personal details were requested for the customers - more than likely they are ROKSO listed.

Not even the big hosts can monitor each and every script on their server to stop possible spam.
I suggest you sign up to email feedback loops (eg. Comcast, Hotmail and AOL for starters) so that you get a copy of spam complaints. These contain the headers which making tracking down the spammer a breeze. If it is a dedicated server, you have the IP address of the customer and you can tell them to stop or further action will be taken. If it is a shared hosting server the headers should contain the username that authenticated to send the spam as well as a message ID to check your logs. If you allow users to send emails without authentication locally then you should be logging the source directory at least, if not the script that send the email (there is a patch for PHP to log the script that sends an email, it's called something like mail headers in the options list for easyapache).

I personally think it's ridiculous that a host who has 1000+ domains on their network, has their ip blocked because 1 spammer on the network spams out a mailinglist, and then finds it's impossible to get delisted after they've spent several hours and hundreds of dollars complying with the standards of a 3rd party who has no standards of their own.
I manage an order of magnitude more than 1000 web hosting and email hosting accounts yet I have not encountered any problems with DNSBL's with the exception of SORBS and UCEPROTECT (SORBS has a horrible delisting procedure, UCEPROTECT is pay to delist or wait 7 days). If you take care of your spam problems you won't either.

Anyway, good luck with your black list. If the policies for it will be along the lines of what you have mentioned, it doesn't sound like it will be very effective.
 

Brian

Well-Known Member
Dec 1, 2010
117
3
68
Texas
cPanel Access Level
Root Administrator
The most important thing to understand with RBLs is that they are only as powerful as the community lets them be. There are some absolutely horrific RBLs that hold your listing hostage for thousands of dollars (and that's only to look at it, they may not even remove it after their investigation). People running into such lists are few and far between, though, as the community has opted to simply not use them and therefore nullify their "power".

SpamHaus is one of the leading RBLs simply because the community at large has collectively decided this. Their power rises and falls with the community. If the community decided as a whole that SpamHaus was disingenuous or otherwise a harm to their server, they'd simply cease to use them and make SpamHaus' list merely a list that no one references.

For this very same reason, your approach is the right approach. If you feel their practices are subpar and that your list would be more favorable, the best solution is to indeed create your own RBL and demonstrate its effectiveness in comparison to other RBLs. I encourage this wholeheartedly.

Note that as it stands cPanel & WHM does support the addition of custom RBLs so that they can be toggled on/off just like the ones present in the interface. If your RBL becomes popular enough to warrant it, it no doubt can be put into consideration to be available for toggling on/off by default. Once you feel appropriate demand is there, definitely submit a feature request for it and request that your users share their support in that thread to demonstrate the demand.

One important thing to note about SpamHaus (and all RBLs) is that they are not the ones actually blocking your mail. They simply maintain a list of IPs/CIDR ranges. It is the individual server owners who choose to reference this list and then perform the actual blocking themselves. This is a very important distinction to make.

Something further to consider when reviewing alternative RBLs:

Blacklist Monitor » Statistics of accuracy and failure rates

It's an always up-to-date comparison and test of popular RBLs and their accuracy. This is an awesome comparison because it's about accuracy rather than just sheer numbers of spam blocked.