Spamhaus and Gmail

Today’s been chock full of phone calls and dealing with clients, but I did happen to notice a bunch of people having small herds of cows because Spamhaus listed www.gmail.com on the SBL.
“SPAMHAUS BLOCKS GOOGLE!!!” the headlines scream.
My own opinion is that Google doesn’t do enough to police their network and their users, and that a SBL listing isn’t exactly a false positive or Spamhaus overreaching. In this case, though, the headlines and the original article didn’t actually get the story right.
Spamhaus blocked a range of IP addresses that are owned by Google that included the IP for www.gmail.com. This range of IP addresses did not include the gmail outgoing mailservers.
Spamhaus says

Some Google-owned server IPs hosting severe malicious spam problems – specifically Google’s “Google Docs” service – do get rightly listed in the Spamhaus SBL when Google does not take action fast enough to stop the serving of malicious sites via Google Docs. Such listings act as pointers to the abused resource but do not in any way affect Google’s Gmail service or any Google outbound mail service.

Spamhaus goes on to talk about the responsibility providers have to police their userbase and the fact that large providers who are not policing their users are cost shifting to the rest of us.

We at Spamhaus surely understand the challenges that the cloud service providers face. These problems are not easy to solve and the scale and complexity of the systems involved certainly does not make things easier. What we are puzzled by is how the rest of the internet has to keep carrying the burden of this abuse. The companies that host these services all without exception make hundreds of millions of dollars each year. They employ some of the best and brightest engineers. Surely they can spend a little of their immense resources on making the internet they rely on for their business, a better and safer place.

Unfortunately, Google doesn’t seem to see any value in policing their customers and users. If they can’t make a buck at it, then it doesn’t get done. And if Google’s costs of doing business are shifted to other companies, so much the better. Good for Spamhaus for standing up and pointedly telling Google they can’t keep supporting spam and spammers.

Related Posts

Spamfilters: a marketer's best friend

I was cleaning out my spam folder this afternoon. I try and do it at least once a day, otherwise the volume gets so bad I don’t actually look at the mail I just mark it all as read. I realized, though, that spamfilters are actually a marketer’s best friend.
If there were no spam filters keeping all the crap people get out of their inbox (in my case over 1000 messages a day) then spam would overwhelm even the most dedicated email junkie. I couldn’t do my job without my spam filters, and in fact the recent rash of virus spew is ending up in my inbox and making finding real mail a problem. I do a lot of sorting before mail ever hits my inbox, and I’m still struggling to deal with the couple hundred “your order has shipped!” and “please her tonight!” emails that my local bayesian filters haven’t caught up to, yet.
Today’s stats:
Work inbox: 17 messages
Work spam: 419
95.9% spam
Personal inbox: 40
Personal spam: 975
95.9% spam
Without filters, I couldn’t accurately find that 4.1% of real mail that I get. Without filters, I couldn’t do my job. Without filters, I couldn’t find the real receipts from purchases I actually made. Without filters, I couldn’t read and respond to mail I wanted.
A mailbox overflowing with spam is unuseable, and email marketers should be thankful that providers work so hard to keep spam out. Otherwise, email wouldn’t be useful for anything.

Read More

Spammer loses in the court of public opinion

Columnist Mike Cassidy of the SJ Mercury News dedicates his column today to explaining how horribly a spammer named Michael Luckman is being treated by Spamhaus.
The gist of the story is that Mr. Luckman thinks that because it is legal to purchase lists and send mail that there is nothing anyone can do to stop him from doing so. Unfortunately for Mr. Luckman, this isn’t actually true. Simply complying with the law does not mean that spamming behaviour has to be tolerated by ISPs. What’s more, ISPs have a lot of power to stop him.
His recipients’ ISPs can stop him. Filtering companies can stop him. And his upstream can stop him. In fact, Mr. Luckman’s upstream is GoDaddy, a company that has an abuse desk that is one of the toughest on the Internet. They do not tolerate spamming at all and will disconnect customers that are spamming whether or not there is a SBL listing involved.
Sure, Mr. Luckman is complying, or says he’s complying, with CAN SPAM. But that doesn’t change the fact that he is violating his contract with GoDaddy. Given that admission, I am extremely surprised that the reporter focused so exclusively on Spamhaus’ role in this, without mentioning GoDaddy’s abuse enforcement or that Mr. Luckman has to comply with contracts he signed.
Most reputable marketers agree that sending mail to purchased email addresses is spam. Most recipients agree that mail they didn’t ask to receive is spam. Even the reporter agrees that Mr. Luckman is a spammer. Compliance with CAN SPAM doesn’t mean anyone is required to accept his mail, nor provide him with a connection to the rest of the internet.
This is a lesson Mr. Luckman is having problems learning. Instead of fixing his process so he isn’t sending spam, he contacts a reporter to plead his case in the court of public opinion. Sadly for him, most people hate spam and won’t defend a self admitted spammer against a blocking group. In fact, over 80% of the people who have voted in the “has Spamhaus gone too far” poll have said no. What’s your vote?

Read More

Spam lawsuits: new and old

There’s been a bit of court activity related to spam that others have written about and I feel need a mention. I’ve not yet read the papers fully, but hope to get a chance to fully digest them over the weekend.
First is e360 v. Spamhaus. This is the case that actually prompted me to start this blog and my first blog post analyzed the 7th circuit court ruling sending the case back the lower court to determine actual damages. The lower court ruled this week, lowering the judgment to $27,002 against Spamhaus. The judge ruled that there was actual tortuous interference on the part of Spamhaus. In my naive reading of the law, this strikes me as not only an incorrect ruling, but one that ignores previous court decisions affirming that blocklists are protected under Section 230. Venkat seems to agree with me.

Read More