Nameless and faceless

Ken Magill wrote about Spamhaus last week. In the article he commented about the volunteers.

By most accounts, the folks responsible for maintaining Spamhaus’s blacklists can be a very annoying group to deal with—mainly because they’re faceless and unforgiving.

Today, Ken published a response from Steve Linford, the head of Spamhaus. The response is well worth a read and I encourage you to head over to Ken’s site to read the whole thing.
I didn’t comment last week, mostly because I negatively reacted to the “faceless and unforgiving” comment.
I’ve had lots of interactions with Spamhaus volunteers over the years. And, yeah, I have had the occasional interaction that was frustrating on all sides. I was annoyed, my clients were annoyed and Spamhaus was annoyed. But these experiences are memorable because they’re so rare. Most of the time, the Spamhaus rep is polite and professional.
In my experience, Spamhaus is quite forgiving of honest mistakes. There was one memorable incident a few years ago where I got very descriptive email, including screenshots, from the CEO of one of my clients. That client had a spammer get on their network and trigger a SBL listing. One of the founders went in and disconnected the customer. But, the customer had called in and gotten their new abuse desk person on the phone and managed to get turned back on. Spamhaus was very understanding and the listing was taken down very promptly.
There are two situations where Spamhaus reps have “acted unforgiving.”

  1. When the resolution proposed by the listee won’t do anything to stop unsolicited mail.
  2. When there is a history of spam and broken agreements and repeat behaviour from that particular sender.

I think in both of these situations “unforgiving” is not unreasonable. Spamhaus’ goal is to protect their customer networks from spam. Delisting an entity when their proposed fix won’t actually fix whatever caused the listing in the first place makes no sense. Yes, it’s frustrating to the listee, but in this case Spamhaus’ role is to be the gatekeeper. Likewise, I think volunteers are smart to be cautious when dealing with someone who has repeatedly broken delisting agreements.
As for faceless, well, Ken has it semi-right. Spamhaus volunteers are regulars at MAAWG and I consider some of them friends. Here’s the thing, though, I work for my clients through the sbl-removals@ address, and there are actually listings where I couldn’t tell you which volunteer I was dealing with. It doesn’t really matter, though, they are SR-whatever and acting as a representative of Spamhaus.
The service Spamhaus provides is unique and important. Not only are their lists trusted by large ISPs, but their data is also trusted by law enforcement throughout the world. Without the work done by Spamhaus, a lot of us would have a lot more spam in our inboxes. I know sometimes they block IPs at the most inconvenient times: some delivery friends swear that Spamhaus reps know their vacation schedule.
Overall, though, the Internet is better for having the “nameless and faceless” Spamhaus volunteers than it would be otherwise.

Related Posts

Spamtraps are not the problem

Often clients come to me looking for help “removing spamtraps from their list.” They approach me because they’ve found my blog posts, or because they’ve been recommended by their ISP or ESP or because they found my name on Spamhaus’ website. Generally, their first question is: can you tell us the spamtrap addresses on our lists so we can remove them?
My answer is always the same. I cannot provide a list of spamtrap addresses or tell you what addresses to remove. Instead what I do is help clients work through their email address lists to identify addresses that do not and will not respond to offers. I also will help them identify how those bad addresses were added to the list in the first place.
Spamtraps on a list are not the problem, they’re simply a symptom of the underlying data hygiene problems. Spamtraps are a sign that somehow addresses are getting onto a list without the permission of the address owner. Removing the spamtrap addresses without addressing the underlying flaws in data handling may mean resolving immediate delivery issues, but won’t prevent future problems.
Improving data hygiene, particularly for senders who are having blocking problems due to spam traps, fixes a lot of the delivery issues. Sure, cleaning out the traps removes the immediate blocking issue, but it does nothing to address any other addresses on the list that were added without permission. In fact, many of my clients have discovered an overall improvement in delivery after addressing the underlying issues resulting in spamtraps on their lists.
Focusing on removing spamtraps, rather than looking at improving the overall integrity of data, misses the signal that spamtraps are sending.

Read More

New Spamhaus lists

Spamhaus announced today they are publishing two new BGP feeds: Extended DROP and the Botnet C&C list. These lists are intended for use inside routers in order to stop all traffic to or from listed IP addresses. This is a great way to impact botnet traffic and hopefully will have a significant impact on virus infections and botnet traffic.
In other news I’ve been hearing rumbling about changes at Yahoo. It looks like they have changed their filters and some senders are feeling lots of pain because of it. It looks like senders with low to mid range reputations are most affected and are seeing more and more of their mail hit the bulk folder. This afternoon I’m hearing that some folks are seeing delivery  improvements as Yahoo tweaks the changes.

Read More

Spammer prosecuted in New Zealand

Today (well, actually tomorrow, but only because New Zealand is on the other side of the date line) the NZ Department of Internal Affairs added a 3rd statement of claim against Brendan Battles and IMG Marketing. This third claim brings the total possible fines to $2.1 million.
Brendan is a long term spammer, who used to be in the US and moved to New Zealand in 2006. His presence in Auckland was noticed by Computerworld when a number of editors and staffers were spammed. When contacted by the paper, Brendan denied being involved in the spam and denied being the same Brendan Battles.
New Zealand anti-spam law went into effect in September 2007. The Unsolicited Electronic Messages Act 2007 prohibits any unsolicited commercial email messages with a New Zealand connection, defined as messages sent to, from or within New Zealand. It also prohibits address harvesting.
The Internal Affairs department also appears to be investigating companies that purchased services from Brendan Battles.

Read More