BLOG

Spamhaus on ESPs

Promoted from yesterday’s comments, Spamhaus comments on my discussion of filtering companies getting tired of ESPs.

You hit the nail square on, Laura.

As Laura knows but many here might not, I am with the Spamhaus project. At one time I was leading efforts to clean up ESP spam. I am not deeply involved with ESP listings any longer. I can however testify that ESPs ask Spamhaus volunteers for a great deal of information about their SBL listings, considerably more than most ISPs or web hosting companies. Certain team members avoid ESP listings except in extreme cases because they don’t want to spend that much time on one SBL.

Whilst I was doing many ESP listings, I attempted to provide requested information, often at great length, with mixed results. In one notable case, an ESP that I provided with a report on hits from that ESP’s IPs on our spamtraps took that report and turned around their entire business. They had been an average ESP: not worse than most ESPs, but not better either. It’s been about three years now. This ESP is now in any list of the least spam-friendly two or three ESPs in the business. I’m honored to have been able to contribute to that change, am delighted at the results, and have learned a great deal from that ESP’s abuse team, which is superb.

That hasn’t happened often, though. I’ve provided similar reports to a number of other ESPs; I try not to play favorites. It is Spamhaus policy not to treat ISPs, ESPs, web hosts, and others whose IPs are listed for spamming differently except based upon our observations of which responds to spam issues effectively and which do not. I would also rather see a spam problem fixed than a spammer terminated just to move somewhere else and continue to spam.

The spam flow from many ESP customers that I reported to the ESP dropped, then slowly rose to previous and often higher levels. There are strings of SBL listings as a spam problem is mitigated, then inexplicably (according to the ESP) comes back. I do not find most of those recurrences inexplicable. I conclude, in many cases, that the ESP is unwilling to do the proactive work necessary to catch most spam before it leaves their IPs, even when they know what needs to be done.

To make matters clear, the ESP representatives that I communicate with are not usually to blame for this problem. Their managers and the policymakers at the ESP are to blame. The decisionmakers at the ESP are not willing to require paying customers to adhere to proper bulk email practices and standards and enforce permanent sanctions against most who fail to do so.

Granted, some customers resist not because they are deliberately spamming non-opt-in email addresses, but because they think that quantity (of email) is more important than quality. Such customers don’t want to see lists shrink even when those lists are comprised largely of non-responsive deadwood email addresses. Such customers send a great deal of spam and annoy a great many of our users, who really do not care whether the spam problem is due to carelessness or deliberate action.

In other cases, of course, ESP customers resist following best practices because they cannot. They are mailing email appended and purchased lists. If they don’t maintain some sort of plausible deniability about the sources of those lists, they know that we will list their IPs (at the ESP and elsewhere) and refuse to remove those listings til they do.

In either case, an ESP that is unwilling to impose sanctions on customers whose lists persist in hitting large numbers of spamtraps after repeated mitigation attempts needs to fire those customers. Otherwise it is failing to act as a legitimate bulk emailer. Such ESPs must expect to see their IPs blocked or filtered heavily because they deliver such large quantities of spam compared to solicited email.

3 comments

  1. Wiping the cobwebs away | blog.inboxplacement.com says

    […] still hear the whispers about gmail changes, out with the old and in with the new, Spamhaus planting a gentle kiss in regards to how they deal with ESPs; what does this mean? will anything […]

  2. Benjamin says

    This is perfectly understandable, from Spamhaus, Cloudmark or Spamcop’s point of view.
    However, I don’t know what “change” will be enforced by Cloudmark and Spamcop, but I do hope they’re not going to be impossible to contact as Gmail is.
    Hotmail _is_ contactable and offers an awesome amount of data for ESPs to use. However, they have boundaries, and in some cases, it is impossible to have the slightest explanation for something that doesn’t make any sense at all. I deplore it.

    My point is, it is totally legitimate for filtering companies to not waste any time with bad actors. In the meantime, there should still be room for un-educatedly bad actors who are willing to become good actors. Also, it would be good that good actors are not impacted by these recent measures.
    Taking my employer’s case, we’ve been listed on Spamhaus twice in the past 10 years. Never on Spamcop. Sometimes Cloudmarks blocks a few IPs. We take these signs as such: signs that something is wrong on the inside ; and we clean the mess.
    Now, it might happen that someday, we’ll need to get in touch with such authorities ; I would like to still have the ability to do so, and not seeing closed doors because bad actors behaved poorly.

  3. G B says

    I have to contribute a flip side to this: ESPs are extremely unhappy to contribute hard data to mass mailers using their service. I figured the first thing to ask when detecting signs of bulking was ‘global % of complaints vs emails to ‘. no dice – they don’t even have that, not to mention a possible per-campaign drilldown.

    and then they come over crying to spamhaus and ISPs and spam filter providers to do the very same thing they don’t provide to their customers, in order to cut on their own support costs???

    boy, am I mad now.

Comment:

Your email address will not be published. Required fields are marked *

Archives