Recently the relevancy of Spamhaus and whether it is still necessary has been raised in various discussions and in particular among marketers. I think this is an interesting question for a lot of reasons. One is because there's such a broad range of opinions about Spamhaus and almost none of them are ambivalent. Another is because so many people don't really know what Spamhaus does, other than publish the SBL and ROKSO.
Spamhaus is relevant for a couple of reasons. The biggest is that many receivers actually pay attention to what they say. There are some pretty major ISPs in the US and around the world that use one or more of the Spamhaus provided lists. Their lists are also built into some appliances and filters. Major network providers will act on SBL listings and outright disconnect customers who are on ROKSO.
They are also one of the oldest blocklists around; only the MAPS / Trend Micro lists have been around for longer. Spamhaus has a very large footprint, in terms of organizations that use Spamhaus lists, they probably have the biggest footprint in the world. In the US some of their lists are used by at least one major webmail provider, and there are a number of mid-range ISPs and corporations that use the SBL specifically. At least one commercial filter uses Spamhaus data and many of the others provide interfaces so customers can use the Spamhaus lists.
There is another side to Spamhaus, one that many people don't know or think about. They work extensively with international law enforcement in the realm of spam, botnet and organized crime gangs. Sadly I can't speak to many specifics as much of my knowledge of this comes from MAAWG and "What happens at MAAWG stays at MAAWG." But Agent Grasso was very clear that one of the reasons the DNS Changer working group happened was the intelligence that Spamhaus (among others) collected about Rove Digital and presented to the FBI.
Many marketers and senders have had frustrating interactions with Spamhaus in the past. Marketers don't always like Spamhaus' perspective on permission and the responsibility a sender has to verify the recipient wants mail. By the same token, Spamhaus reps have had frustrating interactions with marketers and senders in the past. Spamhaus doesn't always like marketers' perspective on using inboxes as an advertising venue.
These interactions have translated into a contentious relationship that goes a little beyond the specifics of a particular SBL listing. During negotiations for what needs to happen each side expects the other side to cave, and neither side wants to give in at all. There have been cases where Spamhaus has given some marketer the benefit of the doubt and delisted. In at least a few of those cases, they then had to go back and re-list because the marketer didn't do what they agreed to do. Every marketer that fails to follow through on their end of the agreement reinforces the distrust.
There's also a bit of a language gap. Spamhaus has been willing to work with marketers, but not always in a way that made marketers feel like they were being accommodated or understood. Marketers have been willing to work with Spamhaus, but not always in a way that made Spamhaus feel like they were being accommodated and understood.
Given some of the marketers that have blatantly lied to them in the past, Spamhaus' perspective is understandable. With that being said, though, they are becoming more willing to work with marketers and ESPs. A number of us in the delivery space have talked, educated, and discussed issues with Spamhaus volunteers to effect this change. I have seen changes how some of the SRs are willing to work with marketers, particularly in the last couple years. I have seen how they are more willing to work with me, and some ESP representatives, as partners in removing abusive mail from the email ecosystem.
There is a lot of work Spamhaus does outside the public sphere. Spamhaus has a good reputation with ISPs, with law enforcement and with a lot of technology companies. And that's not just for the SBL and ROKSO listings, but some of their other lists. Their most widely used list is the PBL, which targets end user machines that shouldn't be sending mail directly per the policies of the broadband ISPs. The XBL lists machines that appear to be infected with viruses and may be part of botnets. Many ISPs take the XBL reports, either directly or through third parties, and use them to contact users and fix their machines. The DBL lists URLs currently abused by spammers and phishers or that are being used in the transmission of viruses.
I believe Spamhaus is relevant, but what I think is not terribly meaningful. What is meaningful is that many people in the receiver community find Spamhaus relevant enough to use their data and listen to their opinions. It is the receiver support which makes Spamhaus an important consideration for senders. Without the receiver support, Spamhaus would be just another one in thousands of rarely used blocklists.
Related topics: Spam
|Cybersquatting||Policy & Regulation|
|DNS Security||Registry Services|
|IP Addressing||White Space|
Minds + Machines
Neustar DNS Services
Neustar DDoS Protection