Home / Blogs

Is Spamhaus Still Relevant?

Laura Atkins

Recently the relevancy of Spamhaus and whether it is still necessary has been raised in various discussions and in particular among marketers. I think this is an interesting question for a lot of reasons. One is because there's such a broad range of opinions about Spamhaus and almost none of them are ambivalent. Another is because so many people don't really know what Spamhaus does, other than publish the SBL and ROKSO.

Spamhaus is relevant for a couple of reasons. The biggest is that many receivers actually pay attention to what they say. There are some pretty major ISPs in the US and around the world that use one or more of the Spamhaus provided lists. Their lists are also built into some appliances and filters. Major network providers will act on SBL listings and outright disconnect customers who are on ROKSO.

They are also one of the oldest blocklists around; only the MAPS / Trend Micro lists have been around for longer. Spamhaus has a very large footprint, in terms of organizations that use Spamhaus lists, they probably have the biggest footprint in the world. In the US some of their lists are used by at least one major webmail provider, and there are a number of mid-range ISPs and corporations that use the SBL specifically. At least one commercial filter uses Spamhaus data and many of the others provide interfaces so customers can use the Spamhaus lists.

There is another side to Spamhaus, one that many people don't know or think about. They work extensively with international law enforcement in the realm of spam, botnet and organized crime gangs. Sadly I can't speak to many specifics as much of my knowledge of this comes from MAAWG and "What happens at MAAWG stays at MAAWG." But Agent Grasso was very clear that one of the reasons the DNS Changer working group happened was the intelligence that Spamhaus (among others) collected about Rove Digital and presented to the FBI.

Many marketers and senders have had frustrating interactions with Spamhaus in the past. Marketers don't always like Spamhaus' perspective on permission and the responsibility a sender has to verify the recipient wants mail. By the same token, Spamhaus reps have had frustrating interactions with marketers and senders in the past. Spamhaus doesn't always like marketers' perspective on using inboxes as an advertising venue.

These interactions have translated into a contentious relationship that goes a little beyond the specifics of a particular SBL listing. During negotiations for what needs to happen each side expects the other side to cave, and neither side wants to give in at all. There have been cases where Spamhaus has given some marketer the benefit of the doubt and delisted. In at least a few of those cases, they then had to go back and re-list because the marketer didn't do what they agreed to do. Every marketer that fails to follow through on their end of the agreement reinforces the distrust.

There's also a bit of a language gap. Spamhaus has been willing to work with marketers, but not always in a way that made marketers feel like they were being accommodated or understood. Marketers have been willing to work with Spamhaus, but not always in a way that made Spamhaus feel like they were being accommodated and understood.

Given some of the marketers that have blatantly lied to them in the past, Spamhaus' perspective is understandable. With that being said, though, they are becoming more willing to work with marketers and ESPs. A number of us in the delivery space have talked, educated, and discussed issues with Spamhaus volunteers to effect this change. I have seen changes how some of the SRs are willing to work with marketers, particularly in the last couple years. I have seen how they are more willing to work with me, and some ESP representatives, as partners in removing abusive mail from the email ecosystem.

There is a lot of work Spamhaus does outside the public sphere. Spamhaus has a good reputation with ISPs, with law enforcement and with a lot of technology companies. And that's not just for the SBL and ROKSO listings, but some of their other lists. Their most widely used list is the PBL, which targets end user machines that shouldn't be sending mail directly per the policies of the broadband ISPs. The XBL lists machines that appear to be infected with viruses and may be part of botnets. Many ISPs take the XBL reports, either directly or through third parties, and use them to contact users and fix their machines. The DBL lists URLs currently abused by spammers and phishers or that are being used in the transmission of viruses.

I believe Spamhaus is relevant, but what I think is not terribly meaningful. What is meaningful is that many people in the receiver community find Spamhaus relevant enough to use their data and listen to their opinions. It is the receiver support which makes Spamhaus an important consideration for senders. Without the receiver support, Spamhaus would be just another one in thousands of rarely used blocklists.

By Laura Atkins, Founding partner of anti-spam consultancy & software firm Word to the Wise. More blog posts from Laura Atkins can also be read here.

Related topics: Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

DNS on Defense, DNS on Offense

Managing Outbound Spam: A New DNS-based Approach For Stopping Abuse (Webinar)

MarkMonitor Fraud Intelligence Report, Q4 2011

MarkMonitor Fraud Intelligence Report Released for Q2 2011

The Botnet-Counterfeit Drugs Connection

New Monthly Fraud Intelligence Report Now Available

MarkMonitor to Highlight Importance of Cross-Functional Approach to Brand Protection

Paid Search Ads Can Lead to Fake Goods

Open Phishing Season

.ORG Highlighted for Success in Fighting Phishing

Latest Brandjacking Index Examines How Fraudsters Abuse Financial Brands

New Report Shows .INFO Domain Safest from Phishing Attacks

MarkMonitor AntiFraud Solutions Combine Proven Antiphishing and Expert Antimalware Capabalities

COCC Partners with MarkMonitor for Anti-Phishing Services

ICANN Mexico City Meeting Brings a Significant Shift in Direction for Brand Rights Holder Issues

MarkMonitor Year-in-Review Report Finds Online Abuse of Major Brands Was a Growth Industry for Fraud

Committed to Keeping the Internet a Safe Place

Spam Arrest Chooses UltraDNS to Enhance Service Delivery

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi