Beyond spam: How Spamhaus is strengthening trust and safety for the Internet

It's all about stopping spam, right?

No. Admittedly, spam was the key motivator behind Stephen Linford's founding of Spamhaus in 1998. Larry Page and Sergey Brin were sitting in a garage building a search engine called BackRub, aka Google. Meanwhile, Steve was sitting on a houseboat, steadily getting increasingly frustrated at the amount of spam ending up in his inbox.

Instead of whining, he took action and started sharing the IP addresses on forums that he observed spewing out these emails. Users could then use these IPs (DNS blocklists) in their email server configurations to filter messages from spammers. Rapidly, the movement gained momentum, with volunteers joining Steve to reduce spam volumes.

So, is there more to the haus than spam?

Absolutely. Nowadays, Spamhaus researchers and threat hunters focus on much more than IPs emitting bulk email without consent. From phishing domains to malware files to cryptowallet hashes and URLs, our experts derive a vast amount of actionable intelligence from the immense volume of global internet signals we observe.

Sharing the Intelligence

Right from its onset, when Steve shared IP addresses to filter spam, sharing data for the good of the Internet has been an intrinsic part of who we are. Our legacy DNSBL servers, located globally, still provide free DNSBLs to organizations that meet our fair use policy. However, like anything legacy, this has been replaced with newer and improved options.

Today, on behalf of the Project, Spamhaus Technology provides real-time DNSBLs to users free of charge. Furthermore, the free data shared on behalf of the Spamhaus Project is also available via various delivery mechanisms. This allows users to use it at the DNS level with response policy zones (RPZ) or for investigations through API access.

Sharing the responsibility of making the Internet safe

Trust and safety on the Internet will never be the sole responsibility of one organization. It takes a vast community to prevent abuse. When it comes to adversaries, it’s a game of whack-a-mole. One bad actor gets shut down, then they pop up elsewhere using different infrastructure and altering their modus operandi. Having solid relationships across the industry (and beyond), tracking and monitoring bad actors, and sharing this intelligence is vital in the fight against malicious Internet behavior.

From assisting with the remediation following takedowns such as Emotet and Qakbot to working with law enforcement agencies such as the FBI and Europol, networks, email service providers, registries, and registrars, to name but a few, it undoubtedly is a community effort.

Broadening the community

There's that word "community" again. Not only does this encompass partnerships with like-minded organizations and providing data free of charge, but it is also about enabling you (and anyone else reading this post) to submit malicious activity you’re seeing. That’s why we created the Threat Intel Community. Whether it’s a single submission or sharing data at volume via an API, it's all possible.

Shining a light on the good and the bad

Given the amount of Internet traffic we see in a day here at Spamhaus, it won’t come as a surprise that we have a pretty good overview of those service providers taking trust and safety seriously and those only interested in their bottom line.

Part of Spamhaus Project's power is that, as an independent non-profit organization, we can advocate for change without any agenda other than for the good of the Internet. This impartiality is a rarity in today’s world. Oh, and let’s not forget our experience (more than two decades of it).

Marry this with the data trends we are observing and the expertise of our team, and you’ll understand that we are in a prime position to highlight which organizations could do better (and, on occasion, which organizations are outright failing) when it comes to doing their bit for the Internet. We want to enable a broader range of Internet users to make better choices and avoid heartache in the long term, educating them about the reputation of their IPs and domains and assisting them in preventing this reputation from being compromised.

In the words of U.S. Journalist Rebecca MacKinnon, “Internet freedom is not possible without freedom from fear, and users will not be free from fear unless they are sufficiently protected from online theft and attack.” So, we will continue our mission of strengthening trust and safety on the Internet to reduce fear and increase freedom.