The Spamhaus Project

blog

Blackhats and Grayhats

by The Spamhaus TeamFebruary 15, 20084 minutes reading time
Service providers
Deliverability
Spam

(From a discussion in a private anti-abuse industry workgroup list in November 2007 regarding the need for extensive restructuring of e-mail systems due to spam; reproduced with permission...)

Someone Else wrote:

*>And that is entirely due to the f_____s who are abusing the s__t

out of the net right now, not sys admins who are trying desperately

to hold up their end of the bargain. The responsibility lies entirely

and squarely on them. Beyond their arrest I would love to see them

literally keel hauled. Repeatedly.*

Quentin Jenkins answered: I share your sentiments on the arrest and dissolution of the criminals. But I'm afraid that when it comes to the good and righteous sys admins of the world, and anyone else who treads the Internet, I find plenty of shades of gray. If you don't want to read the rant, the executive summary is Edmund Burke's "All that is necessary for the triumph of evil is that good men do nothing."

Now, I don't mean to come down on anyone on this list personally. This is a very special group and we're all doing the best we can against spam and abuse. And indeed the problem isn't so much at the level of individuals as it is at corporations, networks, institutions, bureaus and organizations which take on a life of their own. But still, the people on this list touch on many of those larger entities which are tolerating the problem. The bad guys are right there in front of us and we're letting them stay there.

Who's doing that, you ask? Well, again my aim isn't to point fingers, so any names are purely exemplary and there are others which could take their place. But, as a short list to illustrate the problems, there is/are:

Anyone who transits traffic for Intercage/Atrivo, Hostfresh, ZBYD, Newspeed or a variety of other fully evil networks. (hi, those which peer with them; hi, networks which don't promptly null out rogue Chinese IDCs or other criminal lairs.) Backbones which knowingly allow abuse downstream of them. Anyone who says that they're so big they can't possibly run a clean ship, I've heard that Level3 is now the world's largest carrier, and they can do it: http://www.spamhaus.org/sbl/listings.lasso?isp=level3.net (zero SBLs!)

Hosting companies who neglect to monitor abuse@, who think that warning dedicated spammers will stop them, and who to this day say "but it wasn't sent from my network..." (etc.)

Consumer connectivity providers who won't block port 25, who can't keep up with the support needs of an infected user base, who so far have been none too hasty to implement walled gardens, and who allow known hard-core abusers to retain broadband connectivity for years ...as long as their actual spam is committed via other networks. (heard that one before?)

Registrars which won't establish minimal rules of accountability and legitimate use. (don't even start on ICANN.)

Senders -- good, legitimate, clean whitehats -- who, when it comes time to write down best practices as an industry standard document, refuse to come to terms with their own acquisition demons and say in the clearest possible terms, "OPT IN ONLY".

The Mondo-Eyeball corporations which make free services available to spammers, then can't be bothered with all that pesky work of enforcement that others who sell similar services find necessary.

Software vendors with inadequate security controls. 'Nuf said.

End users who haven't bothered to learn basic survival skills. Educators who don't make the survival lessons accessible enough.

Legislators, executives, judiciary and bureaucrats who pander to special interests and ignore public interests, industry experts and even their own specialist departments such as DHS CERT. Lobbyists, industry groups and any of the electorate who isn't constantly pestering their representatives to enforce existing laws and create better, stronger ones. (I'm guilty.)

Law enforcement, particularly at Attorney General and high bureaucracy levels, which is waiting for the perfect case and not willing to take any risk on the politics or precedents to get bad guys into court. (Why's Ralsky sleeping at home?)

I'm sure there are plenty more, and if I've gone too soft on myself, mea culpa. If anyone here is feeling personally skewered, I'm sorry, that wasn't my intent, but how about doing something to change the reason for it? The whole point is that we know these holes exist, we know they breed pestilence, so what are we doing about it?

Help and recommended content

See below for helpful articles and recommended content

Sex education in the classroom? Google can help, but there is a compromise!

It’s not uncommon for popular services to eventually fall victim to abuse. In this case, we explore how spammers are using Google Classroom to lure their victims (at elementary school!) to dating websites and generate revenue via affiliate programs associated with such sites.

Service providers
Investigations
Blog • April 16, 2024 • The Spamhaus Team

WHOIS: identification or correlation?

Recently, WHOIS data was used to uncover a large cluster of domains used for a fake URL-shortener scheme and a massive SMS phishing operation, known as Prolific Puma. Spamhaus Technology's Head of Data Carel Bitter explores why this case is particularly interesting and the role of WHOIS data in identification and correlation.

Service providers
Investigations
Blog • December 07, 2023 • Carel Bitter

DNS abuse: ICANN call for action – but is it enough?

ICANN's proposed amendments to registry and registrar contracts (RARAA), tackle DNS abuse head on, a positive step in the fight against internet abuse and cybercrime. But, are they enough? Read our thoughts here.

Service providers
Spam
Blog • July 25, 2023 • Carel Bitter
Home
Home
...
Home