|
Tweet Follow @spamhaus |
|
|||
![]() QNAMEĀ MinimizationĀ and Spamhaus DNSBLs The beta nature of the Threat Intel Community Portal Want to submit data? Be our guest! The return of the ASN-DROP Qakbot - the takedown and the remediation Poor sending practices trigger a tidal wave of informational listings Spamhaus Botnet Threat Update: Q4-2021 SERVICE UPDATE | Spamhaus DNSBL users who query via Cloudflare DNS need to make changes to email set-up Older News Articles: ![]() ![]() |
While filtering methods for botnet spam are now quite effective, a new breed of static-IP address spammers has evolved, and their spam evades many filters. It is time to target the next great spam problem, "snowshoe" spam.
The Problem of Snowshoe Spam
However, the resemblance to legitimate bulk emailers ends with surface details. Unlike IP addresses ("IPs") used by legitimate bulk emailers, the IPs used by snowshoe spammers are usually either unallocated/un-SWIP'd, or allocated/SWIP'd to small companies that neither we nor anybody else has ever heard of before. Unlike the mail servers and URI domains used in legitimate bulk email, the mail servers and URI domains are either registered with a Whois cloaking service, or, again, to small companies that neither we nor anybody else has ever heard of before. This spam is sent from many small IP ranges on many Internet Service Providers (ISPs), using many different domains, and the IPs and domains change rapidly, making it difficult for people and places to detect and block this spam. Most importantly, while each host/IP usually sends a modest volume of bulk email, collectively these anonymous IP ranges send a great deal of spam, and the quantities of this type of spam have been increasing rapidly over the past few months. Working Toward a SolutionAs with botnet spam, an actual solution to snowshoe spam will require many organizations and many people using a variety of approaches. Our role (and that of any blocklist) is to tell email recipients where the spam is coming from so that they can block, filter or tag it (using our DNS-based blocklist), identify the spammers, and take further action. Recently we decided that we needed a better, quicker way to do this with IPs sending snowshoe spam than manually listing those IPs in the Spamhaus Block List (SBL).
Identifying the Snowshoe SpammersAs the CSS data is built it will also be flagged to the attention of the SBL team, who will continue to create manual listings for active snowshoe ranges, identify the spammers behind snowshoe operations, associate those listings with Register Of Known Spam Operations (ROKSO) records or create new records where appropriate. Spamhaus will also continue our efforts to bring the problem of snowshoe spam to the attention of the world's lawmakers via our direct contacts and our informational postings on the subject. How to Use the New CSS Data
The CSS will be included in For more information about the CSS, please see the CSS web page. 3 December 2009 Blog: Two month "snowshoe" trek results |
![]() ![]() ![]() ![]() ![]() ![]() |
![]() Permanent link to this news article: Announcing the Spamhaus CSS http://www.spamhaus.org/news/article/646/announcing-the-spamhaus-css ![]() |
![]() Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record. |
|