|Tweet Follow @spamhaus||
Network Hijacking on the Rise
Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs
More Domain Stats: The 10 Most Abused Registrars
SBL/ZEN DNS lookups to return DROP/eDROP status
Spamhaus Presents: The World's Worst Top Level Domains
Verizon Routing Millions of IP Addresses for Cybercrime Gangs
Brazilian internet users suffer SoftLayer's security fail
Network under attack? You might be surprised where that's coming from!
Older News Articles:
Spamhaus News INDEX
|5 March 2011: One year ago this week, The Spamhaus Project released a new spam-blocking advisory list for the world's internet users. Its focus was on the domain side of email filtering. Called the Domain Block List, the DBL has now been in worldwide use for a full year. The reported results have been excellent with the domain filtering ability of the DBL helping "clean up" most of what the front line IP-address based lists may miss - and as with all our data, having virtually no false positives.
The DBL designFollowing in the footsteps of two other excellent domain blocklists SURBL and URIBL, Spamhaus tailored the DBL to work specifically in conjunction with our IP address based lists. We also added some of our own tweaks to the way the our domain blocklist functions. These include a very fast turnaround time from bad domain detection, to the domain being listed in our global blocklist system: 60-seconds! This makes it harder for spammers who register and use thousands of domains to get them by email filters during a lag in the domain blocklist zone being built.
Spamhaus also worked with SpamAssassin who released a version specifically with DBL support: SpamAssassin 3.3.1. This and newer SpamAssassin versions allow users to benefit from the DBL's special "wildcard" feature. Wildcarding defeats a trick spammers use called subdomaining. On one of their domains, they will create thousands of second-level subdomains (e.g. for example.ru, spammers could create spam1.example.ru, spam2.example.ru, spam3.example.ru, etc.). But with DBL wildcarding, once we detect example.ru as malicious, all its subdomains will also be reported to users as malicious.
These features help detect far more spam emails and help drive up the costs to the spammers as domains, even very low cost ones, must still be purchased. Behind the scenes, Spamhaus uses data produced by the DBL to alert registrars to the spammer domains. Over the past year, Spamhaus working in cooperation with these progressive registrars have been able to disable hundreds of thousands of spammer domains.
A New Problem...Due to the success of ISPs and email providers in preventing inbox delivered spam from domains in the DBL and other domain blocklists, spammers have resorted to new tactic: Using URL shortening services (such as bit.ly, is.gd, goo.gl, t.co) to shorten (hide) the real spammer domain/URL with a legitimate shortening service URL.
There are hundreds or more of these URL shorteners (also called redirectors) on the web these days. The cybercriminal-type spammers have tracked down many of them and set up thousands of these short URLs to put in the body of their spams trying to avoid detection by the DBL and other domain blocklist systems.
The spammers also know that by using these legitimate services, ISPs and email providers will be less inclined to block them as it can cause false positives.
...brings a New SolutionOne way to address this problem would have been to treat URL shortener domains the same way as any other spammed domain and include them in our main DBL zone. But, as mentioned, most of these URL shortener serve a legitimate purpose and are used in non-spam emailings. Spamhaus has always worked to avoid the blocklisting of assets that would cause unjustified false positives.
Many URL shortener services have worked hard to eliminate the abuse of their systems. Using several methods they are able to vastly limit the large scale creation of URLs by spammers. Sadly, others have ignored this issue and we continue to see their URLs in millions of spam messages each day.
The best solution was to give users a way to choose what they want to do with these spammed URL shorteners. Spamhaus created a new "URL shortener/redirector" zone in the DBL. By returning a specific code for this zone, filter designers and end-users of the Spamhaus DBL can decide what to do with the information. This may be to block fully, or to score email messages in a way to avoid false positives.
How to use the DBLPlease see our original DBL announcement and our DBL FAQ for information on how to implement the DBL and the new "URL shortener/redirector" zone.
About SpamhausThe Spamhaus Project is an international nonprofit organization whose mission is to track the internet's spam operations, to provide dependable realtime anti-spam protection for Internet networks and to work with Law Enforcement Agencies to identify and pursue spammers worldwide. The number of internet users whose mailboxes are currently protected by Spamhaus DNSBLs now exceeds 1.4 Billion. Founded in 1998, Spamhaus is based in Geneva, Switzerland and London, UK and is run by a dedicated team of 30 investigators and forensics specialists located in 9 countries.
Spamhaus News Index
Spamhaus in the media
Spamhaus Official Statements
Permanent link to this news article:
One year anniversary of the DBL brings a new zone
Subscribe to RSS News Feed
Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.