The Spamhaus Project

blog

Enable badness and the stats will speak for themselves

by The Spamhaus TeamJuly 23, 20193 minutes reading time

Jump to

Introduction

On numerous occasions we hear the argument from companies offering Internet related services that abuse isn’t their problem. However, the nub of the matter is that if your business is enabling malicious behavior to take place on the Internet it is your problem, and sooner or later it’s going to come back and bite you.

Slippery shoulders

Spamhaus has been part of this industry for a long time, and it's interesting to note reoccurring themes. One is particularly dominant; the denial of an operator that their service is enabling abuse. Across all areas of the industry; whether it's a registry, transit provider, or any other of the multitudes of suppliers who make up the internet ecosphere, there's regularly one who passes the buck, denying that their services are aiding (be that intentionally or not) cyber-criminals.

Sadly the facts are just that... facts

The work we do at Spamhaus isn't witchcraft (despite any rumors you may have heard). Those who work and volunteer for Spamhaus do it for the good of the internet. This may sound cheesy, but that's the truth of it. We don't randomly point to any old service provider, pulling a set of statistics out of thin air. Our researchers, with years of experience, are consistently working to identify and track badness, ultimately listing malicious domains and IPs. We report on this data, holding up a mirror to businesses who are failing to keep badness off the internet. If they weren't failing in this area, they wouldn't be listed.

The past is proof

Historically we've witnessed various companies ignore the messages we were providing in our reports but eventually, the ramifications of abuse catches up with them and the fall out is always negative; from loss of business to law enforcement requests.

Let's look at a hosting company that did not enforce its 'Acceptable Use Policy' properly for many years. They were considered to be a haven for spam, phishing, and malware operations. At one point, their largest customer was a spammer that we had listed on our ROSKO list. This spammer caused their entire ASN to be blocked at network edges and by multiple threat intelligence providers, including Spamhaus.

The result was a significant churn of customers, escalating support costs, and difficulty in attracting new business. Additionally, this hosting company had some customer servers seized by law enforcement. Naturally, this compounded the bad publicity.

These incidents, alongside others drove this hosting company to enforce an 'Acceptable Use Policy' and build a dedicated team that was responsible for keeping the network as clean as possible, turning around the reputation of this company. Had they taken action earlier, in relation to the abuse that was being reported on their network, it’s safe to assume that revenue and reputation wouldn’t have been so badly damaged.

Don't shoot the messenger

In the words of Sophocles in Antigone, "For no man delights in the bearer of bad news." We understand that. Indeed, we would prefer to be reporting on falling numbers with multiple operators dropping off our lists, but sadly the facts speak for themselves - this year we've seen monthly averages of botnet command and controller listings more than double!

Everyone who has a role in the running of the internet has a responsibility to put processes and procedures in place to stop abuse. Loopholes that are allowing cyber criminals to operate need to be closed. No single company is absolved of this responsibility.