2017-03-27. Spamhaus has uncovered an anonymously-run DNSBL service which was wholly pirating our data and republishing it as its own work. "Protected Sky" (PSKY) published a DNSBL under the name 'bad.psky.me'. The Protected Sky web site contained almost no information on its data, listing policies or delisting procedures, nor offered any way to request delisting/removal of any listed IP (one of the most important DNSBL Best Practice requirements as defined by RFC6471).

Suspicions were raised when Spamhaus noticed that IP addresses recently listed on Spamhaus DNSBLs would consistently appear in bad.psky.me a short time later. Conversely, IP addresses removed from Spamhaus DNSBLs would disappear from bad.psky.me a short time later. Spamhaus listings made using specially developed methodologies and intelligence and which were thus not likely to be detected or listed by other DNSBLs were found consistently republished in bad.psky.me. On closer inspection no Spamhaus listing was found to not be republished a consistently short time later in bad.psky.me.

3rd parties also observed close synchronization between Spamhaus listings and removals and PSKY listings and removals (ref: Webhostingtalk, Webhostingtalk, Hetrixtools, SpamAssassin mailing list). However, user comments (as seen in the links above) also indicated high false positive rates suggesting that Protected Sky was also pirating data from others including from not-too-reliable or stale data sources in addition to the data it was pirating from Spamhaus. Spamhaus therefore suggested that other DNSBL operators check whether data from their DNSBLs may have also been poached by PSKY.

Protected Sky's access to Spamhaus DNSBL data was traced back through an unaware third party customer of the Spamhaus Datafeed service. As of 23 March 2017 additional security measures were put in place by the customer and Spamhaus to block further unauthorized access to the Datafeed service.

In 2009 Spamhaus exposed a similarly fraudulent fake DNSBL; nsZones.com, which, like Protected Sky, was simply stealing and republishing Spamhaus data as its own work for the purpose of charging unsuspecting users fees to pretend to remove IPs from nsZones.com.

Spamhaus retains all rights to its trademarks, copyrights, and intellectual property. Republication of Spamhaus data beyond contractual agreements is prohibited. Spamhaus DNSBL Usage Terms are easy to find on our website.