Blocklist Removal Center
Contacts  |  Official Statements  |  Sponsors  |  FAQs  |  News Blog   
Bookmark and Share Fraudulent fake DNSBL uncovered: Protected Sky (bad.psky.me)
Statement

Category: Report
Updated: 2021-03-20
Statement Ref: S015

Blocklist Help

Blocked? To check, get info and resolve listings go to
Blocklist Removal Center

Associated Documents

How Blocklists Work
Legal Questions
Glossary

Spamhaus has uncovered an anonymously-run DNSBL service which was wholly pirating our data and republishing it as its own work. "Protected Sky" (PSKY) published a DNSBL under the name 'bad.psky.me'. The Protected Sky web site contained almost no information on its data, listing policies or delisting procedures, nor offered any way to request delisting/removal of any listed IP (one of the most important DNSBL Best Practice requirements as defined by RFC6471).

Suspicions were raised when Spamhaus noticed that IP addresses recently listed on Spamhaus DNSBLs would consistently appear in bad.psky.me a short time later. Conversely, IP addresses removed from Spamhaus DNSBLs would disappear from bad.psky.me a short time later. Spamhaus listings made using specially developed methodologies and intelligence and which were thus not likely to be detected or listed by other DNSBLs were found consistently republished in bad.psky.me. On closer inspection no Spamhaus listing was found to not be republished a consistently short time later in bad.psky.me.

3rd parties also observed close synchronization between Spamhaus listings and removals and PSKY listings and removals (ref: Webhostingtalk, Webhostingtalk, Hetrixtools, SpamAssassin mailing list). However, user comments (as seen in the links above) also indicated high false positive rates suggesting that Protected Sky was also pirating data from others including from not-too-reliable or stale data sources in addition to the data it was pirating from Spamhaus. Spamhaus therefore suggested that other DNSBL operators check whether data from their DNSBLs may have also been poached by PSKY.

Protected Sky's access to Spamhaus DNSBL data was traced back through an unaware third party customer of the Spamhaus Datafeed service. As of 23 March 2017 additional security measures were put in place by the customer and Spamhaus to block further unauthorized access to the Datafeed service.


In 2009 Spamhaus exposed a similarly fraudulent fake DNSBL; nsZones.com, which, like Protected Sky, was simply stealing and republishing Spamhaus data as its own work for the purpose of charging unsuspecting users fees to pretend to remove IPs from nsZones.com.


Spamhaus retains all rights to its trademarks, copyrights, and intellectual property. Republication of Spamhaus data beyond contractual agreements is prohibited. Spamhaus DNSBL Usage Terms are easy to find on our website.


Statements Index

Fraudulent fake DNSBL uncovered: nszones.com

Fraudulent fake DNSBL uncovered: Protected Sky (bad.psky.me)

EMarketersAmerica vs. The Spamhaus Project

Popular Myths About Spamhaus

Case Answer: e360Insight vs. The Spamhaus Project

TRO Answer: e360Insight vs. The Spamhaus Project

Case Dismissed: Ames & McGee v The Spamhaus Project

Spamhaus IPv6 Blocklists Strategy Statement

Report on the criminal 'Rock Phish' domains registered at Nic.at

DDoS and Virus Attacks on Spamhaus

Spamhaus Position on CAN-SPAM Act of 2003


Copyright © 2021 The Spamhaus Project SLU. Reproduction from "Fraudulent fake DNSBL uncovered: Protected Sky (bad.psky.me)" is permitted provided you quote the source as "The Spamhaus Project" and provide a link to the source url: https://www.spamhaus.org/organization/statement/15/fraudulent-fake-dnsbl-uncovered-protected-sky-bad.psky.me
© 1998-2021 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy