|
![]() |
Fraudulent fake DNSBL uncovered: Protected Sky (bad.psky.me) | |||||
![]() Category: Report Updated: 2021-03-20 Statement Ref: S015
![]() Blocked? To check, get info and resolve listings go to ![]()
![]() ![]() ![]() ![]() |
Spamhaus has uncovered an anonymously-run DNSBL service which was wholly pirating our data and republishing it as its own work. "Protected Sky" (PSKY) published a DNSBL under the name 'bad.psky.me'. The Protected Sky web site contained almost no information on its data, listing policies or delisting procedures, nor offered any way to request delisting/removal of any listed IP (one of the most important DNSBL Best Practice requirements as defined by RFC6471). Suspicions were raised when Spamhaus noticed that IP addresses recently listed on Spamhaus DNSBLs would consistently appear in bad.psky.me a short time later. Conversely, IP addresses removed from Spamhaus DNSBLs would disappear from bad.psky.me a short time later. Spamhaus listings made using specially developed methodologies and intelligence and which were thus not likely to be detected or listed by other DNSBLs were found consistently republished in bad.psky.me. On closer inspection no Spamhaus listing was found to not be republished a consistently short time later in bad.psky.me. 3rd parties also observed close synchronization between Spamhaus listings and removals and PSKY listings and removals (ref: Webhostingtalk, Webhostingtalk, Hetrixtools, SpamAssassin mailing list). However, user comments (as seen in the links above) also indicated high false positive rates suggesting that Protected Sky was also pirating data from others including from not-too-reliable or stale data sources in addition to the data it was pirating from Spamhaus. Spamhaus therefore suggested that other DNSBL operators check whether data from their DNSBLs may have also been poached by PSKY. Protected Sky's access to Spamhaus DNSBL data was traced back through an unaware third party customer of the Spamhaus Datafeed service. As of 23 March 2017 additional security measures were put in place by the customer and Spamhaus to block further unauthorized access to the Datafeed service. In 2009 Spamhaus exposed a similarly fraudulent fake DNSBL; nsZones.com, which, like Protected Sky, was simply stealing and republishing Spamhaus data as its own work for the purpose of charging unsuspecting users fees to pretend to remove IPs from nsZones.com. Spamhaus retains all rights to its trademarks, copyrights, and intellectual property. Republication of Spamhaus data beyond contractual agreements is prohibited. Spamhaus DNSBL Usage Terms are easy to find on our website. |
![]() Fraudulent fake DNSBL uncovered: nszones.com Fraudulent fake DNSBL uncovered: Protected Sky (bad.psky.me) EMarketersAmerica vs. The Spamhaus Project Popular Myths About Spamhaus Case Answer: e360Insight vs. The Spamhaus Project TRO Answer: e360Insight vs. The Spamhaus Project Case Dismissed: Ames & McGee v The Spamhaus Project Spamhaus IPv6 Blocklists Strategy Statement Report on the criminal 'Rock Phish' domains registered at Nic.at DDoS and Virus Attacks on Spamhaus Spamhaus Position on CAN-SPAM Act of 2003 |
||||
Copyright © 2021 The Spamhaus Project SLU. Reproduction from "Fraudulent fake DNSBL uncovered: Protected Sky (bad.psky.me)" is permitted provided you quote the source as "The Spamhaus Project" and provide a link to the source url: https://www.spamhaus.org/organization/statement/15/fraudulent-fake-dnsbl-uncovered-protected-sky-bad.psky.me |
|