news
Spamhaus Blocks Gmail? Report Was Not True.
"Spamhaus Blocks Gmail" - A catchy headline which certainly got the twitterati going. However, it wasn't true.
Recently some IT websites, including Softpedia and Sucuri, erroneously issued reports of Spamhaus' SBL blocking Gmail. These reports are not true. Google's Gmail service has never been listed in, or affected by, any Spamhaus DNSBL, nor ever would be. Spamhaus quite simply will not list outbound mail servers of Google/Gmail or any giant freemail provider.
Some Google-owned server IPs hosting severe malicious spam problems - specifically Google's "Google Docs" service - do get rightly listed in the Spamhaus SBL when Google does not take action fast enough to stop the serving of malicious sites via Google Docs. Such listings act as pointers to the abused resource but do not in any way affect Google's Gmail service or any Google outbound mail service.
The problem the "Google Docs" service suffers from requires taking a step back to see one of the core issues of modern day internet abuse....
As more and more services move 'to the cloud' some companies have built enormous infrastructures to provide basic computer services anytime and anywhere, often for free. Free webmail powered email addresses were the start many years ago, long before the concept of the cloud was invented. As time moved on more and more of these hosted services became available: document storage, blogs, image hosting, collaboration services and so on.
As the big players moved into these fields they attracted many new users. To be able to deal with these rushes they built these to be scalable and available. Nowadays these systems are so large that a few thousands of new accounts are not even a blip on the radar. And this very 'feature' allows miscreants and criminals to abuse these systems. With the help of botnets they are able to create thousands of new accounts almost instantly. And in the midst of the real users these simply vanish from view.
The services they setup are being used to host redirectors (so that the spammers own domains do not have to be used in emails), images (to make sure they load fast) or even to host the contents of the spam messages themselves. With access to an unlimited amount of new accounts spammers can afford to 'burn' the services they setup at an incredible rate. When the accounts are terminated they simply setup more, since they don't pay for the service there is no business loss. And even if one of the cloud services providers plugs a hole they can just move to another one. This has been going on for quite some time.
We at Spamhaus surely understand the challenges that the cloud service providers face. These problems are not easy to solve and the scale and complexity of the systems involved certainly does not make things easier. What we are puzzled by is how the rest of the internet has to keep carrying the burden of this abuse. The companies that host these services all without exception make hundreds of millions of dollars each year. They employ some of the best and brightest engineers. Surely they can spend a little of their immense resources on making the internet they rely on for their business, a better and safer place.