The Spamhaus Project


Spamhaus Releases BGP feed (BGPf) and Botnet C&C list (BGPCC)

by The Spamhaus TeamJune 12, 20124 minutes reading time

Geneva, 12 June 2012

Today the Spamhaus Project announces the release of a new service -- the Spamhaus BGP feed (BGPf). The BGPf serves three Spamhaus lists by using the Border Gateway Protocol (BGP). It is intended to be used primarily by Internet Service Providers (ISPs), web hosting providers, and network service providers (NSPs) in their routers to drop bad traffic at the edge of their networks.

The Spamhaus BGPf is currently serving three lists (communities):

  • The Spamhaus Don't Route Or Peer List (DROP)
  • NEW: The Spamhaus extended DROP List (EDROP)
  • NEW: The Spamhaus Botnet C&C List (BGPCC)

While the Spamhaus DROP list is already widely known and used, the EDROP and BGPCC lists are new. Spamhaus has just launched these lists as of today. You can find links to the listing policies and FAQ pages for each of these lists at the end of this article.

Spamhaus Botnet C&C List (BGPCC)

In 1998 when the Spamhaus Project was founded, the Internet was transitioning from the early commercial era, when spam was a problem consisting of a few unsolicited emails a day for most email users, to the earliest professional spam gangs. In subsequent years some companies adopted spam as a marketing tool, turning what had been a fringe activity (spamming) into a cash generator and vastly increasing the absolute volumes of spam on the network.

Spam gangs responded to the influx of money by adopting techniques to avoid direct blocking and filtering so that the spam that they sent would be delivered to users. Spam flooded user inboxes, drowning out email that users wanted, and threatening to render email useless for a large number of users. Spamhaus adopted Paul Vixie's realtime blocklist (RBL) technology and developed the original Spamhaus Blocklist (SBL). In time this blocklist was joined by other blocklists targeted at different spam issues. Over the years Spamhaus became a leading provider of antispam blocklists. Currently considerably in excess of a billion mailboxes worldwide use Spamhaus products in their antispam configurations.

Today email spam is still one of the biggest problems faced by users of the internet. However, other types of messaging abuse have become increasingly important, and abuse of other Internet-based technologies has increasingly become an intrinsic part of spam operations. Advance Fee Fraud (419) scams, phishes, and other criminal endeavors motivate much of the spam that is sent at present. Malware-infected servers and user devices and botnet command and control (C&C) nodes and members (bots) send much of that spam or host services that help spammers benefit from the spam.

To cope with these new spam vectors and tools, today Spamhaus is offering a new tool for network providers. We are proud to announce the Spamhaus Botnet C&C list (BGPCC). The list contains IP addresses which Spamhaus has identified as hosting servers operated by cybercriminals and used to control malware-infected computers. The Botnet C&C list is available exclusively through the Spamhaus BGPf. It is intended for Internet Service Providers (ISPs) and network providers to import into router configurations, to block C&C nodes from contacting bots on their networks and thereby protecting both their customers and the Internet from botnet traffic.

Spamhaus extended DROP List (EDROP)

In addition to the Spamhaus Botnet C&C List, today Spamhaus launches the extended DROP (EDROP) list. EDROP has a listing policy similar to that of the DROP list, that contains networks which are being operated by cybercriminals. The difference is that, while DROP only lists networks that are direct allocations from the RIR, EDROP contains only bad networks that are sub-allocations from another network. Both lists are available as plain text files and via the BGPf.