(Data Query Service)
(DNS Firewall)
(IP & Domain Intelligence)
Bad sushi: China-nexus phishers shift to residential proxies
Earlier this year, Spamhaus researchers observed a major shift in phishing targeting Japan. Starting in April, a China-nexus threat actor began using residential proxy networks to send phishing emails instead of subnets at China Telecom and China Unicom. This blog explores the campaign’s origins and countermeasures against residential proxy-enabled spam.
Spamhaus’ take on Cold Emailing…AKA spam
Cold emailing, as it’s practiced today, is spam — for inboxes, businesses, and the internet. It’s a thriving industry, but one raising concerns in the email community. In this article we define cold emailing from our perspective, share concerns about its misuse, particularly in B2B communication, and highlight the organizations enabling it.
How I’m fighting cybercrime with Spamhaus (and how you can too!)
Meet Jeroen Gui - student, founder of JustGuard, and a top contributor to Spamhaus' Threat Intel Community Portal. Passionate about making the internet a safer place, Jeroen submits thousands of malicious domains, URLs, and raw email sources every month. But what drives him to share his data, and how can you get involved too?
A misuse of Spamhaus blocklists: PART 2 - How to limit outbound spam
If you’ve skipped the first part of this series, we strongly recommend you go and read this blog first (link below), to understand the misuse of Spamhaus blocklists to block outbound mail. However, if you provide a mail service and want to learn specifically how to limit your outbound spam, read on.
A misuse of Spamhaus blocklists: PART 1 - blocking outbound email
One issue our folks handling tickets submitted by blocked users experience are messages like: Help! My IP is listed by Spamhaus and now I can’t send emails! My provider is rejecting all my emails! You may be asking “Is this not exactly what is supposed to happen in case of a listing?”. Surprising, the answer is “No, it is not!” This is a misuse of our blocklists
Too big to care? - Our disappointment with Cloudflare’s anti-abuse posture
Cloudflare, best known for its content delivery network (CDN), is marketed as a “Connectivity Cloud”. Part of its offering is protecting a vast number of websites from DDoS attacks [1]. However, its attitude to abuse management and prevention proves a point of contention and we urge Cloudflare to review its anti-abuse policies.
Dangling DNS and the dangers of subdomain hijacking
DNS attacks are becoming increasingly prevalent, with 90% of organizations experiencing them, as per the IDC Threat Intelligence Report 2023. Due to its critical function, DNS is a frequent target for cybercrimes, including DDOS attacks, DNS spoofing and DNS hijacking. However, a lesser-known but significant threat is the dangling DNS record - read on to learn more.
Spammers Love Mobile Phone IP Space. Here’s How to Fix That.
Mobile phone companies are leaving the door wide open for spammers. They’re hurting their own customers (and the rest of the Internet) - but there’s still time to fix this.
Between input and output: The enigma of being a Spamhaus threat investigator
Spamhaus processes millions of IPs and domains every day. Given the vast amount of incoming data, automation is a necessity. But is technology alone enough? Let’s find out. Meet one of our researchers, Jonas Arnold, as he sheds light on the threat investigators' role in Spamhaus and the fight against Internet abuse.
Permission pass: what, how and when to use
Discover how to resolve IP and domain blocklisting issues caused by single-opt-in email lists with a Permission Pass strategy. Learn the intricacies of conducting a Permission Pass, ensuring compliance with COI standards and spam regulations.
Mailing Lists -vs- Spam Lists
Explore the nuances between Solicited Bulk Email and Spam, uncovering the importance of Confirmed Opt-In (COI) practices. Understand how COI safeguards against spam accusations and enhances email list performance.
The conundrum that is the modern use of NAT at a carrier grade level
Modern NAT, including Carrier Grade NAT (CGNAT), complicates tracking by hiding multiple devices behind one IP, akin to a circus full of clowns. This anonymity facilitates spamming and malware distribution. ISPs can mitigate this by clarifying CGNAT usage and filtering outbound port 25, reducing support costs and spam.
DNS abuse: ICANN call for action – but is it enough?
ICANN's proposed amendments to registry and registrar contracts (RARAA), tackle DNS abuse head on, a positive step in the fight against internet abuse and cybercrime. But, are they enough? Read our thoughts here.
There's no such thing as a "free" app!
Downloading a free application and installing it on an internet-connected device can lead to you not being able to send email. This is because some apps allow third parties to access your device without your knowledge. These third parties then use your network connection for malicious purposes, causing your IP address to be listed as unsafe.
Let's talk about the danger of residential proxy networks
In our experience, residential proxies are an often overlooked security threat; one that can be very difficult to remediate for the end user who -in our experience- is entirely unaware of its existence.
