Is Spamhaus the DDoS Arm of Microsoft



  • Given how Spamhaus operates, and the only major player that uses them, and that Spamhaus gives no reliable reasons for why people get blocked, blocks people without even reasons, and doesn't have a path to delisting, it seems liks Spamhaus is just operating as a form of DDoS attack mechanism against small email players?

    They base in Switzerland, giving them a bit of protection against law enforcement looking into them for social engineering tactics, I've noticed.



  • @scottalanmiller said in Is Spamhaus the DDoS Arm of Microsoft:

    Given how Spamhaus operates, and the only major player that uses them, and that Spamhaus gives no reliable reasons for why people get blocked, blocks people without even reasons, and doesn't have a path to delisting, it seems liks Spamhaus is just operating as a form of DDoS attack mechanism against small email players?

    They base in Switzerland, giving them a bit of protection against law enforcement looking into them for social engineering tactics, I've noticed.

    What makes you say that? Spamhaus blocks any Dynamic IP address from sending emails due to policies with the ISPs. See example below for my home:
    https://www.spamhaus.org/pbl/query/PBL1554385

    Also what is Microsoft blocking?



  • @dbeato said in Is Spamhaus the DDoS Arm of Microsoft:

    Also what is Microsoft blocking?

    Microsoft blocks tons of small players, using SpamHaus as an excuse.



  • @dbeato said in Is Spamhaus the DDoS Arm of Microsoft:

    What makes you say that? Spamhaus blocks any Dynamic IP address from sending emails due to policies with the ISPs.

    They also block massive static blocks. Often without reason. Blocking dynamic everywhere, while sketchy, has a purpose and is essentially acceptable. It's universal and you can get around it by getting a static IP. A bit weird in this day and age, but it's not that bad.

    But they block a LOT of things that aren't like that. And they sometimes refuse to give reasons, they just block and then tell the ISPs customers to put pressure on them. It's just like a social engineering DDoS attack.

    Given that Spamhaus is heavily used by Microsoft, and Microsoft directly benefits by Spamhaus driving "host it yourself" email out of business, it sure seems likely that Spamhaus' tactics and results all fit a pretty clear pattern of using hacking based extortion to benefit their largest customers.



  • @scottalanmiller said in Is Spamhaus the DDoS Arm of Microsoft:

    @dbeato said in Is Spamhaus the DDoS Arm of Microsoft:

    Also what is Microsoft blocking?

    Microsoft blocks tons of small players, using SpamHaus as an excuse.

    Interesting.



  • @dbeato said in Is Spamhaus the DDoS Arm of Microsoft:

    @scottalanmiller said in Is Spamhaus the DDoS Arm of Microsoft:

    @dbeato said in Is Spamhaus the DDoS Arm of Microsoft:

    Also what is Microsoft blocking?

    Microsoft blocks tons of small players, using SpamHaus as an excuse.

    Interesting.

    Ah, they got busted in Illinois and just ignored the judgement against them - so there is a precedence for them not being a good player in the US.

    https://slashdot.org/story/06/09/15/1249203/Spamhaus-to-Ignore-117M-Judgement



  • As I look into them more, I'm seeing more and more suggestions of them blocking based on ISP, not IPs. It seems like they go after companies that they can either extort directly or simply push the ISPs customers over to SpamHaus' likely benefactors. Several places all suggest Spamhaus being an offshore money laundering scheme. That seems unlikely, but given their behaviour, not all that unlikely.

    http://blog.collins.net.pr/2010/04/spamhaus-sucks.html



  • One thing that Spamhaus is also known for is listing IPs for "old" companies. You buy a new IP, you start to use it, you are blocked before you even begin, because someone got blacklisted on that address previously and abandoned it. Spamhaus doesn't care that you are a new company, you are given no recourse in many cases.



  • So I assume you or customers of yours have been affected by them.



  • @dbeato said in Is Spamhaus the DDoS Arm of Microsoft:

    So I assume you or customers of yours have been affected by them.

    We were affected, but only mildly. But it was really clear that they weren't after us, but were trying to talk us into going after an ISP that they were extorting. We worked around it trivially, showing that the entire mechanism is pointless, but exposing that they were contacting the ISP's customers to try to get a socially engineered amplification attack on the ISP. It was inappropriate for Spamhaus to list the IP block in the way that they did, hundreds or thousands of ISP customers all caught in some huge sweep simply for being on the ISP in question. They should be reaching out to the ISP and working with them, if they need to do so, not going after third parties to try to leverage them into attacking someone else - that's literally what a DDoS is.

    Microsoft and Spamhaus work in conjunction to do this, and Microsoft is the primary beneficiary of the damage it does to companies running their own email. So it's pretty clear that the financial benefits are all in line and the actions are completely unethical.



  • I think everyone that runs their own email has been affected by Spamhaus at some point or other. They hit so broadly, randomly, and indiscriminately. Of course, they block real spammers, too, and real open relays. But they mix that in with random or false positive blocking making them worse than the spammers themselves. Spam you can always go after through detection. Pure IP blocking is increasingly useless in a world where bad guys can (and do) get new IPs at the drop of a hat. But legit companies, who are not earning money on spam and aren't architected around this kind of blocking, suffer more.



  • @scottalanmiller BTDT

    Back in the day the general sentiment was that RBL "services" were no more than extortion rackets. IMNSHO, that has not changed much.

    With the advent of SPF, DMARC, and DKIM their relevance will become a lot smaller which is a happy.



  • @phlipelder said in Is Spamhaus the DDoS Arm of Microsoft:

    @scottalanmiller BTDT

    Back in the day the general sentiment was that RBL "services" were no more than extortion rackets. IMNSHO, that has not changed much.

    With the advent of SPF, DMARC, and DKIM their relevance will become a lot smaller which is a happy.

    That's how I feel as well. The blacklists have become seemingly useless as real spammers work around them with ease.



  • @phlipelder said in Is Spamhaus the DDoS Arm of Microsoft:

    @scottalanmiller BTDT

    Back in the day the general sentiment was that RBL "services" were no more than extortion rackets. IMNSHO, that has not changed much.

    With the advent of SPF, DMARC, and DKIM their relevance will become a lot smaller which is a happy.

    SPF has been around forever, but a lot of mail domains still do not have it setup.
    DMARC has barely any traction by comparison.
    DKIM is not even a thing that does anything. DKIM only tells the receiving server what to do with a message that fails SPF or DMARC, instead of the receiving server deciding for itself.


Log in to reply