Monopoly, abuse of power and selfish goals or a helping hand in a sea of ​​spam? Representatives of several Internet companies talked with technical journalist Lars Ghandy Sobiraj to discuss the controversial Spamhaus project. Adapted parsing under the cut.
Who are the Spamhaus Project?
If you swiftly search the network, you can find out that Spamhaus is an international non-profit organization founded in 1998. However, according to a former CIO (read: speaker) company, Richard Cox, Spamhaus is a British Limited Company. At the time of the publication of the interview with Cox (2011), Spamhaus was headquartered in Geneva. However, all information about the company is contradictory, inconsistent and mysterious.Sven Olaf von Kamphuis (hereinafter referred to as SOvK), one of the founders of Cyberbunker, speaks out about Spamhaus as unflattering as possible. According to him, Mr. Cox has been out of work for more than 20 years, if this person exists at all. The project is allegedly controlled solely by Mr. Stephen John Lynford and his wife, Myra Peters. In addition, as SOvK suggests, nonprofits typically do not require representation in the Seychelles or Mauritius. It is also unclear to the co-founder of Cyberbunker why many journalists fall in love with the project - the media industry is largely responsible for the problems associated with Spamhaus. All the information that a project passes to technology publications is usually published without any checks, continues SOvK.
Twitter account Spamhaus Project, almost 4,000 followers-
What immediately catches your eye: no matter how significant and reasonable the function of the company may seem, the Spamhaus project has no legal basis for their activities. In addition, their activities have never been officially authorized by the state or the competent authorities: SOvK focuses on the fact that Spamhaus is not even a member of RIPE (Réseaux IP Européens - the European regulator that deals with the registration and distribution of resources on the Web). However, the outside world is under the impression that Spamhaus is a kind of “Internet police,” while Campus emphasizes that the company itself “needs some police attention.” He also says that posting a lot of data on Spamhaus is illegal and violates data protection rights. Publication in the project of all information about spammers should be prohibited. The problem, according to SOvK,consists in publishing personal data in the Register Of Known Spam Operations - ROKSO. This data should be protected as well as other personal information, not to mention that the contents of Spamhaus databases could not always be obtained legally.Position of Roskomnadzor on Spamhaus in Russia, .
Spamhaus , :
, () () ( .. «Spamhaus»), .
, () () , .
How It Was: Cyberbunker vs. Internet Police
In 2013, the conflict between Cyberbunker Underground Web Hosting and Spamhaus escalated. Spamhaus, which was then based in Switzerland, put Cyberbunker on its blacklist due to the dubious activities of its customers and made it public. Following this, one of the largest DDoS attacks in Internet history occurred: Spamhaus.org was bombarded with digital junk at a speed of 75 Gbit / second. Due to its size, the attack is said to have weakened global web traffic for a short time. In April 2013, the local police visited the alleged perpetrator, SOvK, who was then living in Spain. Computers, storage media and mobile phones of the man whom the prosecutor named Mr. K. were confiscated.Spamhaus project - a book with seven stamps
Regardless of the case of Cyberbunker, we tried to find out what the Spamhaus project actually is, as this is not clear from the information on their own website. To date, no requests have been received for inquiries sent to the press address since the end of January 2020. Mr. Kampouis claims that Spamhaus had the only non-profit limited liability company that was mentioned earlier, but it was removed from the register in early 2020. Other companies did not have charitable purposes. Upstream provider and backbone operator, SquareFlow, has sued Spamhaus. SquareFlow offers services similar to Cogent, HE, GTT, LibertyGlobal and others, hosting VPN services. Two SquareFlow Group executives responded to our request on March 1, 2020:, , , Spamhaus . , , , , , . , , , , . , , , .
- , Spamhaus, , . .
, ,
, . , Spamhaus - , . , . , Spamhaus , . - .
Spamhaus, Spamhaus , , , , . , , .
.
SquareFlow Group —
: ., .
Spamhaus
The Spamhaus project is now based in Andorra, a small state located in the Pyrenees, which, according to Wikipedia, is primarily known for its ski resorts, duty-free shops and tax haven status. It is important to note that Andorra is not part of the EU, relations between Andorra and the European Union are regulated only by treaties.It was not easy to get any information about the new organization associated with Spamhaus, but in the end I managed to find the necessary information in EUIPO (European Union Intellectual Property Office). EUIPO data says that a company called Spamhaus IP Holdings SLU currently owns trademark No. 005703401, and the trademark is registered on February 8, 2007. An application for registration was filed by Boyes Turner LLP.
Spamhaus trademark registration details Hidden
contacts for obvious reasonsNote from the translator- Spamhaus . , , . – «Spamhaus», .
ROKSO as a stumbling block
Obviously, the goal of the Spamhaus project was to find spammers. As already mentioned, spammers are stored in the ROKSO database. However, given that this base is public, Spamhaus literally puts all the suspects on a shame board. Not only can you find a lot of personal data in the database, there are also messages from victims that are published without censorship. And since Spamhaus lives outside the EU, there are no consequences for the company from the GDPR.ROKSO literally keeps a record of all suspicious activities, whether it be real spam or a simple mistake. Thus, there is no question of any presumption of innocence. Quickly contacting the company is also not possible. On their site there is no phone, mail or just a contact form with the support service. Some fragmentary data can be obtained by carefully studying the FAQ. I tried to contact the company directly: from the end of January 2020 until the publication of the article [note: April 6 of the same year], there was no response to any request.Spamhaus Blacklist (SBL) criticism from nVPN VPN service
The nVpn VPN provider criticizes the project for other reasons. Spamhaus Blacklist (SBL) is a constantly updated database of IP addresses. Spamhaus strongly recommends that you do not accept emails from the addresses contained in the database. The company even claims that this base can be obtained in real time. The SBL section of the SBL section of the Spamhaus website says the blacklist “allows email server administrators to identify, flag, or block incoming connections from IP addresses that Spamhaus believes is associated with sending, posting, or creating unsolicited bulk email messages.” It also says that the SBL database is maintained by a dedicated team of investigators and forensic experts from 10 countries who work around the clock to track spam related issues. However, exactly how the definition,checking or even deleting records working internally is not explained.nVpn SBL, - . , 2019 , VPN- - «, SBL».
And this is not the only case. “Of course, something like this happens from time to time. Either the server is temporarily disconnected due to entries in the SBL, then companies simply completely cancel the contract. At the beginning (we specifically ask), they argue that there will be no problems with SBL, but as soon as the entire range of their IPs falls into the Spamhaus blacklist, the situation changes. For example, in this way we lost our server in Nis, Serbia. That was just a few weeks ago. Fortunately, the company provided us with a partial refund for the rental of the server, which was paid several months in advance. Spamhaus is really dangerous for VPN services, but we just have to put up with it.
The nVPN representative continues:VPN- , (TCP UDP). , . , , , . EDROP. , EDROP – , - - .
However, it still creates problems. Suppose we rented a server somewhere and created our own / 24 subnet to advertise under the ASN of the hosting company or under our own. Spamhaus will contact our hoster and ask you to disconnect the client, that is, us. If the provider does not fulfill their requests because it trusts us, Spamhaus starts adding clean host prefixes to SBL, as a result of which all its other clients cannot send mail. Then the company has no other choice and they turn us off so that they do not have to suffer huge financial losses.
Example of a letter refusing a hoster:,
, , Spamhaus IP- - .
.
, .
,
.
( / )
Skype: v **** vp *
nVpn claims to have lost a lot of servers due to failures from collaboration by hosters in recent years. In the end, it became difficult to find a company willing to accept them. nVpn submitted to Tarnkappe.info an order to suspend cooperation and to refuse further provision of services dated July 11, 2019. A letter from the Swiss hosting provider states that the Spamhaus project will carry out “criminal coercion” - that is, it forces the provider to refuse to provide hosting to another company under pain of litigation.The representative of nVpn commented:Spamhaus . . Spamhaus Ltd , - . Spamhaus Ltd .
As a result of the proceedings, Spamhaus had to move its headquarters from the UK to Andorra.Since then, nVpn has still received notifications from SBL, but Spamhaus has finally stopped threatening their hosting providers. Also, Spamhaus stopped responding to requests from the VPN service to delete records from SBL, which means that many old records are no longer deleted and remain in the database, even if they are no longer relevant.The VPN provider mentions that in the past Spamhaus helped reduce global spam, which was useful. But over time, the project began to pull the blanket over itself, publish personal data on the list and manipulate hosting companies.There are no answers to critical questions.
There are many more questions for the Spamhaus project that no one wants to answer. I never received a response to a request I sent to an American spam researcher and journalist Brian Krebs three weeks ago. Maybe the questions were too sharp, but this is not completely clear. Requests were sent to other companies, but almost no one knows the whole history of the Spamhaus project.About the author of the original article
Lars "Gandy" Sobiraj (Lars "Ghandy" Sobiraj)Lars Sobiraj began his career in 2000 as an author in various computer magazines. He is the founder of Tarnkappe.info. Since 2014, Gandhi, as he calls himself on stage, has been telling students at various universities and other educational institutions how the Internet works.From translator
Spamhaus activity has been repeatedly covered on Habré, and exclusively in a negative way. In Russia, Spamhaus prevented (and hinders) both private companies and large hosting from working. In 2010, the whole of Latvia fell into the blacklist: then, the complaints from one of the largest providers of the country from Spamhaus were followed by the answer that Latvia is one of the smallest countries in the world, as if hinting. For some reason, the last posts related to Spamhouse are dated 2012-2013, although the company still lives on today, I think this unfair oblivion needs to be interrupted.