Spamhaus vs Agava: black and white conflict

Published on December 17, 2008

Spamhaus vs Agava: black and white conflict

    I want to share this post with the habrasociety official data about the incident with the blocking of one of our subnets, about Spamhaus company policy and a little bit about the work of our abuse-team. First, I introduce myself - Dmitry Filatov, head of the virtual hosting service at Agava.

    On December 9, with a total of not more than a dozen complaints, one of our subnets hit the Spamhaus blacklist. It would be wrong to say that customers have lost all letters. Firstly, we promptly sent all the mail of shared hosting clients through a different subnet, and secondly, fortunately, not all mail servers use Spamhaus blacklists. In addition, with all large companies, such as Mail.Ru, we have an agreement and we are in their whitelists.

    Now a little about the non-profit British organization Spamhaus. Their initial goals are exceptionally good - to blacklist the IP addresses of spammers, as well as companies that provide “bulletproof” hosting for attackers. Unfortunately, the ways to achieve these goals are sometimes puzzling and are not universally approved. For example, in 2006, as a result of a lawsuit to block the e360insight service, Spamhaus was ordered to pay $ 11.7 million in compensation and delete the corresponding IP addresses from its black lists. Spamhaus refused to comply with the court order (information on webplanet materials ), the e360insight service, judging by their official website , still experiences some problems with mail delivery.

    The Spamhaus site has its own honor board for the “worst” countries, providers and specific spammers. Russia, by the way, is in third place with a strong backlog from America, in second place is China. There are more than 20 complaints regarding Google. For the “worst” spammers, a list of violations has been provided, and some photos have even been found. Perhaps there is not enough signature with the size of the reward for the capture. Among such spammers, even if not in the top 10, was one of our clients, fellow countryman Evgeny Medvednikov. He ordered a server from us and, despite the large number of atrocities attributed by Spamhaus, no complaints were received, he did not spam and did nothing wrong. The client paid the bill, the client received his services. It’s all the same that the offender went into the store and, without robbing anyone, bought food at home.

    Spamhaus checked all domains belonging to this client, noted that one of them was looking at ip from our subnet, and posted a complaint about us. In reality, we had nothing to present to the client, no complaints were received, he paid regularly. It would be unlawful to refuse to provide services to a client who has not committed anything illegal.

    They added one more to this complaint - to our service of English-language newsletters Zinester. In a nutshell, the essence of the service: anyone can create a free newsletter on a specific topic, and interested users subscribe to it and receive newsletters as they are released. Client registration must be confirmed, i.e., everything happens solely with the consent of the subscriber. You can unsubscribe in a few clicks, both from any newsletter, and from the service as a whole.

    There were also minor ones on the list of complaints, for which specific clients had already been closed, were completely absurd. All of you, I think, remember the story of the EstDomains registrar company. Accreditation was taken away from them because one of the owners of the company was convicted of fraud. According to ICANN rules, this is unacceptable for an accredited registrar. EstDomains sent a letter to ICANN stating that the person no longer works for their company, but ICANN needed a more formal letter and the accreditation was withdrawn from the registrar. A little backstory ends with one of the EstDomains service domains looking at ip from our subnet, and Spamhaus decided that we somehow connected with them. At the same time, no content was given over this domain, the server with this ip was not activated, and why did EstDomains host something for us.

    Based on the aggregate of these complaints, one of our subnets was banned. During a two-day correspondence with Spamhaus, we managed to agree on an unlocking of the subnet, although we still did not receive answers to many questions that concern us. Why, for example, they banned the whole subnet, and not a dozen ip, which complaints were received by the servers of their clients that excited them, which, in their opinion, was illegal in the legal mailing list service - all this, unfortunately, was left behind the scenes.

    As a result, Spamhaus can quite strongly influence the work of hosters, select customers from them, cause direct damage to the image of companies and impede mail services. Instead of blocking specific ip, they block the entire subnet, thereby depriving tens of thousands of clients of normal operation. Someone may not have received a letter in time from the employer and missed a good job, someone might have broken an important deal, but never mind. We had the opportunity to quickly correct the situation, but the novice hoster may not have it.

    Now a little about complaints in general and how we process them in our company. Not a single large hoster can say that there are no scammers among its customers, because no one will control what happens on each particular account if you have tens of thousands of them. In addition, this violates the Federal Law “On Communications”, article 63 “Secrecy of Communications”, paragraph 3.
    We regularly receive complaints about specific sites for a variety of violations. For claims processing, we have a dedicated team of employees. I myself personally participate in many discussions, because the situations are very diverse. Sometimes FedEx parcels even come from the United States complaining to foreign companies that some client illegally distributes their software on our hosting. After receiving the complaint, we contact the client, pass on to him the essence of the issue, and he either understands the situation and stops the illegal activity, or ignores everything. In non-obvious cases, we always try to work in dialogue with the client, avoiding abrupt movements, especially those that could damage our customers. We always try to protect our customers, because they are the most valuable that we have. In this case, of course, there are clear violators.

    But there are more complicated situations, for example, a client can be hacked and malicious content placed on his site. Complaints begin to come to us, while the client is naturally not aware that something illegal is happening, because he himself does nothing. In such cases, we analyze how the client was hacked, contact him, and he either fixes the vulnerability, for example, updating a popular engine or attracting specialists to patch holes in the self-written functionality, or we offer him reasonable help for free.

    I hope I clarified the situation from the inside, and this post was interesting to you. Ready to answer questions within the shared hosting department.