Other issues in this category (24)
Fighting spam “fighters”
Friday, June 8, 2018
Protection from various threats is a business. But businesses are different! In the Anti-Virus Times issue “Collecting mail garbage is a tough job!”, we discussed how spam can be filtered with the help of blacklists that are maintained on the Internet. In theory, it’s a noble thing to do: enthusiasts are taking it upon themselves to “clean” the mail. But not everything is so rosy!
It all started on March 22, when one of our employees complained that her emails were not reaching an addressee.
The Spamhaus entry contained all the network IP addresses given to our provider and included in AS31430. Thus, countless people were registered as spammers. It was a massive problem. In fact, I was charged with “entering” the provider’s network, and our provider was charged with BGP-routing with an offline hoster system. This hoster was considered to be the world’s largest hotbed for cybercrime.
Boiling with indignation, I sent an email to sbl-removals containing a detailed description of the situation. Meanwhile, complaints from our users were flooded in. A Spamhaus robot accepted my request instantly — I received a confirmation about that. But I did not receive a response.
I once had to move a mail server from Zenon to Relcom, and then even further. The reason? Our provider was completely banned by BL. They just shrugged their shoulders and said something like “we don’t negotiate with blackmailers and extorters”. Their reaction is reasoned, but what should we do if the recipient’s account is located on a small foreign hoster, and neither the recipient nor the provider’s technical support know beans about hardware? It wasn’t realistic for us to explain to them what they could and should do to correct that situation, and we had to move the server.
Spamhaus is allegedly a non-profit organisation, which was originally created for the sake of good purposes: to filter spam using blacklists of resources detected in spam mailings. But how legal are this organization’s actions with regards to blocking foreign resources?
In China, the court issued a warrant to arrest Stephen John Linford — the head of Spamhaus. At one time Spamhaus blocked entire countries, such as Latvia and Turkey, and completely blocked the Google network, and even today, they’re blocking the whole network of China. And beeline.ru is none other than spamer webhosting. Spamhaus lists contain many Rostelecom networks and networks of major foreign hosting companies, for example, OVH.
Of course, Spamhaus is not the only organisation that maintains blacklists. Who can guarantee that you won’t land on a record in someone’s blacklist, during a holiday no less, when it’s impossible to get hold of tech support?
The Anti-virus Times recommends
Today our information security depends not only on us, but also on our partners, friends, children, and parents. If we care only about our own protection—sooner or later, we will open an email from a friend with a very interesting offer. And only then it will turn out that the friend did not write that email.
Dr.Web products (unlike other solutions) do not use Internet blacklists (DNSBL) to filter spam. If your partners and friends use Dr.Web, you can communicate with them via email without worrying about fraudsters and spam.