The Spamhaus Project

The Spamhaus Project is an international organisation (founded by Steve Linford in 1998) to track e-mail spammers and spam-related activity. It is named for the anti-spam jargon term coined by Linford, spamhaus, a pseudo-German expression for an ISP or other firm which spams or willingly provides service to spammers.


Spamhaus DNSBLs and DNSWLs

Spamhaus is responsible for a number of very widely used anti-spam DNS-based Blocklists (DNSBLs) and Whitelists (DNSWLs). Many internet service providers and Internet networks use these services to reduce the amount of spam they take on. The Spamhaus lists collectively protect over 1.4 billion e-mail users, according to Spamhaus' web page (June 2008) and are estimated to block 80 billion spam emails per day globally on the internet (almost 1 million spams per second). Like all DNSBLs, their use is considered controversial by some.

The Spamhaus Block List (SBL)[1] targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services[2] The SBL's listings are partially based on the ROKSO index of "spam gangs", for which see below.

The Exploits Block List (XBL)[3] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits." That is to say, like several other DNSBLs it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes listings gathered by Spamhaus as well as by two contributing DNSBL operations — the Composite Blocking List (CBL) and the Not Just Another Bogus List (NJABL) lists.

The Policy Block List (PBL)[4] is a list that serves many of the same functions of a Dialup Users List, but really it is not a DUL. The PBL lists not only dynamic and DHCP type IP address space designated as 'not allowed to make direct SMTP connections', but static assignments that shouldn't be sending email without prior arrangement. Examples of such are an ISP's core routers, corporate users required by policy to send via their internal mail server, and unassigned IP addresses. Much of the data is provided to Spamhaus by the organizers (ISPs) of the IP address space.

The Domain Block List (DBL)[5] was released in March 2010 and is a list of domain names, which is both a domain URI Blocklist and RHSBL. It lists spam domains including spam payload URLs, spam sources and senders ("right-hand side"), known spammers and spam gangs, and phish, virus and malware-related sites.

The Spamhaus White List (SWL)[6] was released in October 2010 and is a whitelist of IPv4 and IPv6 addresses. The SWL is intended to allow mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a Spamhaus Whitelist account.

The Domain White List (DWL)[6] was released in October 2010 and is a whitelist of domain names. The DWL enables automatic certification of domains with DKIM signatures. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a whitelist account.

Spamhaus's DNSBLs and DNSWLs are offered as a free public service to low-volume mail server operators on the Internet.[7] Commercial spam filtering services and other large sites doing large numbers of queries must instead sign up for an rsync-based feed of these DNSBLs, which Spamhaus calls its Datafeed Service,[8] at a moderate fee as long as they are not in Spamhaus's top ten worst spam service ISPs list.[9]

Spamhaus also provides two combined DNSBLs. One is the SBL+XBL[10] which allows users to query once and get return codes from both lists. A newer combination is called ZEN[11] (named after founder Linford's dog), which allows users to query once and get return codes from the SBL+XBL and the newer PBL.

Spamhaus outlines the way its DNSBL technology works in a document called Understanding DNSBL Filtering.[12]

Register of Known Spam Operations

The Spamhaus Register of Known Spam Operations (ROKSO)[13] is a database of "hard-core spam gangs" -- spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly-sourced information about these persons and their business and at times criminal activities.

The ROKSO database is nowadays part of the signup checking procedure of many of the major ISPs, ensuring that ROKSO-listed spammers find it difficult to get hosting. A listing on ROKSO also means that all IP addresses associated with the spammer (his other domains, sites, servers, etc.) get listed on the Spamhaus SBL as "under the control of a ROKSO-listed spammer" whether there is spam coming from them or not (as a preventative measure).

There is a special version of ROKSO available to Law Enforcement Agencies (for which LEAs need to apply for access) which gives access to data on hundreds of spam gangs, with evidence, logs and information on illegal activities of these gangs, too sensitive to publish in the public part of ROKSO.

Don't Route Or Peer List

The Spamhaus Don't Route Or Peer (DROP) List[14] is a text file delineating so-called "zombie" (stolen) CIDR blocks and netblocks which are "totally controlled by spammers or 100% spam hosting operations", as shown by SBL listings, with the numbers of the underlying listings as comments. It is intended not to include netblocks registered to ISPs and sublet to spammers, but only those blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to block network traffic from and to those blocks.

Spamhaus Companies

The Spamhaus 'Group' (although there is no group identity) consists of a number of independent companies which focus on different aspects of Spamhaus anti-spam technology or provide services based around it. At the core is The Spamhaus Project Ltd., a UK-registered non-profit which tracks spam sources and publishes free DNSBLs. Further 'Spamhaus' companies include Spamhaus Logistics Corp.[15], a Seychelles-registered corporation which owns the large server infrastructure used by Spamhaus and employs engineering staff to maintain it. Spamhaus Technology Ltd.[16], a UK-registered commercial 'data delivery' company which "manages data distribution and synchronization services". Spamhaus Research Corp., a company which "develops anti-spam technologies". The Spamhaus Whitelist Co. Ltd.[17], a Jersey-registered company which manages the Spamhaus Whitelist. Also there are several references on the Spamhaus website to The Spamhaus Foundation,[18] a private interest foundation (believed to be a Liechtenstein Foundation) whose charter is "to assure the long-term security of The Spamhaus Project and its work".



e360 Lawsuit

In September 2006 an American spammer named David Linhardt, operating as "e360 Insight LLC", filed suit against Spamhaus in Illinois for blacklisting his junk mailings. Spamhaus initially hired an American law firm, which had the case moved from the state court to the U.S. Federal District Court for the Northern District of Illinois, but then (on the advice of its British lawyers) objected to the lawsuit altogether on the grounds that Spamhaus, being based in the United Kingdom, was outside the jurisdiction of United States courts.[21][22] The court, presided over by Judge Charles Kocoras, proceeded with the case against Spamhaus without considering the international jurisdiction issue, prompting British MP Derek Wyatt to call for the judge to be suspended from office.[23] Not having had its objection to jurisdiction examined, Spamhaus refused to participate in the U.S. case any further and withdrew its counsel. However, Spamhaus was deemed by the court to have "technically accepted jurisdiction" by having initially responded at all, and the judge, angry at Spamhaus having walked out of his court, awarded e360 a default judgement totaling $11,715,000 in damages. Spamhaus subsequently announced that it would ignore the judgement because default judgements issued by U.S. courts without a trial "have no validity in the U.K. and cannot be enforced under the British legal system".[24][25]

Following the ruling in its favour, e360 filed a motion in Federal court to attempt to force ICANN to remove the domain records of Spamhaus until the default judgement had been satisfied.[26] This raised international issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names,[27][28] and ICANN protested[29] that they had neither the ability nor the authority to remove the domain records of Spamhaus, which is a UK-based company. On 20 October 2006, Judge Korcoras issued a ruling denying e360's motion against ICANN, stating in his opinion that "there has been no indication that ICANN [is] not [an] independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e., Spamhaus' refusal to satisfy the default judgement] neither will we impose a sanction that does not correspond to the gravity of the offending conduct."[30][31]

In 2007, Chicago law firm Jenner & Block LLP took up Spamhaus's case pro bono publico and appealed the ruling. The U.S. federal Court of Appeals for the Seventh Circuit vacated the damages award and remanded the matter back to the district court to find a more extensive inquiry to determine damages. In January 2008, e360 Insight LLC filed for bankruptcy and closed down, citing astronomical legal bills associated with this court case as the reason for its demise.[32]

In 2010, the $11.7–million–dollar damages award was reduced to $27,002[33][34] — $1 for tortious interference with prospective economic advantage, $1 for claims of defamation, and $27,000 for "existing contracts".

Spamhaus lawyers however went back to the US Court of Appeals for a second time and appealed even the lower $27,002 amount. The US Court of Appeals found in favour of Spamhaus and on the 2nd September 2011, issued a new ruling reducing the entire judgment to just $3 total and ordering the Plaintiff e360 to pay the costs of the appeal for the defence.[35]

Spamhaus versus

In June 2007 Spamhaus requested the national Domain registry of Austria,, to suspend a number of domains, claiming they were registered anonymously by phishing gangs for illegal bank phishing purposes.[36] The registry rejected the request and argued that they would break Austrian law by suspending domains, even though the domains were used for criminal purposes, and demanded proof that the domains were registered under false identities.[37][36] For some time the domains continued to phish European banks, including German and Austrian banks. Finally, Spamhaus put the mail server of on their SBL spam blacklist under the SBL's policy "Knowingly Providing a Spam Support Service for Profit" for several days which caused interference of mail traffic at[37] All of the criminal phishing domains have since been deleted/suspended by the respective DNS providers.[36][38]

Blocking of Google Docs IPs

In August 2010 Spamhaus added some Google-controlled IP addresses used by Google Docs to its SBL spam list, due to Google Docs being a large source of uncontrolled spam. Google quickly cleaned the problem up and Spamhaus removed the listing. Though initially wrongly reported by some press to be IPs used by Gmail, later it was clarified that only Google Docs was blocked.[39]

Spamhaus trademarked

Spamhaus has been given the blessing of Hormel, to trademark the name Spamhaus in the European Union. "Spamhaus" is now a Registered Trademark, No. 005703392.[40]

See also


  1. ^ "Spamhaus Block List (SBL)". 
  2. ^ Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. Retrieved 2007-02-04. 
  3. ^ "Spamhaus Exploits Block List (XBL)". 
  4. ^ "Spamhaus Policy Block List (PBL)". 
  5. ^ "Spamhaus Domain Block List (DBL)". 
  6. ^ a b "Spamhaus White List (SWL)". 
  7. ^ Spamhaus DNSBL Usage
  8. ^ "Spamhaus Datafeed,". 
  9. ^ "Spamhaus's top ten worst spam service ISPs list". 
  10. ^ Linford, Steve. "How do I use the SBL?". The Spamhaus Project website. Retrieved 2007-02-04. 
  11. ^ "Spamhaus ZEN". 
  12. ^ "Understanding DNSBL Filtering". 
  13. ^ "Spamhaus Register of Known Spam Operations (ROKSO)". 
  14. ^ "The Spamhaus Don't Route Or Peer List (DROP)". 
  15. ^ "Spamhaus Logistics Corp.". 
  16. ^ "Spamhaus Technology Ltd.". 
  17. ^ "The Spamhaus Whitelist Company Ltd.". 
  18. ^ "The Spamhaus Foundation". 
  19. ^
  20. ^
  21. ^ John Leyden |Leyden, John]] (2006-10-10). "Spamhaus fights US court domain threat". The Register. Retrieved 2007-02-04. 
  22. ^ Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Retrieved 2007-02-04. 
  23. ^ "MP calls for suspension of judge in Spamhaus case". Computeractive. 2006-10-10. Retrieved 2011-03-23. 
  24. ^ Evers, Joris (2006-09-14.). "Spam fighter hit with $11.7 million judgment". Retrieved 2007-02-04. 
  25. ^ "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006 (PDF version of Proposed Order)". The Spamhaus Project website. 2006-10-06. Retrieved 2007-02-04. 
  26. ^ Steve Linford, Steve. "Court Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Retrieved 2007-02-04. 
  27. ^ Linford. "Responds here". The Spamhaus Project website. (No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily, Spammer Cajoles ICANN To Ban Spamhaus,, highspeed and, as of 2007-02-04.)
  28. ^ Carvajal, Doreen (2006-10-16). "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times. Retrieved 2007-02-04. 
  29. ^ "Spamhaus Litigation Update". ICANN. 2006-10-10. Retrieved 2007-02-04. 
  30. ^ "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006 (signed version of denial without prejudice of Plaintiffs’ motion [26 for a rule to show cause)"]. ICANN. 2006-10-20. Retrieved 2007-02-04. 
  31. ^ "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". 2006-10-30. Retrieved 2006-02-04. 
  32. ^ "e360 Has Gone Bust". 
  33. ^ Masnick, Mike (16 June 2010). "Spammer's $11 Million Win Against Anti-Spammer Spamhaus, Reduced To $27,000". Retrieved 23 November 2010. 
  34. ^ "Case 1:06-cv-03958 - Document 242 - Filed 06/11/10". 
  35. ^ "US Court of Appeals - Final Judgment". 2010-07-29. 
  36. ^ a b c "Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at". 
  37. ^ a b " setzt Österreichs Domainverwaltung unter Druck" (in German). 19 June 2007. 
  38. ^ "Quote CEO Wein: “Die DNS-Provider der Domains haben die Einträge gelöscht.” (“The DNS providers of the domains deleted the domain entries.”)". 
  39. ^ "Spamhaus: We Blocked Google Docs Not Gmail". Softpedia. 20 August 2010. Retrieved 21 August 2010. 
  40. ^ "Hormel OKs Spamhaus' Trademark [ClickZ Internet Marketing Solutions for Marketers]". 

External links

Wikimedia Foundation. 2010.

Look at other dictionaries:

  • The Spamhaus Project — est une organisation internationale fondée par Steve Linford(en) en 1998, dont l objet est de traquer les spameurs et les activités relatives aux spams. Son nom est inspiré du jargon spamhaus, mot pseudo allemand inventé par Linford pour désigner …   Wikipédia en Français

  • Storm botnet — The typical lifecycle of spam that originates from a botnet: (1) Spammer s web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic The Storm… …   Wikipedia

  • E-mail spam — E mail spam, also known as bulk e mail or junk e mail, is a subset of spam that involves nearly identical messages sent to numerous recipients by e mail. A common synonym for spam is unsolicited bulk e mail (UBE). Definitions of spam usually… …   Wikipedia

  • Email spam — An email box folder filled with spam messages. Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually… …   Wikipedia

  • — was an entertainment based website operating out of Glendale, CA circa 1998 – 2001. The site featured contests, original content, and free web style games such as blackjack, bingo, and virtual slot machines. By spending time on the site,… …   Wikipedia

  • Steve Linford — is a British anti spam campaigner best known for founding The Spamhaus Project. [ About Spamhaus] ] Linford was born in England. His parents moved to Rome where his father ran an industrial platinum… …   Wikipedia

  • Anti-spam techniques — To prevent e mail spam (aka unsolicited bulk email), both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users… …   Wikipedia

  • Anti-spam techniques (e-mail) — To prevent e mail spam, both end users and administrators of e mail systems use various anti spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users and administrators. No one… …   Wikipedia

  • .mail — Infobox Top level domain name=.mail background=#D2B48C introduced=Not officially introduced; proposed in 2004 type=Proposed top level domain status=Unapproved application registry=None yet established sponsor= [ Anti… …   Wikipedia

  • WikiLeaks — Logo de WikiLeaks URL Noms de domaine[note 1]  …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.