Integrasi Komputer    
   
Daftar Isi
(Sebelumnya) The Singularity Is NearThe Wall Street Journal (Berikutnya)

The Spamhaus Project

The Spamhaus Project
Spamhaus logo.jpg
Logo of The Spamhaus Project, used by permission
Founder(s)Steve Linford
TypeNonprofit company limited by guarantee
FoundedLondon, England
1998 (1998)
HeadquartersGeneva, Switzerland and London, England
Area servedWorldwide
FocusFighting email spam and associated forms of computer crime
Methodforensic investigation, real-time DNS blocklists
Employees38 (as of March 2013)[1]
Websitewww.spamhaus.org

The Spamhaus Project is an international organization, based in both London and Geneva, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford for an Internet service provider, or other firm, which spams or knowingly provides service to spammers. Spammers frequently respond to being listed with threats, legal action or denial-of-service attacks.

Contents

Spamhaus DNSBLs and DNSWLs

The Spamhaus Project is responsible for compiling several very widely used anti-spam lists. Many internet service providers and email servers use the lists to reduce the amount of spam they accept. The Spamhaus lists collectively protect over 1.77 billion email users, according to Spamhaus' web page (November 2012), and are estimated to block 80 billion spam emails per day globally on the internet (almost one million per second).

Spamhaus distributes the lists in the form of DNS-based Blocklists (DNSBLs) and Whitelists (DNSWLs) and, like all DNSBLs, their use is considered controversial by some. The lists are offered as a free public service to low-volume mail server operators on the Internet.[2] Commercial spam filtering services and other sites doing large numbers of queries must instead sign up for an rsync-based feed of these DNSBLs, which Spamhaus calls its Datafeed Service.[3] Spamhaus outlines the way its DNSBL technology works in a document called Understanding DNSBL Filtering.[4]

The Spamhaus Block List (SBL)[5] targets "verified spam sources (including spammers, spam gangs and spam support services)." Its goal is to list IP addresses belonging to known spammers, spam operations, and spam-support services.[6] The SBL's listings are partially based on the ROKSO index of known spammers.

The Exploits Block List (XBL)[7] targets "illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, virus-infected PCs & servers and other types of trojan-horse exploits." That is to say it is a list of known open proxies and exploited computers being used to send spam and viruses. The XBL includes information gathered by Spamhaus as well as by other contributing DNSBL operations such as the Composite Blocking List (CBL).

The Policy Block List (PBL)[8] is similar to a Dialup Users List. The PBL lists not only dynamic IP addresses but also static addresses that should not be sending email directly to third-party servers. Examples of such are an ISP's core routers, corporate users required by policy to send their email via company servers, and unassigned IP addresses. Much of the data is provided to Spamhaus by the organizations that control the IP address space, typically ISPs.

The Domain Block List (DBL)[9] was released in March 2010 and is a list of domain names, which is both a domain URI Blocklist and RHSBL. It lists spam domains including spam payload URLs, spam sources and senders ("right-hand side"), known spammers and spam gangs, and phish, virus and malware-related sites. It later added a zone of "abused URL shortners", a common way spammers insert links into spam emails.

The Spamhaus White List (SWL)[10] was released in October 2010 and is a whitelist of IPv4 and IPv6 addresses. The SWL is intended to allow mail servers to separate incoming email traffic into 3 categories: Good, Bad and Unknown. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a Spamhaus Whitelist account.

The Domain White List (DWL)[10] was released in October 2010 and is a whitelist of domain names. The DWL enables automatic certification of domains with DKIM signatures. Only verified legitimate senders with clean reputations are approved for whitelisting and there are strict terms to keeping a whitelist account.

Spamhaus also provides two combined lists. One is the SBL+XBL[11] and the second is called ZEN,[12] which combines all the Spamhaus IP address-based lists.

Register of Known Spam Operations

The Spamhaus Register of Known Spam Operations (ROKSO)[13] is a database of "hard-core spam gangs"—spammers and spam operations who have been terminated from three or more ISPs due to spamming. The ROKSO list is not a DNSBL; it is, rather, a directory of publicly sourced information about these persons and their business and at times criminal activities.

Checking the ROKSO database is nowadays part of the signup procedure of many of the major ISPs, ensuring that ROKSO-listed spammers find it difficult to get hosting. A listing on ROKSO also means that all IP addresses associated with the spammer (his other domains, sites, servers, etc.) get listed on the Spamhaus SBL as "under the control of a ROKSO-listed spammer" whether there is spam coming from them or not (as a preemptive measure).

There is a special version of ROKSO, available to Law Enforcement Agencies, containing data on hundreds of spam gangs, with evidence, logs and information on illegal activities of these gangs, too sensitive to publish in the public part of ROKSO.

Don't Route Or Peer List

The Spamhaus Don't Route Or Peer (DROP) List[14] is a text file delineating CIDR blocks that have been stolen or are otherwise "totally controlled by spammers or 100% spam hosting operations". As a small subset of the SBL, it does not include address ranges registered to ISPs and sublet to spammers, but only those network blocks wholly used by spammers. It is intended to be incorporated in firewalls and routing equipment to drop all network traffic to and from the listed blocks. The DROP webpage FAQ[15] states the data is free for all to download and use. In 2012 Spamhaus offered a BGP feed of the same DROP data.

Spamhaus Companies

The Spamhaus Project consists of a number of independent companies which focus on different aspects of Spamhaus anti-spam technology or provide services based around it. At the core is The Spamhaus Project Ltd., which tracks spam sources and publishes free DNSBLs. Further companies include Spamhaus Logistics Corp.,[16] which owns the large server infrastructure used by Spamhaus and employs engineering staff to maintain it. Spamhaus Technology Ltd.,[17] a data delivery company which "manages data distribution and synchronization services". Spamhaus Research Corp., a company which "develops anti-spam technologies". The Spamhaus Whitelist Co. Ltd.,[18] which manages the Spamhaus Whitelist. Also there are several references on the Spamhaus website to The Spamhaus Foundation,[19] whose charter is "to assure the long-term security of The Spamhaus Project and its work".

Awards

  • National Cyber Forensics Training Alliance 2008 Cyber Crime Fighter Award [20]
  • Internet Service Providers Association's Internet hero of 2003 award[21]
  • Greatest Contribution to anti-spam in the last 10 years presented to Spamhaus by Virus Bulletin Magazine.[22]

Conflicts

e360 Lawsuit

In September 2006, an American spammer named David Linhardt, operating as "e360 Insight LLC", filed suit against Spamhaus in Illinois for blacklisting his junk mailings. Spamhaus had the case moved from the state court to the U.S. Federal District Court for the Northern District of Illinois and asked to have the case dismissed for lack of jurisdiction.[23][24] The court, presided over by Judge Charles Kocoras, proceeded with the case against Spamhaus without considering the international jurisdiction issue, prompting British MP Derek Wyatt to call for the judge to be suspended from office.[25] Not having had its objection to jurisdiction examined, Spamhaus refused to participate in the U.S. case any further and withdrew its counsel. However, Spamhaus was deemed by the court to have "technically accepted jurisdiction" by having initially responded at all, and the judge, angry at Spamhaus having walked out of his court, awarded e360 a default judgement totaling US$11,715,000 in damages. Spamhaus subsequently announced that it would ignore the judgement because default judgements issued by U.S. courts without a trial "have no validity in the U.K. and cannot be enforced under the British legal system".[26][27]

Following the ruling in its favour, e360 filed a motion in Federal court to attempt to force ICANN to remove the domain records of Spamhaus until the default judgement had been satisfied.[28] This raised international issues regarding ICANN's unusual position as an American organization with worldwide responsibility for domain names,[29][30] and ICANN protested[31] that they had neither the ability nor the authority to remove the domain records of Spamhaus, which is a UK-based company. On 20 October 2006, Judge Korcoras issued a ruling denying e360's motion against ICANN, stating in his opinion that "there has been no indication that ICANN [is] not [an] independent entit[y] [from Spamhaus], thus preventing a conclusion that [it] is acting in concert" with Spamhaus and that the court had no authority over ICANN in this matter. The court further ruled that removing Spamhaus's domain name registration was a remedy that was "too broad to be warranted in this case," because it would "cut off all lawful online activities of Spamhaus via its existing domain name, not just those that are in contravention" of the default judgment. Kocoras concluded, "[w]hile we will not condone or tolerate noncompliance with a valid order of this court [i.e., Spamhaus' refusal to satisfy the default judgement] neither will we impose a sanction that does not correspond to the gravity of the offending conduct."[32][33]

In 2007, Chicago law firm Jenner & Block LLP took up Spamhaus's case pro bono publico and appealed the ruling. The U.S. federal Court of Appeals for the Seventh Circuit vacated the damages award and remanded the matter back to the district court for a more extensive inquiry to determine damages. In January 2008, e360 Insight LLC filed for bankruptcy and closed down, citing astronomical legal bills associated with this court case as the reason for its demise.[34]

In 2010, Judge Korcoras reduced the $11.7 million dollar damages award to $27,002[35] — $1 for tortious interference with prospective economic advantage, $1 for claims of defamation, and $27,000 for "existing contracts".[36]

Both parties appealed, but e360's case for increasing the damages was slammed by Judge Posner, "I have never seen such an incompetent presentation of a damages case," Posner said. "It's not only incompetent, it's grotesque. You've got damages jumping around from $11 million to $130 million to $122 million to $33 million. In fact, the damages are probably zero."[37] On 2 September 2011 the court reduced the damages award to just $3 total,[38] and ordered the plaintiff e360 to pay the costs of the appeal for the defence.[39]

Spamhaus versus nic.at

In June 2007 Spamhaus requested the national Domain registry of Austria, nic.at, to suspend a number of domains, claiming they were registered anonymously by phishing gangs for illegal bank phishing purposes.[40] The registry nic.at rejected the request and argued that they would break Austrian law by suspending domains, even though the domains were used for criminal purposes, and demanded proof that the domains were registered under false identities.[40][41] For some time the domains continued to phish holders of accounts at European banks, including German and Austrian banks. Finally, Spamhaus put the mail server of nic.at on their SBL spam blacklist under the SBL's policy "Knowingly Providing a Spam Support Service for Profit" for several days which caused interference of mail traffic at nic.at.[41] All of the criminal phishing domains were since deleted or suspended by their DNS providers.[40][42]

Blocking of Google Docs IPs

In August 2010 Spamhaus added some Google-controlled IP addresses used by Google Docs to its SBL spam list, due to Google Docs being a large source of uncontrolled spam. Google quickly cleaned the problem up and Spamhaus removed the listing. Though initially wrongly reported by some press to be IPs used by Gmail, later it was clarified that only Google Docs was blocked.[43]

CyberBunker dispute and DDoS attack

Diagram showing the role of open resolvers, improperly configured servers vulnerable to IP address spoofing[44][45]

In March 2013, CyberBunker, an internet provider once headquartered in a surplus bunker in the Netherlands[46] and said to be sending spam,[47] was added to the Spamhaus blacklist used by email providers to weed out spam. Shortly afterwards Spamhaus was the target of a distributed denial of service (DDoS) attack exploiting a long-known vulnerability in the Domain Name System which permits origination of massive quantities of messages at devices owned by others using IP address spoofing.[48][49] Devices exploited as one of the over 100,000 open recursive servers, or open resolvers, used in the attack may be as simple as a cable converter box connected to the internet.[50] The attack was of a previously unreported scale (peaking at 300 gigabits per second; an average large-scale attack might reach 50Gbps, and the largest previous publicly reported attack was 100Gbps) was launched against Spamhaus’s Domain Name System (DNS) servers;[51] as of 27 March 2013 (2013-03-27)[update] the attack had lasted for over a week. Steve Linford, chief executive for Spamhaus, said that they had withstood the attack. Other companies, such as Google, had made their resources available to help absorb the traffic. The attack was being investigated by five different national cyber-police-forces around the world. Spamhaus alleged that CyberBunker, in cooperation with “criminal gangs” from Eastern Europe and Russia, was behind the attack; CyberBunker did not respond to the BBC’s request for comment on the allegation.[51]

According to the New York Times, an Internet activist who said he was a spokesman for the attackers, Sven Olaf Kamphuis, said in a message, “We are aware that this is one of the largest DDoS attacks the world had publicly seen”, and that CyberBunker was retaliating against Spamhaus for “abusing their influence”. The NYT added that security researcher Dan Kaminsky said “You can’t stop a DNS flood ... The only way to deal with this problem is to find the people doing it and arrest them.” [47]

CloudFlare, an Internet security firm assisting Spamhaus in combating the DOS attack, was also targeted.[52][53]

On March 18 a campaign claiming to be by group Anonymous, “Operation Stophaus”, was announced on the bulletin board Pastebin; there is also a website in Russia.[54] Spamhaus clarified that it believes Operation Stophaus is actually a false flag attack waged by Russian malware providers, and led by one of the spammers on its ROKSO.[55]

"Spamhaus" trademark

SPAM (for "spiced ham") is the trademark of canned meat made by the Hormel Foods Corporation, first introduced in 1937. Hormel have objected to the use of their trademark in connection with Internet abuse, but in 2007 permitted Spamhaus to register their name as a trademark.[56]

See also

  • Anti-spam techniques (email)
  • Perbandingan -- DNS blacklists
  • Email spam
  • news.admin.net-abuse.email
  • SpamCop

References

  1. ^ "About The Spamhaus Project". The Spamhaus Project. Retrieved March 26, 2013. 
  2. ^ Spamhaus DNSBL Usage
  3. ^ "Spamhaus Datafeed,". spamhaus.org. 
  4. ^ "Understanding DNSBL Filtering". spamhaus.org. 
  5. ^ "Spamhaus Block List (SBL)". spamhaus.org. 
  6. ^ Linford, Steve. "SBL Policy & Listing Criteria". The Spamhaus Project website. Retrieved 2007-02-04. 
  7. ^ "Spamhaus Exploits Block List (XBL)". spamhaus.org. 
  8. ^ "Spamhaus Policy Block List (PBL)". spamhaus.org. 
  9. ^ "Spamhaus Domain Block List (DBL)". spamhaus.org. 
  10. ^ a b "Spamhaus White List (SWL)". spamhaus.org. 
  11. ^ Linford, Steve. "How do I use the SBL?". The Spamhaus Project website. Retrieved 2007-02-04. 
  12. ^ "Spamhaus ZEN". spamhaus.org. 
  13. ^ "Spamhaus Register of Known Spam Operations (ROKSO)". spamhaus.org. 
  14. ^ "The Spamhaus Don't Route Or Peer List (DROP)". spamhaus.org. 
  15. ^ "Frequently Asked Questions (FAQ)". spamhaus.org. 
  16. ^ "Spamhaus Logistics Corp.". spamhaus.org. 
  17. ^ "Spamhaus Technology Ltd.". spamhaus.org. 
  18. ^ "The Spamhaus Whitelist Company Ltd.". spamhaus.org. 
  19. ^ "The Spamhaus Foundation". spamhaus.org. 
  20. ^ spamhaus.org
  21. ^ theregister.co.uk
  22. ^ [1]
  23. ^ Leyden, John (2006-10-10). TheRegister.co.uk "Spamhaus fights US court domain threat". The Register. Retrieved 2007-02-04. 
  24. ^ Linford, Steve. "TRO Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Retrieved 2007-02-04. 
  25. ^ computeractive.co.uk "MP calls for suspension of judge in Spamhaus case". Computeractive. 2006-10-10. Retrieved 2011-03-23. 
  26. ^ Evers, Joris (2006-09-14.). "Spam fighter hit with $11.7 million judgment". Retrieved 2007-02-04. Unknown parameter "news=" ignored
  27. ^ "Case 1:06-cv-03958 - Document 29-1 - Filed 10/06/2006 (PDF version of Proposed Order)". The Spamhaus Project website. 2006-10-06. Retrieved 2007-02-04. 
  28. ^ Steve Linford, Steve. "Court Answer: e360Insight vs. The Spamhaus Project". The Spamhaus Project website. Retrieved 2007-02-04. 
  29. ^ Linford. "Responds here". The Spamhaus Project website. (No longer available, but partially archived at U.S. Court Order Could Boost Spam By 50 Billion Daily, Spammer Cajoles ICANN To Ban Spamhaus, Groups.google.com, highspeed and Groups.google.com, abuse.email as of 2007-02-04.)
  30. ^ Carvajal, Doreen (2006-10-16). "Defending a Blurred Line: Is It Spam or Just a Company Marketing by E-Mail?". The New York Times. Retrieved 2007-02-04. 
  31. ^ "Spamhaus Litigation Update". ICANN. 2006-10-10. Retrieved 2007-02-04. 
  32. ^ "Case 1:06-cv-03958 - Document 36 - Filed 10/19/2006 (signed version of denial without prejudice of Plaintiffs’ motion [26] for a rule to show cause)". ICANN. 2006-10-20. Retrieved 2007-02-04. 
  33. ^ "Domain Firm, Tucows, and ICANN, Win Spamhaus Litigation". Cheaphostingdirectory.com. 2006-10-30. Retrieved 2006-02-04. 
  34. ^ "e360 Has Gone Bust". groups.google.com. 
  35. ^ Masnick, Mike (16 June 2010). "Spammer's $11 Million Win Against Anti-Spammer Spamhaus, Reduced To $27,000". techdirt.com. Retrieved 23 November 2010. 
  36. ^ "Case 1:06-cv-03958 - Document 242 - Filed 06/11/10". archive.org. Retrieved 3 April 2013. 
  37. ^ " Appeals judges berate spammer for "ridiculous," "incompetent" litigation", Timothy B. Lee, June 14, 2011, artechnica.com
  38. ^ Seventh Circuit Nos. 10-3538 & 10-3539, ARGUED JUNE 8, 2011—DECIDED SEPTEMBER 2, 2011
  39. ^ "Spamhaus Victory in Final Appeal in E360 Case", 2011-09-05, Quentin Jenkins"
  40. ^ a b c "Spamhaus statement on Report on the criminal 'Rock Phish' domains registered at Nic.at". spamhaus.org. 
  41. ^ a b "Spamhaus.org setzt Österreichs Domainverwaltung unter Druck" (in German). heise.de. 19 June 2007. 
  42. ^ "Quote NIC.at CEO Wein: "Die DNS-Provider der Domains haben die Einträge gelöscht." ("The DNS providers of the domains deleted the domain entries.")". heise.de. 
  43. ^ "Spamhaus: We Blocked Google Docs Not Gmail". Softpedia. 20 August 2010. Retrieved 21 August 2010. 
  44. ^ "Open DNS Resolver Project". Retrieved March 28, 2013. 
  45. ^ "Deep Inside a DNS Amplification DDoS Attack" (blog). CloudFlare. October 30, 2012. Retrieved March 28, 2013. 
  46. ^ Eric Pfanner; Kevin J. O'Brien (March 29, 2013). "Provocateur Comes Into View After Cyberattack". The New York Times. Retrieved March 30, 2013. 
  47. ^ a b Markoff, John; Nicole Perlroth (26 March 2013). "Firm Is Accused of Sending Spam, and Fight Jams Internet". The New York Times. Retrieved 27 March 2013. 
  48. ^ P. Ferguson; D. Senie (May 2000). "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing". The Internet Engineering Task Force (IETF). Retrieved March 28, 2013. 
  49. ^ John Markoff; Nicole Perlroth (March 27, 2013). "Attacks Used the Internet Against Itself to Clog Traffic". The New York Times. Retrieved March 28, 2013. 
  50. ^ Nichole Perlroth (March 29, 2013). "Devices Like Cable Boxes Figured in Internet Attack". The New York Times. Retrieved March 30, 2013. 
  51. ^ a b BBC: Global internet slows after 'biggest attack in history', 27 March 2013
  52. ^ John Markoff; Nicole Perlroth (March 26, 2013). "Firm Is Accused of Sending Spam, and Fight Jams Internet". The New York Times. Retrieved March 27, 2013. 
  53. ^ "The DDoS That Knocked Spamhaus Offline (And How We Mitigated It)" (blog). CloudFlare. March 20, 2013. Retrieved March 27, 2013. 
  54. ^ The Truth behind the "Biggest Cyber Attack in History": The disruptions, centered in western Europe, were largely unnoticed even when occurring. They may prompt a fix for a security flaw in the domain name system underpinning the Internet; TechNewsDaily (March 27, 2013). Scientific American https://www.scientificamerican.com/ar ticle.cfm?id=the-truth-behind-the-big gest-cyberattack-in-historyBare URL needs a title. Retrieved March 28, 2013. 
  55. ^ Schwartz, Matthew J. (19 March 2013). "Anonymous DDoS Attack Report Bogus, Spamhaus Says". Information Week. Retrieved 28 March 2013. 
  56. ^ ClickZ: Hormel OKs Spamhaus' Trademark

External links

(Sebelumnya) The Singularity Is NearThe Wall Street Journal (Berikutnya)