Spamhaus Survives Largest DDoS Attack in History

Beginning in mid-March, anti-spam group Spamhaus experienced a Distributed Denial of Service attack. This, and the subsequent attacks lasted for several days and resulted in the inability to access the Spamhaus website as well as some of their services. It was anointed as the largest DDoS attack in history. Although the perpetrators remain unknown, it is being assumed that the attackers were in fact a group of spammers fighting against an organization that was “abusing their influence.”

Spamhaus is an international nonprofit whose mission is to track the Internet’s spam operations and sources, provide dependable realtime anti-spam protection, work with law enforcement to identify and pursue spam gangs, and to lobby governments for effective anti-spam legislation. In short, Spamhaus has a very significant and influential role fighting spam. Spamhaus uses this influence to maintain a spam blocking database that protects nearly two billion mailboxes. System administrators can use the service for free, based on a few guidelines, and many more companies use Spamhaus in commercial applications.

So why would a domain, host, or IP address be listed by Spamhaus? For a host to be listed on the Spamhaus DNSBLs, there has to be a clear pattern of spam and abuse. For a domain or sending IP to be listed, Spamhaus monitors a number of statistics, and also looks at spam trap hits. In any case, if a mailer is following best practices, there is little chance of being blocked by Spamhaus. The most common way to end up in trouble is by not maintaining the list hygiene, and allowing more than one spam trap hit. This is why list hygiene procedures are must have, not only to remove user unknowns, but also to remove any dangerous spam trap emails that could have ended up subscribed.

In addition to the DNSBLs and multiple IP blacklists that Spamhaus maintains, the organization also publishes ROKSO. ROKSO is the Register Of Known Spam Operations, and contains information and evidence on spam gangs worldwide. ROKSO contains over 100 known spam operations that have been terminated by at least 3 internet service providers for spam offenses. The database has a mountain of information, including known aliases and “doing business as” names, their spamming violations, and the violator’s country of origin. Many of these spammers also sell data, and can look legitimate on the surface to an untrained eye or naïve marketer. It would be a wise idea to investigate anyone you do business with and make sure they aren’t listed in ROKSO, or brokering data from anyone that is.