Talk:The Spamhaus Project

From Wikipedia, the free encyclopedia
Jump to: navigation, search

MIssing criticism section[edit]

This article does not mention the trouble Spamhaus is causing for normal computer users, mobile device owners and businesses. Their ridiculous policy of blackllisting dynamic (!) IPs for a long time that were used by baddies once a long time ago is causing innocent people a lot of trouble, money and inconvenience because the lists are not really maintained.

I just tried to get a dynamic run-off-the-mill t-mobile IP unlisted, after getting several blacklisted IPs in the usual "re-connecting in the hope I get a clean one this time" dance. It's impossible because these jackasses don't accept emails from any of the big mail providers and all I have is a Gmail account, so I can't get that off the list. There is no contact address for this so-called organization of self-proclaimed internet cops, so there is basically no way for their "victims" to rectify the situation. I have to contact my ISP to get that done, but even if they'd care to do something about it, I doubt they'd get anywhere. I don't like spam either but what Spamhaus does is just the most stupid way of fighting it and they should be kicked off the internet themselves. (talk) 01:17, 2 April 2013 (UTC)

You're apparently complaining that you were prevented from removing a DYNAMIC IP from Spamhaus... Were you running a mail server on your DYNAMIC IP? No? Then simply turn your SMTP AUTHENTICATION on like everybody else on the internet! Jeeeze. Nobody wants direct-to-MX SMTP from dynamic IPs. Do yourself a favour and go read the FAQ: PavelTishe (talk) 09:14, 4 January 2015 (UTC)

Some other perspective[edit]

The PBL removal only last a year. It should last as long as I pay for my fixed IP address, that way it will be flagged according to the current status and not acording to an unexpected timer that causes mail to fail and reduces the reputation of the IP address each time it fails without cause.

Really? "PBL removal should last as long as I pay for my fixed IP address"? You're saying that Spamhaus should have a link into your ISP's billing system to know when you stop paying for your IP address? PavelTishe (talk) 09:14, 4 January 2015 (UTC)

Idyllic press (talk) 13:43, 20 June 2013 (UTC)

Wider spread of problems[edit]

I added the references above to the talk page because they were considered a bit too light for inclusion to the main article. They could not be followed previously by anyone as I did not list them which I have now done below. My reason was that I am not the only person who has suffered at the hands of Spamhaus policy. My contention is if they demand action other than the Internet RFCs do then they must have a way to work around this if others are not prepared to follow their non-standard rules. I just want my static IP address to remain off their lists and not have to unblock it every year. Because their policy affects comparatively few people who run mostly private SMTP hosts it gets little atention and there is no known remedy.

Spamhaus, as an operation that claims to protect the bulk of the internet mail users from pointless spam, likely suffer from some measure of attacks (quite a bit of that of late it seems). Some of the attacks are probably email based to which end they seem to have resorted to removing meaningful contact information from thir web site and the public sphere. They are also mostly indifferent to the problems caused by false positive flagging (by annual timer and though no fault) of legitemate and conforming servers on their PBL lists when their policies conflict with those of other organisations like Rackspace, AWS at Amazon and others that are not prepared or able to manage their static IP address space more dilligently as demanded by Spamhaus.

At this point every year they add static Rackspace IP addresses to their PBL which causes loss of service, loss of IP address reputation and ongoing problems with lingering filtering by gMail servers based on past listings. They unilaterally insist that IP address owners have to manage their static IP addresses and some owners like Rackspace do not do this.

They have placed a burden on Rackspace that Rackspace is unwilling to shoulder. This is not an RCF or other Internet standard that needs to be followed for compliance, this is a mechanism that Spamhaus elects to use to simplify their life. They could permanently remove an IP address from the PBL if it has had a request before to be flagged as a static mail sender IP address. Rackspace could notify Spamhaus that a paid static IP address is just that and should never go on the PBL. One party is arrogant and does insists on more from the internet than is specified, and the other is lazy and charges money for a static address that does not change claiming is must be a dynamic address because it is used in a server pool.

I added the REFERENCE LIST below as there was no way to follow the references above without looking at the source.

The attitude of Spamhaus to individuals by making it near impossible to contact them (give it a try) and their disdain for internet standards placing a unwanted burden on IP address owners are serious problems to their credibility.

Idyllic press (talk) 15:05, 15 August 2013 (UTC)

Are you making a suggestion about this Wikipedia article? talk pages are not a forum for general discussion of a topic. I understand that you must be frustrated, but as you said, none of those sources (three forum posts and a blog entry) are good enough for inclusion in the article. Saying they are a bit too light is a bit too generous. Grayfell (talk) 19:47, 15 August 2013 (UTC)


Edit to Libel Published in Section "Cyberbunker DDos Spamhaus"[edit]

The STOPhaus Movement versus Spamteq aka Spamhaus and DDoS attack[edit]

Diagram showing the role of open resolvers, improperly configured servers vulnerable to IP address spoofing[1]

On March 15th, 2013, a single member of The STOPhaus Movement, a collective of online hacktivists and ISPs alleged by Spamhaus to be cybercriminals initiated a large scale Operation and DDoS attack against Spamhaus, accusing Spamhaus of crimes such as extortion, blackmail, and computer sabotage along with a series of complaints concerning Spamhaus' infamous "escalation" process. The attack exploited a long-known vulnerability in the Domain Name System which permits origination of massive quantities of messages at devices owned by others using IP address spoofing.[2][3] Devices exploited as one of the over 30,000 open recursive servers, or open resolvers, used in the attack may be as simple as a cable converter box connected to the internet.[4].

After Spamhaus' main public image website at was taken offline by this DDoS attack for almost a full week, Spamhaus reached out to Mathew Prince of Cloudflare, a Content Delivery Network service that specializes in DDoS mitigation. At that time, Cloudflare utilized their Anycast system to mitigate the DDoS attack, affecting the websites of almost 1 million URLs. The attack was of a previously unreported scale (peaking at 300 gigabits per second; an average large-scale attack might reach 50Gbps, and the largest previous publicly reported attack was 100Gbps) was launched against Spamhaus’s Domain Name System (DNS) servers;[5]Other members of M3AAWG aka Messaging Anti-Abuse Working Group [6], such as Google, had made their resources available to help absorb the traffic. The events are being investigated by five different national cyber-police-forces around the world to determine if either the attackers or Spamhaus have committed a violation of law. Spamhaus alleged that CyberBunker, in cooperation with “criminal gangs” from Eastern Europe and Russia, were behind the attack; CyberBunker did not respond to the BBC’s request for comment on the allegation, but maintains that CB3ROB was not behind the attack on Spamhaus, but was merely a representative for the group known as The STOPhaus Movement. [5]

According to what Cloudflare submitted to the New York Times, an Internet activist who said he was a spokesman for the attackers, Sven Olaf Kamphuis, said in a message, “We are aware that this is one of the largest DDoS attacks the world had publicly seen”, and that CyberBunker was retaliating against Spamhaus for “abusing their influence”. Despite this claim, Sven Olaf Kamphuis maintains that he did not make this statement and that Cyberbunker was not involved in the attack against Spamhaus. The NYT added that security researcher Dan Kaminsky said “You can’t stop a DNS flood ... The only way to deal with this problem is to find the people doing it and arrest them.” Apparently this OpenDNS issue was noted over a decade ago and was reported to be a problem that needed to be addressed. This seems to conflict with Dan Kaminsky[7]On Apr 26, 2013 the owner of CyberBunker, Sven Olaf Kamphuis, was arrested in Spain for investigation into his alleged part in the attack on Spamhaus. He was later released while awaiting trial for multiple alleged computer crimes [8]

CloudFlare, an Internet security firm assisting Spamhaus in combating the DDoS attack, was also targeted after they placed their own IP addresses behind Spamhaus' DNS records, which were already under attack. The STOPhaus Movement maintains that they did not target Cloudflare, but that Cloudflare offered a DDoS Mitigation service which inherently causes damages and that they made this decision on their own free will.

On March 18 a campaign claiming to be by group Anonymous, “Operation Stophaus”, was announced on the bulletin board Pastebin; there is also a website registered to a Russian Citizen and currently hosted in Russia as well located at Spamhaus has repeatedly attacked the ISP that supports this public forum, alleging that it is controlled by a ROKSO listed person named Andrew Jacob Stephens. Stephens', however, denies having any control over the forum and states that he is not the domain registrant or the server administrator, but only an admin on the forum and one of the founding members of The STOPhaus Movement.

The activist group group Anonymous was never involved. The fake 'Anonymous campaign' was posted to Pastebin by Andrew Jacob Stephens, a Florida-based spammer and hoodlum who pretends to be "Anonymous". Stephens is the same hoodlum who announced "Operation Wikipedia War, to bring Wikipedia to its knees" because Wikipedia editors would not allow Stephens to vandalize the Spamhaus entry. — Preceding unsigned comment added by PavelTishe (talkcontribs) 09:29, 4 January 2015 (UTC)

— Preceding unsigned comment added by (talkcontribs) 10:30, 22 June 2013‎ (UTC)


  1. ^ "Open DNS Resolver Project". Retrieved June 22, 2013. 
  2. ^ P. Ferguson (2000). "Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing". The Internet Engineering Task Force (IETF). Retrieved March 28, 2013.  Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)
  3. ^ John Markoff; Nicole Perlroth (March 27, 2013). "Attacks Used the Internet Against Itself to Clog Traffic". The New York Times. Retrieved March 28, 2013. 
  4. ^ Nichole Perlroth (March 29, 2013). "Devices Like Cable Boxes Figured in Internet Attack". The New York Times. Retrieved March 30, 2013. 
  5. ^ a b BBC: Global internet slows after 'biggest attack in history', 27 March 2013
  6. ^
  7. ^
  8. ^ Nicole Perlroth (April 26, 2013). "Dutch Man Said to Be Held in Powerful Internet Attack". The New York Times. Retrieved May 15, 2013. 

Talk About Conflict of Interests[edit]

It appears that this Page has been modified and edited over 60 times by someone that has no other contributions to Wikipedia other than to Steve Linford and Spamhaus. I can see why STOPhaus seems so interested in disputing this propaganda. The Wikipedia Page on Spamhaus is obviously a manifestation of Conflicts of Interests unless this Wikipedia user can explain away their contributions.

STOPhaus made a statement, on their website[1] , that reads;



COI - Only Contribs are for Spamhaus and Spamhaus Related data. This is almost definitely a Spamhaus volunteer or completely obsessed with making Spamhaus appear like something they are not.

No shit sherlock; they disclosed their COI in this edit. PantherLeapord (talk) 06:12, 22 July 2013 (UTC)

Maybe I am confused. If they "disclosed that they have COI" then why are they allowed to make such edits and entries. Propaganda much? Seems to me that STOPhaus may be onto something here. It is also interesting that they mentioned your name PantherLeapord, and you quickly responded here. Your contributions to the Spamhaus Page also seem very suspicious to the average viewer.


  1. ^ [] Check |url= value (help).  Missing or empty |title= (help)

PantherLeapord - Possible Spamhaus Volunteer Positioning Himself?[edit]

It is quite interesting that PantherLeapord stumbled upon Wikipedia right around the time that STOPhaus was in an edit war[1] on the Spamhaus Page and the first contributions to Wikipeida were to maintain propaganda on the Spamhaus Page. One would be inclined to believe that there is a connection between Spamhaus and PantherLeapord. Possibly from n.a.n-a.e and working to position himself to prevent any future controversy from appearing on the Spamhaus Page? A diligent person may find that this user is, quite possibly, [ Sam Varshavchik], a known Spamhaus volunteer.