How to get on the Spamhaus lists without spamming
Unsolicited correspondence (SPAM) has undoubtedly become an integral (alas!) Part of the modern Internet. Of course, it is possible (and necessary) to fight spam, but the methods of such a struggle can be different. You can deal with spam at the stage of sending letters, you can at the stage of receipt. When you receive letters, you can filter them in various ways - check SPF, DKIM, spam lists. I would like to write about the latter, namely about the Spamhaus spam lists.
In principle, spam lists are a useful invention - their use does allow weed out a significant part of spam. However, such sheets make sense only if they contain relevant information. This is where the problem begins.
There is such an organization as Spamhaus, spam lists from which are very popular and, moreover, some domain zone registries accept data from these lists as a reason for blocking a domain. Nonetheless, the Spamhaus approaches are somewhat surprising.
For example, an IP address can get from spam lists, even if not a single letter was sent from it. For the sake of fairness, it is worth noting that this is usually still connected in some way with questionable activity, but with virtual hosting, hitting an IP address with such a list affects all users of this hosting, including bona fide ones, who are usually the majority.
')
A few years ago, Spamhaus provided sufficient evidence with the headers of the letter, but the approach changed not so long ago. Now such an application Spamhaus produces not only when spam is detected, but also when botnet controllers are detected, but the evidence is very concise. For example, in one of the SBL (http://www.spamhaus.org/sbl/query/SBL194743), 6522 port was open for proof of such activity, but there was also SBL194500 (now, however, already remote) where the port was 443 and everything the proof was to connect to this port using telnet.
Thus, to get into the spam lists, it is enough that _one_ the client has placed a botnet controller (which recently is just a php script). Even if the provider providing virtual hosting is irreconcilable about spamming, it will still sooner or later get into Spamhaus spam lists and find out about it only after multiple calls to it by its clients with questions like “why my mail is lost”. There is, however, the DNSBL Datafeed service, which is provided by Spamhaus and it allows you to get information about the listing in the sheets a little earlier, but this service, of course, is paid.
In principle, spam lists are a useful invention - their use does allow weed out a significant part of spam. However, such sheets make sense only if they contain relevant information. This is where the problem begins.
There is such an organization as Spamhaus, spam lists from which are very popular and, moreover, some domain zone registries accept data from these lists as a reason for blocking a domain. Nonetheless, the Spamhaus approaches are somewhat surprising.
For example, an IP address can get from spam lists, even if not a single letter was sent from it. For the sake of fairness, it is worth noting that this is usually still connected in some way with questionable activity, but with virtual hosting, hitting an IP address with such a list affects all users of this hosting, including bona fide ones, who are usually the majority.
')
A few years ago, Spamhaus provided sufficient evidence with the headers of the letter, but the approach changed not so long ago. Now such an application Spamhaus produces not only when spam is detected, but also when botnet controllers are detected, but the evidence is very concise. For example, in one of the SBL (http://www.spamhaus.org/sbl/query/SBL194743), 6522 port was open for proof of such activity, but there was also SBL194500 (now, however, already remote) where the port was 443 and everything the proof was to connect to this port using telnet.
Thus, to get into the spam lists, it is enough that _one_ the client has placed a botnet controller (which recently is just a php script). Even if the provider providing virtual hosting is irreconcilable about spamming, it will still sooner or later get into Spamhaus spam lists and find out about it only after multiple calls to it by its clients with questions like “why my mail is lost”. There is, however, the DNSBL Datafeed service, which is provided by Spamhaus and it allows you to get information about the listing in the sheets a little earlier, but this service, of course, is paid.
Source: https://habr.com/ru/post/258535/
All Articles