SpamHaus Lawsuit (Updated)

There’s been a lot written about a spammer listed by SpamHaus sueing them in the US, but this lawyers account is worth a read. Basically it looks like SpamHaus made a legal mistake in the way they dealt with the US court:

3. That said, Spamhaus had a likely winner of an argument if they’d made it from the beginning: the U.S. court does not properly have jurisdiction over the U.K.-based company. […] it would have been possible for an attorney to make what is known as a “special appearance” before the court without acknowledging the court’s jurisdiction in the case. Reading the record, I’m puzzled that this wasn’t the strategy Spamhaus’s counsel chose.

4. Unfortunately, since that’s not what happened, Spamhaus may have waived personal jurisdiction as a defense early on in the case when they not only appeared, but then asked for the case to be removed from state court (where it was originally filed) and moved to federal district court (where it is today).

Most importantly, he says:

9. Finally, one last point: anyone who has a chance to talk publicly about this, if you are a friend to Spamhaus I would strongly urge you to refrain from making derogatory statements about the judge or the legal system in the U.S. Talk all you want about the evidence that you believe demonstrates e360 is a spammer. Talk about how important Spamhaus is to the functioning of email. But calling the judge stupid doesn’t help the case. Given the record, the judge had little choice other than to do what he did. So far as I can tell, Spamhaus presented no argument that would let him get out of this case, even withdrawing the answer that had been filed from the proceedings.

Anyway, he says a lot more than that so please go and read.

Update: The spammer who is suing SpamHaus is now being sued themselves in California on 87 counts of spamming.

7 thoughts on “SpamHaus Lawsuit (Updated)

  1. spamhaus is evil. they make some blacklisting errors, explain how to get it resolved, but ignore the correspondence. after NUMEROUS attempts to contact them we have discovered that they are just a bully with power.

  2. Nice to see how SpamHaus have chosen to hide all the real facts in this case.

    As much fun as it might be the pretend a Judge is stupid – get real – almost these people are really smart. The reason it *looks* like the Judge is stupid is because SpamHaus have conveniently not shown you the real reason why they lost the case – which is because they did a whole lot of disgusting abuse-of-power acts to yet another victim – but this time the victim’s fighting back.

    By all means – block spammers. BUT – don’t block people you simply dislike, and when you stuff up, either fix it, or get sued into non-existence with the half dozen other bankrupted “anti-spam” vigilantes where you belong.

  3. As the operator of a mid-size hosting company, I can say without doubt that it is time for SpamHaus to go, regardless of how useful they may have once been. They have taken what was once a useful tool and turned into nothing but a platform they preach from. There is no reason for them to fight lawsuits, since they seem to think they are in fact above the law. Here are a few issues I’ve experienced with them first hand:

    Their listing policies are completely arbitrary and get applied differently by every SpamHaus volunteer. There is absolutely no objective criteria to explain why some people get listed, while others who are clearly spamming do not. Plus, they have no clear criteria for de-listing address space once it’s been listed. When dealing with SpamHaus, I usually feel like might as well ask the magic 8 ball if/when the listing will be removed, since nobody at Spamhaus is usually willing to volunteer the info.

    They refuse to provide evidence to back their actions on a regular basis, even for listings that cover huge amounts of address space. I’ve literally had exchanges with their staff that went something like this:

    Spamhaus – we are listing these 256 IP’s on your network – there is spam coming from that range somewhere.
    Us – Really? We don’t see any abuse complaints coming in to suggest that, can you tell us what IP it’s coming from or what type of spam you are seeing so we can investigate?
    Spamhaus – no, we won’t provide you with any sample pieces of UCE, point out specific IP addresses, or provide a single shred of evidence to back the listing. We are a listing organization, not a spam reporting service.
    Us – So, are we supposed to use our psycic jedi powers to determine which customer out of 100 that are hosted in that range is sending the spam?

    They have an expectation that network operators will act solely on their word, without any further investigation into any claim they make. I’ve had SpamHaus volunteers get very upset with the fact that I will normally talk to a customer about what is going on rather than just terminating them outright.

    They expect network operators to handle abuse issues as soon as possible (I’ve been scorned for taking over 24 hours to handle an issue over a weekend), yet their staff will sometimes refuse to answer requests for days or weeks at a time, and then they continually use ‘we are just volunteers, we don’t get paid’ as the excuse for why they can’t be timely about answering emails.

    They will regularly list address space on a punitive basis if the powers that be at Spamhaus don’t feel you are handling abuse issues in a manner that suits them – i.e. listing a block of 4000 IP addresses because UCE was originating from a few IP’s within the block, and then refusing to remove the listing for weeks afterward even after being shown clear evidence that the offending customer within that ip block that was sending the UCE has been terminated.

    Many of our customers run ecommerce sites and regularly send newsletters and advertisements to their customer base on a completely opt-in basis. Users do sometimes sign up for stuff and forget that they have requested it, but according to the law as laid down by Spamhaus this couldn’t possibly ever happen, and if someone complaints to SpamHaus about it, they will insist that we terminate that customer before de-listing our address space, even if the customer can provide full account information and opt-in data.

    These are but a few of the ridiculous issues we’ve dealt with over the past few years with Spamhaus.

    Compare this to another RBL like SpamCop, who has an objective listing policy, a clear de-listing policy and procedure, and has a pretty open policy regarding keeping network operators in the loop on what they see coming in from their networks. In my experience, Spamcop does just a good a job at blocking Spam as Spamhaus does when combined with some other filtering tools, but they do it without nearly the amount of collateral damage in terms of blocked legitimate email. Spamcop certainly isn’t perfect, but they are a lot closer than SpamHaus.

  4. I also agree that SpamHaus must go. It’s quasi-bureaucratric messes like this that ruin business. That said, I believe there has to be something to control this function of oversight… but the was it currently is going is causing more harm than good.

  5. If Spamhaus lose this lawsuit (which they are ignoring as they are
    UK-based and this is some judge in Chicago), they may very well lose
    their “.ORG” domain – which would have a rather large impact on our
    Antispam scores for a start.

  6. I wonder if the recent two anti-spamhaus comments (from which I chose to remove their spammy links rather than censor them completely) are related to this ?

    SecureWorks collaborated with network administrators to analyze the traffic from some of the computers infected with Srizbi that were responsible for sending the Ron Paul spam. This allowed the researchers to discover the location from which the botnet was operated—a colocation facility in the US. The researchers collaborated with Spamhaus to get the server shut down and then obtained the source code used on the control system, a Python-based spam botnet management tool known as the Reactor Mailer. The logs present on the system prove that it was indeed the origin of the Ron Paul spam. Further research showed that other systems in the same colocation facility were also controlling various segments of the Srizbi botnet, and using it to transmit spam advertising fake watches and enlargement pills.

Comments are closed.