Hacker News new | past | comments | ask | show | jobs | submit login
Spamhaus Nightmare: Domain Shut Down, No Notice, Over A Million Pages Down
245 points by jpadvo on Dec 30, 2011 | hide | past | favorite | 95 comments
I am writing this here on HN, because at the moment you cannot access our blog. Our domain name was shut down this morning, and I'm trying to get it back. Here's what happened...

Our company provides tools to help people put together pages for their businesses. Our free tool has been used to create over million page tabs on Facebook. Unfortunately but predictably, sometimes bad people use our app. Like spammers.

Overnight, our domain was blacklisted by Spamhaus because one of our pages contained spam. (Anybody want a free iPad?)

We run our infrastructure on Heroku, and use Bluehost for domain names. Well, as soon as Bluehost recieved notice from Spamhaus, they shut off the DNS for our domain. All million plus pages, gone in the blink of a DNS propagation.

Thankfully we were able to switch over to [appname].heroku.com for now and most of the pages are back, but we have paying customers who are in the dark because they rely on our custom domain name.

Our product, that over a million people rely on, suddenly ceased to exist. No advance notice. Nothing we could have done to stop it. Because of ONE bad apple.

This kind of thing will happen in SOPA world, if we let ourselves get there. But instead of being able to call my registrar and yell at them, I would have had to call the government, and oh-by-the-way they might fine or imprison me for having hosted spam.

Let me end with a practical, really-important-to-me-right-now question: is there any possible way to not get randomly nuked by Spamhaus?




The Spamhaus people are bad guys. I gradually realized that during the time I worked on spam filters. They presumably started out with good intentions, but the position they're in has corrupted them.

It's true of a lot of the guys running blacklists. And more generally, of a lot of people in the position of police. You tend to become a mirror of whatever bad guys you're fighting. Your tactics have to match theirs, and pretty soon your principles start to as well. I suspect this tendency is so universal that you have to make a conscious effort to avoid it.


We deal with spamhaus. They have false positives just like every other blacklist. I'd agree that most blacklist opers are pretty removed from the realities of hosting / running a site / large community.

Your registrar pulling your domain for this is ridiculous. I would switch ASAP to someone who cares more about their clients.

This, however, is just a symptom of a bigger issue: DNS is fundamentally broken. We need a scalable, open-source, free alternative solution for SSL and DNS that does not rely on any central authority. Namecoin seems cool and it'd be sweet if people started using that.

The other idea is to have a new "anti censorship" root zone, and mirror all COM/NET/ORG etc TLDs. We could pass around this info and in the event of mass censorship, people could migrate onto the new root servers.

We're putting way too much power in the hands of ICANN / Verisign / any random registrar or host with our current system.


Well it also costs a lot of money to operate those servers and to operate administrative stuff that ICANN does. Who will pay?


You're selling red herring.

I pay for DNS and hosting - it's 'just another bill'


Namecoin is crowd-hosted in a peer-to-peer network. Problem solved. Or it WOULD be solved, if everyone used it.


> The Spamhaus people are bad guys. I gradually realized that during the time I worked on spam filters. They presumably started out with good intentions, but the position they're in has corrupted them.

That's a very attacking statement to call people "bad guys". Not just "they're not doing a good job", but actually "bad people". Ouch.

Worse, I think it's totally wrong.

While I do agree with the problem of "power corrupts", I believe that Spamhaus have been highly successful at avoiding that.

I've dealt with and spoken with people at Spamhaus regularly, and they're smart people fighting the good fight. They know what they're doing, and take their responsibilities seriously. They don't blindly attack people or use threats or accuse them of misdeads. They gather evidence about bad behaviour and act on it.

The proof is in the pudding. 100's of RBLs have come and gone over the years, either run as temporary projects that the owner gave up on one day, or gone the "power corrupts" option and just ended up listing so many IPs they've generated too many false positives (e.g. SPEWS).

Spamhaus RBLs are still being run today, and being done so very successfully. Virtually every small/medium email server I know uses them in one form or another (blocking or scoring). They generally have very high block rates, and very low false positive rates.

From a time when Al Iverson was still keeping stats on the various RBLs out there, you can see the Spamhaus zen RBL on it's own generally caught 75% of spam with 0% false positives.

http://web.archive.org/web/20080703181952/http://stats.dnsbl...

Certainly some listings are controversial (eg google docs), but it's always been for a good reason, and forced the provider of the service to come to terms with the fact their spam policies were lax or their service was being seriously abused by spammers. They were thus forced to take action, something they should have been doing anyway.

Without Spamhaus, the internet would be a way worse place, with way more spam/junk emails and websites.


Spamhaus is not as bad as some other blacklists have been, certainly. Nor do I think they started out as bad people, though you have to admit that running a blacklist might tend to attract a certain type of person. Nor do I think they're stupid, or that their lists are ineffective (at the times when they're not deliberately blacklisting innocent people). But like others who've gone into the blacklist business, they do seem to have lost their way morally. I wrote about an example here: http://paulgraham.com/spamhausblacklist.html


So you're still saying that maybe they didn't start that way, but right now they are bad people, who have lost their way morally.

I think that's an incredibly harsh accusation for people that are doing an awful lot of work collecting evidence and fighting real spammers on the internet (http://www.spamhaus.org/rokso/index.lasso), and again, I totally disagree with you.

> though you have to admit that running a blacklist might tend to attract a certain type of person

I think you could tar so many people in so many industries with broad brush stroke sterotypes like that, it seems an unhelpful generalisation to make.

From the article you link:

> As of this writing, any filter relying on the SBL is now marking email with the url "paulgraham.com" as spam.

The SBL is an IP based RBL, nothing to do with domains, so the above statement is patently false. And if anyone was doing IP lookups of URI's in emails and using the SBL for that (which I've never even heard of), that's clearly a misuse of the SBL anyway, because that's not what the SBL is supposed to be used for.

As the policy clearly says:

--- http://www.spamhaus.org/sbl/policy.html

The Spamhaus Block List ("SBL") Advisory is a database of IP addresses which do not meet Spamhaus's policy for acceptance of inbound email and therefore from which Spamhaus does not recommend the acceptance of electronic mail. ---

So it should only be used to block machines sending email, nothing about the content thereof.

There's RHSBLs (like SURBL and URIBL) that are related to dealing with URI's in emails, that's nothing to do with IP RBLs like SBL.

> Why? Because the guys at the SBL want to pressure Yahoo, where paulgraham.com is hosted, to delete the site of a company they believe is spamming

What's that got to do with the SBL again? The SBL is purely about what IP addresses "from which Spamhaus does not recommend the acceptance of electronic mail", nothing about websites. So that whole accusation feels wrong. Mixing up email sending servers and websites, domains and IPs, and absolutely no evidence for it at all.


It was the SBL. I don't remember the details of how my emails were getting blocked. But they were obviously getting blocked, because if they hadn't been, I'd never have found out about the problem. At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means.

You seem naive about the nature of evil if you think that it somehow precludes doing constructive work. Bad people don't wake up every morning thinking "what evil shall I do today?" What distinguishes them is that they cross lines other people won't. But the situations that test them may come up fairly infrequently.


"At the time the Spamhaus guys themselves didn't deny that they'd blacklisted large numbers of innocent Yahoo Store users. Their defense was that the end justified the means."

Putting this into context, this wouldn't have been the first step. This type of measure was typically implemented after it becomes increasingly clear that Yahoo would not, or could not, adopt measures to reduce the amount of spam coming from their mail servers.

One of Yahoo's general weaknesses is that it takes over 24 hours from sending a complaint until appropriate action is taken (that's why comments on their main sites - e.g. News - contains oodles of spam, and other types of abusive comments). On the typical life-cycle of email spam this is far too long - if a site is ever closed at that point, and so these abusive sites tend to still be up when the email recipient is clicking on those links. Closing a site after the damage has been done is just a never-ending game of whack-a-mole.

Blackholing bigger and bigger chunks of Yahoo Stores is then an escalating step until either Yahoo addresses the spam situation appropriately, or their customers see that Yahoo cannot sustainably provide the service customers are paying for and they either leave or seek legal remedies. At that point innocent customers are paying the price for living in a bad neighbourhood. The question is, why didn't Yahoo do a better job in controlling the level of abuse through Yahoo stores? That Spamhaus felt it necessary to escalate through to blocking chunks of ip addresses indicates Yahoo Stores fell significantly short of what was needed to reduce the spam coming from their servers. The indicative belief from the anti-spam community at that point is: it's mostly clear that the revenue generated from hosting spammers is more important to Yahoo Stores than being able to provide their innocent customers with the level of service they paid for.

From my perspective, SpamHaus were one of the cleaner, more diplomatic black lists around the time of the Yahoo Stores problem. It's been a few years since I last poked around in the anti-spam community. Last I've seen of Spamhaus they didn't defend a legal challenge in California raised by a confirmed spammer, because California doesn't have jurisdiction over UK-located organisations, and so the spammer got a default ruling in his favour ( http://www.theregister.co.uk/2007/03/23/e360insight_lawsuit/ , http://www.spamhaus.org/organization/statement.lasso?ref=3 ).


How is this avoided, on a societal level, in terms of law enforcement - other than making a conscious effort to avoid it?


By having a system of checks and balances in place, that allows due process and impartial review. In the US we have the judicial process in place for this. As an interesting note, SOPA proposes doing away with much of this process in the name of "streamlining."


Yes. And that's what puts vigilantes in a morally dangerous position; by definition they're not answerable to anyone. Or at least not answerable to anything more specific than the law and public opinion.


Spamhaus may be "bad guys" but the DNS manager company is clearly the one at fault here, what they did is way worse in my book that a false spam positive from spamhaus or even their vigilantism.


I think this is the first time I've ever had to down vote pg.

Spamhaus are not the bad guys in any way, it seems like this was a false positive, Spamhaus didn't know who op was (that he was an ISP hosting other's content), and his host apparently suck a bag of dicks and he needs to switch asap.

Put the blame where it belongs, man.


Paul is right on this one. Maybe Spamhaus used to have good intentions but all of my recent dealings with them indicate that they're as unethical as the spammers they claim to fight. Their "shoot first ask questions later" methodology proves that they have no problem railroading anyone unfortunate enough to get caught in their crossfire.


An illustration of what Rene Girard writes about mimetic conflicts?


Oh my, same old Paul. Just can't stop holding a grudge. Seems he forgot to mention the reasons why he still feels the need to badmouth Spamhaus (other than perhaps nothing better to do these years, lack of new ideas?).

Firstly, Paul's grand "A Plan for Spam" method of using Bayesian filters to stop all spam ("I think it's possible to stop spam, and that content-based filters are the way to do it."). Uh, so, how'd that work out? Spammers quickly figured out how to make a mockery of Bayes based solutions. And who is still out there filtering spam using IP addresses & domain names? Spamhaus.

Then, what really got his goat was back in 2005 (yes, long grudge holding, one wonders what he feels about the mail-carrier who lost a letter of his back in '78 ;-) when his vanity site, shared-IP-hosted at Viaweb which had become Yahoo! Stores was blocklisted at Spamhaus. Back then, Yahoo, and Yahoo Stores were a spammer-hosting cesspool and Paul's page was wallowing in the center of it. Rather than get to the bottom of it, Paul just got on a high-horse and ranted about the evils of Spamhaus. A good take on the rant can be read here: http://www.circleid.com/posts/we_hate_spam_except_of_course_...

So, multiple biases. How often people forget to mention those when they post attacks. Now one must ask, who is the "bad guy" and is "corrupt" here?

But the Spamhaus people should be happy with the irony in Paul's hypocrisy. How so? Well, his paulgraham.com's email is filtered by Spamhaus, as is his ycombinator.com's email. As are the emails of most of the social/blog sites he's on (posterous.com, etc.) One wonder how many of these still use "A Plan for Spam"? Okay, that was rhetorical.

Lastly, the pop-psychology in his posting attests that Paul's degrees are in philosophy, not psychology.


You could have pointed out said hypocrisy without the ad hominem attacks, in fact I wouldn't have felt compelled to down-vote you if you had. Instead your comment reads more like a petty tantrum based on some grudge you (apparently, continue to) hold against Paul.


Totally off topic, but the markup for a down voted comment actually drew my attention to it. Kind of a "nothing to see here" sign.

I do agree that the rant is quite unnecessary.


Yah, this is all super topical.


Spammers quickly figured out how to make a mockery of Bayes based solutions. And who is still out there filtering spam using IP addresses & domain names? Spamhaus.

For what it's worth, the SpamBayes plugin for MS Outlook has reliably trapped at least 99.9% of spam for me for several years now, with essentially no false positives at all (where false positives are defined as legitimate mail that bypasses the Unsure folder by receiving a spam score greater than 90%.)

In practice, this is enough to keep my email account essentially spam-free despite the arrival of over 1,000 spam messages per day.

On the other hand, blacklists accomplish nothing beyond interfering with my own legitimate outgoing email, just because somebody else with a Comcast account happens to be infected by a spam-spewing trojan. Gee, thanks, guys.

As a result, I see blacklists the way some people see unions -- as defensive tools that may have been needed at one time, but that are now just unnecessary, parasitic middlemen.


I guess some people might see unions that way, maybe people who haven't observed the 30-year collapse of the middle class in the USA and other western economies. The experience of Germany is instructive though: http://www.addictinginfo.org/2011/08/07/unions-boost-economy...


My recommendation would be to run your own DNS on your own IP addresses. Even with the IP shortage, you should be able to get a small block delegated to you that you can use for your mission critical apps. Once you've got that arranged for, its a fairly trivial task to find a registrar with policies more complimentary to your business.

If its mission critical for your business, then you can't afford to think like a victim. Take charge of your infrastructure where you have to. Relying on third parties is lean, but not always effective - a small amount of fat in the right areas can give you a lot of flexibility (and insurance) that you might not get when you rely on a third party.


I didn't realize that I could set up my own DNS on my own IP addresses. Thank you very much for the suggestion, I'll look into this.

By the way, do you know off the top of your hand any such registrars with more complimentary policies?


If you are in North America, check out https://www.arin.net/resources/transfer_listing/needers.html for details concerning address delegations.

I work for a registrar, so here are my biased recommendations - me (hover.com) or EasyDNS. But don't take my word for it - do your own homework. Its worth knowing what your risks are and no amount of free advice on HN can replace that.


Check out Moniker. They have a no-nonsense policy and are in the business of protecting domain owners.


Correct me if I'm wrong, but even if you run your own DNS servers, can't your domain name registrar still decide to take away your domain name?


yeah, that's why you want to find one that won't. or at least, won't do it in a way that will leave you high and dry without notice.


This is unusual, and it would likely only happen with a respectable registrar if there was a dispute with ICANN.


...or an ICE/DHS seizure conducted independently of your registrar.


Isn't this exactly what happened to the person who posted this?


Yes, the registrars handle the ns assignment which will make DNS moot if modified or deleted.


"is there any possible way to not get randomly nuked by Spamhaus?"

I guess the first step is to set up better monitoring services to prevent your system from being abused by even one bad apple. Try to catch the abuse as quick as possible so you won't raise red flags.

Additionally you should possibly work on segmenting out your customers. If your paying customers are important to you, use a different system for them. If this has the possibility of happening again you don't want to hurt those customers from a similar thing happening again.


> I guess the first step is to set up better monitoring services to prevent your system from being abused by even one bad apple.

I'd love to, but when you have the volume we do there are going to be false negatives. Bad apples will slip through. And if somebody slips through, we're vulnerable for getting blacklisted.

> If your paying customers are important to you, use a different system for them.

This is a very good plan. I'm definitely looking into that...


> I'd love to, but when you have the volume we do there are going to be false negatives. Bad apples will slip through. And if somebody slips through, we're vulnerable for getting blacklisted.

This doesn't mean you have to auto-ban people - but you could easily setup listings that you can quickly glance at to see what your monitoring found. If you are picking up too many false positives, then you can refine your monitoring. Yes - you can't prevent all of them, but once your system starts getting abused you have to assume that others will do it as well. Additionally, you could very well be losing money in service costs due to these people (I don't know your business model so it's just an assumption) - you want to protect that as well.


Right, that works really well for YouTube. The great problem that is created when one tries to apply rules in this way is that, look, big companies won't suffer, and small ones will unduly.

The internet is full of user-generated-content sites and the core objection to SOPA is that we cannot police every posting. We do not currently have a legal obligation to do anything other than respond to complaints.

Further, as a veteran of the hosting industry, I'm really disappointed in BlueHost for taking action against a paying customer's domain name. Be sure to read the SLA and TOS when you sign up for services.


I am against SOPA just like everyone else; however that does not mean we don't have a duty to police our own sites. In this case, someone misusing a service caused the whole service to suffer - including paying customers. This has nothing to do with SOPA but with making sure your business runs properly, and won't affect or cast a bad light on your service.

As for the disappointment at BlueHost - they should have probably let the customer know before taking action - but other than that I think they did the right thing. As a veteran of the hosting industry, if one of your customers wordpress blog was hacked and hosting a phishing site, would you not disable the site and let the customer know right away that they need to clear things up? That's just a random example, but any sane company will protect their servers via a TOS - if they didn't I would be quite concerned about the service they are offering. Just my $0.02 on this..


I'm sorry, DNS/Registration is NOT the same as an exploited website.

There is nothing intrinsically bad about DNS that it needs to be turned off; the OP has already said they were using different hosting.

BlueHost was in no way vulnerable, and in no way needed to protect itself, as the only traffic was DNS requests. GoDaddy tries to pull the same thing with disabling DNS[1].

I feel like we need a Chris Crocker video about DNS systems this month.

1: http://en.wikipedia.org/wiki/Go_Daddy#Suspension_of_Seclists...


You are correct - this is different since they were only providing DNS, too many hours had passed when I replied that I forgot that part of the story.


Excellent point about that. You could always break up free users into a different domain than paying, and even break those up further from there.

Not pretty, but it would help ensure against it.


While I'm sorry this happened to you, and I'm as anti-SOPA as anyone (have called my congress(wo)man, called Boehner and Canter when it looked like they were going to sneak the vote through last week), this has nothing to do with SOPA, and trying to invoke the name for something that you should've been better prepared for is kind of a discredit to the cause.


I disagree, using this as an example of what can happen under SOPA is useful. It shows a real-world example NOW of what can happen in the future. The situation is different but close enough, a third-party decided they didn't like his content and somebody took steps to remove his domain from the Internet, even though no one involved had absolutely anything to do with the content on the domain in the first place.


I agree. It's good to have real world examples so people can see what can happen under SOPA, but I feel with or without SOPA, DNS providers and hosts are going to make stupid mistakes. I do feel that this sort of blanket "we're shutting you down without contacting you" approach is very scary and frustrating, and I think we all fear it could be very common place with SOPA. Bluehost should not have done anything to his domains without contacting him.

I also feel that maybe real-world examples of servers and domains being seized by the government, justified or not, might be more appropriate. Especially when the domains and hardware seized were due to potential copyright infringements and not overly-stringent spam rules.

http://www.wired.com/threatlevel/2011/12/wyden-domain-seizur...

http://torrentfreak.com/feds-return-seized-domain-111208/

http://www.wired.com/threatlevel/2011/07/domain-seizures-def...

http://www.electronista.com/articles/11/11/25/doj.ice.seize....


The difference is that there is a recourse from this. You can call people and get it reversed. If SOPA goes through, you would have to go to court get it fixed.


This exactly the point I was trying to make -- this was a nightmare, but at least I could do something about it. The same exact thing could happen with SOPA, but instead of jumping registrars and getting things fixed, the situation would require court, and potentially fines and jail.

If SOPA passes, and this happened, we would be dead. Users won't wait around for months while the courts slog through a case, they'll just move to the next app.


I agree. I am anti-SOPA, but this is not censorship so much as an overzealous attempt to stop spam, executed poorly. Did they do a wildcard block/hold/whatever on a top level domain of yours *.mydomain.com so all your sub domains got blocked? I'm guessing some goober at bluehost just went one step farther than he should have in just removing the one DNS entry, and they definitely should have contacted you. Sounds like poor customer service.


And if SOPA passes you will see suspiciously simil overzealuos attempts to stop piracy. Same song, different verse but this time you get the federal government involved which is a whole new level of fun.


This is true, and it makes me thing of all of the private sector solutions that are already available. The market creates the solutions and does not need government interference slowing it down or making dispute resolutions more complicated.


I agree http://news.ycombinator.com/item?id=3409045


No hosting provider should ever modify customer DNS without the customer requesting.

Boycott Bluehost!


In the U.S., censorship will very likely travel under the guise of some "overzealous attempt" to stop this, that or the other.

SOPA's censorship problem is not the explicit endorsement of censorship but the precedent of mechanisms and principles that will make censorship far easier to implement and "justify".


Title reads "SOPA-like"?


Unfortunately there's no guarantee that anyone would escape Spamhaus' "love" - they and other RBLs do more damage than spammers, in my opinion. The real WTF in this story is Bluehost's reaction: shutting down DNS on one notice from Spamhaus, really!?


Dyn.com did this to one of my domains as well. They received a complaint from Amazon about a "phishing" link (which turned out to be a legitimate Amazon affiliate link), and suspended my DNS hosting without any warning.


More damage than spammers? I see you've never run a mailserver. I have and I know that Spamhaus are one of the good guys doing a hard thankless job, risking lawsuits and threats, in order to keep email as a useful tool. Spamhaus' RBL is the most reputable of all of them, thanks to years of hard work and sacrifice.

The only people who don't like Spamhaus, in my view, are those ISPs who were happy to make money from selling connectivity to spammers while pretending in public that they hated spam. Them, and people who don't understand what Spamhaus do, like the author of this article, and who think Spamhaus are to blame for their troubles.


The GP is correct.

As one who has worked in the trenches as a mail admin (small potatoes, granted: a few small clients and a couple of small hosting companies), my observation has been than customers bitch way more about the MX servers which reject mail from our servers than the amount of spam in their own in-boxes. They don't give a shit that the recipient is rejecting legitimate mail -- they blame us for their problems. All because some asshat with a copy of TheBat! signed up and managed to send out a couple hundred "Russian bride" spams before we were alerted and nuked the account. I could probably fund a semester of college for some random kid with the time I've been paid to waste on de-listing and convincing idiot admins that one of their customers really wants to get mail from one of mine.

Sure, 99.9% of email hitting the typical in-bound relay is spam, but CPU, RAM, and disk I/O are cheap. Do per-inbox statistical filtering and let the user decide what spam is. Better yet, let client-side filters do the work. Do you think any person would stand to allow a US Postal carrier decide what was junk mail and then not deliver it? People just need to buck up and put in a little of their own effort.

I haven't used an RBL (even if its just one in a battery of weighted tests, such as with Spam Assassin) due to my loathing for the vigilante nature of the RBL scene as a whole. If you operate an RBL -- fuck you. If you are an admin that rejects mail based solely on being listed in RBLs, then fuck you, too. I know I sound like an asshole myself here, but the existence of RBLs has caused me and various mail end-users way more pain than any spammer has.

Bitter? Nah.

As a mail admin, I want to throw SMTP out the window. It wasn't spammers that killed the protocol, but rather the growth of use of RBLs.

Rant aside, I do have a question to contribute to the discussion: Has one of the larger RBLs ever listed one of the huge mail providers (Gmail, MSN/Hotmail, Yahoo?) for any length of time? I know I've gotten spams and scams from all three.


So its time to add Bluehost to the list of companies too unreliable to do business with.


Funnily enough, I just got my Dreamhost bill for the next year and was thinking of switching to Bluehost due to cost. Not any more.


Overnight, our domain was blacklisted by Spamhaus. Nothing we could have done to stop it. Because of ONE bad apple.

Because of major internet infrastructure run at whim by 3rd party blacklists, you mean.

is there any possible way to not get randomly nuked by Spamhaus?

Spamhaus and every service like them.


>Bluehost I'd sue them for damages. WTF do they delete your domain from their name server?! Get a more reliable registrar/name server. Spamhaus or similar black listers can always accidentially list you. Go to their site and remove your domain. No sane person/comapny should immediately assume anything but a accidential listing.


Have you tried using Spamhaus's Blocklist Removal? http://www.spamhaus.org/lookup.lasso


This doesn't sound right. Since when does Spamhaus police site content? I'm pretty sure they primarily go after folks sending out spam email, not after websites containing spammy pages.


They also go after places that enable spammers - such as when they blocked Google Docs [1]

http://news.softpedia.com/news/Spamhaus-We-Blocked-Google-Do...


They added Google Doc ip addresses to their RBL, so that SMTP traffic from those IPs would be blocked by those who chose to run Spamhaus' blacklist.


They do list spamvertised domains. It is incredibly irresponsible to yank a domain on that basis alone. Bluehost is at fault here.


Of course, you could just go to Spamhaus itself and attempt to remove your domain from the DBL: http://www.spamhaus.org/lookup.lasso?dnsbl=domain

It could be your registrar is just running an automated process based upon that.


No one besides the particularly clueless should use spamhaus and similar services as a black or white answer on whether to block, as they don't care about friendly fire and are run by neckbeards.

Spamhas should be used as part of a body of evidence, like in spamassassin scores.


Spamhaus normally collect evidence of abusive activity on their site. Look there first at the accumulated evidence. I'd have a look myself, but I don't know who you are, what domain you are using, what domain is being used to spamvertise. Perhaps you can post the spamhaus evidence file and we can take a look?

Also, Spamhaus makes recommendations. Third parties use their lists to filter spam. It sounds unusual for a Spamhaus listing to result in a domain name shutdown, unless the DNS provider did that based on a listing. So this is not really Spamhaus' mistake (if indeed their evidence listing shows a history of hosting spamvertised websites - then there is no mistake on the listing. You could be listed either because your site/host/network has a solid history of not dealing with spam/abuse reports quickly, or because a big spam operator has landed on using your services. Are you sure it was just one site (and just advertising a free ipad)?)

Yes, I understand you run a facebook static html tab content site. But that isn't a million miles away from bog standard cheap/free hosting solutions that form the bulk of spamvertised websites. Might be worth investing some time looking at the parallels and how good cheap webhosts approach dealing with spamvertised websites and spammers.

So I'd suggest finding the evidence file, dealing with the problem(s) listed, then contacting Spamhaus with details of what you've done, and what's in place to reduce future abusive activity (if it's more than one site offering a free ipad). Then do something about your web hosting solution - that seems like a very weak link - either build up a better relationship with them, or move.


"is there any possible way to not get randomly nuked by Spamhaus?"

As any email administrator will tell you, "no". The best you can do is take measures to prevent abuse coming from your domain name/IP, but bad things still do happen. You are still at the mercy of spamhaus (and other rbl providers).


If my host did that then reversed the decision I would still be moving out of there as fast as possible.

There's absolutely no reason to be giving second chances to online services with so much competition about, on what is, essentially, a commodity.


Boycott Bluehost?


No need for a boycott. If they're so unreliable, customers will move away themselves.


I'm up for renewal in february with them, could you suggest a better host?


I use linode but I was happy with slicehost before also. Granted I've never run popular apps/websites on these so I am not sure how they'd treat abuse complaints.


ServerBeach / Peer1. Find a hosting company that charges enough to have a real rep to talk to. Talk to that rep, explain what you're doing and get acceptance that this complies with their TOS in writing. The rep will get you this because they want commission. When someone asks you for hosting let your rep know, you'll get commission too, and your rep will love you and go to bat for you against stupid AUP violations and you'll have it in writing that your activities are acceptable.


I'm a fan of Lost Signal, I've got a single dedicated server box with them right now. It's a small operation but very hands on. https://lostsignalweb.com/services/shared


I used to use bluehost until their gradually declining level of service was just too much. I switched to dreamhost and have been happy ever since. Highly recommended.


As a fellow Facebook tab provider (My Tab) I feel your pain. I'm concerned about how SOPA and ProtectIP will impact this class of service as it would be impossible to police all content added via tools like ours. It's already been said, but you can run your own DNS or even contract for DNS services from a wide variety of places. I would move your name and SSL certificates to a trusted registrar ASAP. Glad you were at least able to work around the issue by pointing directly to the app.


"is there any possible way to not get randomly nuked by Spamhaus?"

Get the list (like the level1) of "evil" corporations/governments ip ranges and show a picture of a pink elephant to them instead of your real content.


For the next time, have your blog at blog.example.com, and point it to another hosting provider different than the one for example.com. That way at least you prevent the blog from going down.


Doesn't work if the person pulling the site down is the registrar, and they do it by hijacking your DNS. Your pointer to the other host goes away too.


So do we just invoke "SOPA" for any little hiccup now? Spam blacklists are not exactly a new issue on the Internet.


Can we get your app name, and a link to the spamhaus listing? It'd be nice to hear the other side of the story.


I cannot ever recall seeing a more misleading and manipulative posting attempting to garner undeserved sympathy by falsely trying to associate one's case with bad legislation. This has nothing to do with SOPA, it is not remotely related to anything SOPA, and at worst, these kinds of false analogies only serve to weaken the case against the very real harm that SOPA will do.

Spamhaus are not the villains here. First of all, you make the absurd complaint that Spamhaus "blacklisted" your domain. That is a lie. Spamhaus runs an SMTP blacklist of ip addresses that some other SMTP providers use, not all. There is no way for Spamhaus to blacklist anyone's domain.

So what actually happened? Spamhaus detected a spammer website hosted on your company's ip addresses, and they did the responsible thing. They reported the spam website to the ISP hosting it.

As for your claim that Bluehost shut off the DNS, why aren't you ringing up Bluehost to demand that they restore it? You might find that a better use of your time than making these absurd allegations and trying to win sympathy by making comparisons to SOPA where none exist.


The point here is the removal of due process. His DNS was shut off by Bluehost without any warning -- in this case there was actually abuse, but what if it were a false positive?


Unsure why you are being down voted - think you are 100% right.


Use a reputable host, you may have to pay more than a few dollars a month. I've dealt with numerous spamhaus complaints, they generally result from idiotic users who send messages to spamhaus instead of clicking unsubscribe. If you spend an hour creating a really detailed form letter response it makes the AUP tickets go away quickly. When I sign up for hosting I detail exactly what we do and pay appropriately, most 'cheap' hosting places exist solely to pick up the remainder of the months service fee from a dubious spam complaint. If you spend $100 - $200 per month it's pretty easy to find a hosting provider that will let you run a single opt-in list, especially if you detail this up front in writing and refer to this in your response to any spam complaints. Web marketing shouldn't be a problem for any real hosting provider, unless you have extremely dynamic load I'm not sure why you'd bother with heroku. It's only a couple hours work to setup your own infrastructure. A quad-core server for $130 a month will run circles around what heroku provides for $130 per month.


Is this your problem? Seems you do have a spammer plastering crap on facebook.

<body> <form name="redirect_form" action="https://statichtmlapp.heroku.com/tab/1/show method="post"> <input type='hidden' name='signed_request' value='fJSfey7ELpgNY4r3gZFT5DyXp0MoW4TF2DsNQWwcoTY.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTMyNTM1ODI1NywicGFnZSI6eyJpZCI6IjI4MjczNjc1ODQxMjg4MCIsImxpa2VkIjpmYWxzZSwiYWRtaW4iOmZhbHNlfSwidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19' ></input> </form>


Would you mid deleting (or editing) this comment? You're breaking the page.


Not sure how, can't find an edit or delete button. (except for this reply, it has both. But the higher level one does not)


You mean this crap being shot all over folks comments?

https://www.facebook.com/FreeiPAdd2

action="https://statichtmlapp.heroku.com/tab/1/show method="post"

value='fJSfey7ELpgNY4r3gZFT5DyXp0MoW4TF2DsNQWwcoTY.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTMyNTM1ODI1NywicGFnZSI6eyJpZCI6IjI4MjczNjc1ODQxMjg4MCIsImxpa2VkIjpmYWxzZSwiYWRtaW4iOmZhbHNlfSwidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19'


Would you mid deleting (or editing) this comment? You're breaking the page.


www. facebook. com/ FreeiPAdd2

Like that spam site being plastered all over the place?


First suggestion: get an ip address people can remember. Not very practical I know, but I guess that is the only way to get by without DNS at the moment.

Also: you've emailed your customers the new address yes? Even if it is only temporary? Maybe buy a new domain and point them towards that:"Please use [FINGSOPA].com while we get everything back to normal."




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: