Spamhaus Nightmare: Domain Shut Down, No Notice, Over A Million Pages Down

The Spamhaus people are bad guys. I gradually realized that during the time I worked on spam filters. They presumably started out with good intentions, but the position they're in has corrupted them.<p>It's true of a lot of the guys running blacklists. And more generally, of a lot of people in the position of police. You tend to become a mirror of whatever bad guys you're fighting. Your tactics have to match theirs, and pretty soon your principles start to as well. I suspect this tendency is so universal that you have to make a conscious effort to avoid it.

My recommendation would be to run your own DNS on your own IP addresses. Even with the IP shortage, you should be able to get a small block delegated to you that you can use for your mission critical apps. Once you've got that arranged for, its a fairly trivial task to find a registrar with policies more complimentary to your business.<p>If its mission critical for your business, then you can't afford to think like a victim. Take charge of your infrastructure where you have to. Relying on third parties is lean, but not always effective - a small amount of fat in the right areas can give you a lot of flexibility (and insurance) that you might not get when you rely on a third party.

"is there any possible way to not get randomly nuked by Spamhaus?"<p>I guess the first step is to set up better monitoring services to prevent your system from being abused by even one bad apple. Try to catch the abuse as quick as possible so you won't raise red flags.<p>Additionally you should possibly work on segmenting out your customers. If your paying customers are important to you, use a different system for them. If this has the possibility of happening again you don't want to hurt those customers from a similar thing happening again.

While I'm sorry this happened to you, and I'm as anti-SOPA as anyone (have called my congress(wo)man, called Boehner and Canter when it looked like they were going to sneak the vote through last week), this has nothing to do with SOPA, and trying to invoke the name for something that you should've been better prepared for is kind of a discredit to the cause.

Unfortunately there's no guarantee that anyone would escape Spamhaus' "love" - they and other RBLs do more damage than spammers, in my opinion. The real WTF in this story is Bluehost's reaction: shutting down DNS on one notice from Spamhaus, really!?

So its time to add Bluehost to the list of companies too unreliable to do business with.

<i>Overnight, our domain was blacklisted by Spamhaus. Nothing we could have done to stop it. Because of ONE bad apple.</i><p>Because of major internet infrastructure run at whim by 3rd party blacklists, you mean.<p><i>is there any possible way to not get randomly nuked by Spamhaus?</i><p>Spamhaus <i>and every service like them</i>.

&#62;Bluehost I'd sue them for damages. WTF do they delete your domain from their name server?! Get a more reliable registrar/name server. Spamhaus or similar black listers can always accidentially list you. Go to their site and remove your domain. No sane person/comapny should immediately assume anything but a accidential listing.

Have you tried using Spamhaus's Blocklist Removal? <a href="http://www.spamhaus.org/lookup.lasso" rel="nofollow">http://www.spamhaus.org/lookup.lasso</a>

This doesn't sound right. Since when does Spamhaus police site content? I'm pretty sure they primarily go after folks sending out spam email, not after websites containing spammy pages.

Of course, you could just go to Spamhaus itself and attempt to remove your domain from the DBL: <a href="http://www.spamhaus.org/lookup.lasso?dnsbl=domain" rel="nofollow">http://www.spamhaus.org/lookup.lasso?dnsbl=domain</a><p>It could be your registrar is just running an automated process based upon that.

No one besides the particularly clueless should use spamhaus and similar services as a black or white answer on whether to block, as they don't care about friendly fire and are run by neckbeards.<p>Spamhas should be used as part of a body of evidence, like in spamassassin scores.

Spamhaus normally collect evidence of abusive activity on their site. Look there first at the accumulated evidence. I'd have a look myself, but I don't know who you are, what domain you are using, what domain is being used to spamvertise. Perhaps you can post the spamhaus evidence file and we can take a look?<p>Also, Spamhaus makes recommendations. Third parties use their lists to filter spam. It sounds unusual for a Spamhaus listing to result in a domain name shutdown, unless the DNS provider did that based on a listing. So this is not really Spamhaus' mistake (if indeed their evidence listing shows a history of hosting spamvertised websites - then there is no mistake on the listing. You could be listed either because your site/host/network has a solid history of not dealing with spam/abuse reports quickly, or because a big spam operator has landed on using your services. Are you sure it was just one site (and just advertising a free ipad)?)<p>Yes, I understand you run a facebook static html tab content site. But that isn't a million miles away from bog standard cheap/free hosting solutions that form the bulk of spamvertised websites. Might be worth investing some time looking at the parallels and how good cheap webhosts approach dealing with spamvertised websites and spammers.<p>So I'd suggest finding the evidence file, dealing with the problem(s) listed, then contacting Spamhaus with details of what you've done, and what's in place to reduce future abusive activity (if it's more than one site offering a free ipad). Then do something about your web hosting solution - that seems like a very weak link - either build up a better relationship with them, or move.

"is there any possible way to not get randomly nuked by Spamhaus?"<p>As any email administrator will tell you, "no". The best you can do is take measures to prevent abuse coming from your domain name/IP, but bad things still do happen. You are still at the mercy of spamhaus (and other rbl providers).

If my host did that then reversed the decision I would still be moving out of there as fast as possible.<p>There's absolutely no reason to be giving second chances to online services with so much competition about, on what is, essentially, a commodity.

Boycott Bluehost?

As a fellow Facebook tab provider (My Tab) I feel your pain. I'm concerned about how SOPA and ProtectIP will impact this class of service as it would be impossible to police all content added via tools like ours. It's already been said, but you can run your own DNS or even contract for DNS services from a wide variety of places. I would move your name and SSL certificates to a trusted registrar ASAP. Glad you were at least able to work around the issue by pointing directly to the app.

"is there any possible way to not get randomly nuked by Spamhaus?"<p>Get the list (like the level1) of "evil" corporations/governments ip ranges and show a picture of a pink elephant to them instead of your real content.

For the next time, have your blog at blog.example.com, and point it to another hosting provider different than the one for example.com. That way at least you prevent the blog from going down.

So do we just invoke "SOPA" for any little hiccup now? Spam blacklists are not exactly a new issue on the Internet.

Can we get your app name, and a link to the spamhaus listing? It'd be nice to hear the other side of the story.

I cannot ever recall seeing a more misleading and manipulative posting attempting to garner undeserved sympathy by falsely trying to associate one's case with bad legislation. This has nothing to do with SOPA, it is not remotely related to anything SOPA, and at worst, these kinds of false analogies only serve to weaken the case against the very real harm that SOPA will do.<p>Spamhaus are not the villains here. First of all, you make the absurd complaint that Spamhaus "blacklisted" your domain. That is a lie. Spamhaus runs an SMTP blacklist of ip addresses that some other SMTP providers use, not all. There is no way for Spamhaus to blacklist anyone's domain.<p>So what actually happened? Spamhaus detected a spammer website hosted on your company's ip addresses, and they did the responsible thing. They reported the spam website to the ISP hosting it.<p>As for your claim that Bluehost shut off the DNS, why aren't you ringing up Bluehost to demand that they restore it? You might find that a better use of your time than making these absurd allegations and trying to win sympathy by making comparisons to SOPA where none exist.

Use a reputable host, you may have to pay more than a few dollars a month. I've dealt with numerous spamhaus complaints, they generally result from idiotic users who send messages to spamhaus instead of clicking unsubscribe. If you spend an hour creating a really detailed form letter response it makes the AUP tickets go away quickly. When I sign up for hosting I detail exactly what we do and pay appropriately, most 'cheap' hosting places exist solely to pick up the remainder of the months service fee from a dubious spam complaint. If you spend $100 - $200 per month it's pretty easy to find a hosting provider that will let you run a single opt-in list, especially if you detail this up front in writing and refer to this in your response to any spam complaints. Web marketing shouldn't be a problem for any real hosting provider, unless you have extremely dynamic load I'm not sure why you'd bother with heroku. It's only a couple hours work to setup your own infrastructure. A quad-core server for $130 a month will run circles around what heroku provides for $130 per month.

Is this your problem? Seems you do have a spammer plastering crap on facebook.<p>&#60;body&#62; &#60;form name="redirect_form" action="<a href="https://statichtmlapp.heroku.com/tab/1/show" rel="nofollow">https://statichtmlapp.heroku.com/tab/1/show</a> method="post"&#62; &#60;input type='hidden' name='signed_request' value='fJSfey7ELpgNY4r3gZFT5DyXp0MoW4TF2DsNQWwcoTY.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTMyNTM1ODI1NywicGFnZSI6eyJpZCI6IjI4MjczNjc1ODQxMjg4MCIsImxpa2VkIjpmYWxzZSwiYWRtaW4iOmZhbHNlfSwidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19' &#62;&#60;/input&#62; &#60;/form&#62;

You mean this crap being shot all over folks comments?<p><a href="https://www.facebook.com/FreeiPAdd2" rel="nofollow">https://www.facebook.com/FreeiPAdd2</a><p>action="<a href="https://statichtmlapp.heroku.com/tab/1/show" rel="nofollow">https://statichtmlapp.heroku.com/tab/1/show</a> method="post"<p>value='fJSfey7ELpgNY4r3gZFT5DyXp0MoW4TF2DsNQWwcoTY.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTMyNTM1ODI1NywicGFnZSI6eyJpZCI6IjI4MjczNjc1ODQxMjg4MCIsImxpa2VkIjpmYWxzZSwiYWRtaW4iOmZhbHNlfSwidXNlciI6eyJjb3VudHJ5IjoidXMiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19'

www. facebook. com/ FreeiPAdd2<p>Like that spam site being plastered all over the place?

First suggestion: get an ip address people can remember. Not very practical I know, but I guess that is the only way to get by without DNS at the moment.<p>Also: you've emailed your customers the new address yes? Even if it is only temporary? Maybe buy a new domain and point them towards that:"Please use [FINGSOPA].com while we get everything back to normal."