Spamhaus: Keep That List Clean!

James Koons

During a recent ESPC call, I had the chance to speak with Alan Murphy, an investigator with The Spamhaus Project.  Among other topics, Alan discussed the importance of list hygiene, especially when sending transactional messages.  He pointed out that recently many bloggers wrote about The Spamhaus Project’s “new” spamtraps, which were targeting transactional messages.  Alan assured coalition members that The Spamhaus Project did not suddenly begin to “target” transactional mail.  In fact, he explained that they use several types of spam traps, including typo domains (typographical errors made by users when inputting their email address) as a data source, something they have been doing for over 10 years.  Alan indicated an increase in email address collection errors with address often being incorrectly entered.

In addition, he told us that change is constant at Spamhaus, and in fact several things had changed in late December of last year.  Some of these changes included more cross-referencing among their many spamtraps, improved communication among their maintainers, and a more in-depth machine analysis of spam headers.  Alan referenced the following case study, once again emphasizing the importance of list hygiene:

In this example, a domain expired in early to mid-2010, was re-registered by Spamhaus, and was placed in timeout for more than two years.  (Most new spamtrap domains are placed in timeout for at least six months, and many for year or more, before being put into production as a spamtrap.  While email is properly rejected during that aging process, data can still be collected before the SMTP rejection, hence the Subject history during that period.)  This spamtrap was configured to reject all email from this particular source, but the sender, after two years, still did not realize that the original recipient was not receiving their messages.

2011/01/15 Your receipt #{deleted}
2011/01/15 Your receipt #{deleted}
2011/01/17 Your receipt #{deleted}
2011/02/11 Your receipt #{deleted}
2011/02/15 Your receipt #{deleted}
2011/02/26 Your receipt #{deleted}
2011/03/10 Your receipt #{deleted}
2011/03/28 Your receipt #{deleted}
2011/03/28 Your receipt #{deleted}

2012/10/12 Your receipt No.{deleted}
2012/10/30 Your receipt No.{deleted}
2012/11/07 Your receipt No.{deleted}
2012/11/14 Your receipt No.{deleted}
2012/12/14 Your receipt No.{deleted}
2012/12/16 Your receipt No.{deleted}
2012/12/24 Your receipt No.{deleted}
2013/01/11 Your receipt No.{deleted}
2013/01/14 Your receipt No.{deleted}
2013/01/18 Your receipt No.{deleted}

In this example it is painfully obvious that this sender is not looking at their bounce logs.  They are also not performing any sort of list hygiene, as the messages were rejected in the SMTP conversation.  This case illustrates the problems caused when senders of transactional and bulk email ignore SMTP rejections.  The ongoing flow of presumably unintended bulk email from unattended mail systems operated by well-intentioned but careless senders is considered spam.

Alan concluded the call by reminding ESPC members that the mission of The Spamhaus Project is to keep unsolicited bulk email out of their users’ inbox.  Spamhaus is continually making adjustments in the data available for SBL listings and in how they handle the data.  Sometimes, as in the case above, those adjustments identify other spam problems.  List owners should be aware of hygiene issues, pay attention to bounce messages and proactively remove potentially incorrect addresses to keep themselves off of blacklists.