Folks,
I'm looking for comments / suggestions / opinions from any providers that have been contacted by spamhaus about excessive queries originating from their DNS resolvers, typically, as a proxy for customers. I know that certain large DNS providers (i.e. google and level3) have either been banned or have voluntarily blocked spamhaus queries by their resolvers. We're currently in discussion with spamhaus and I wanted to see how others may have handled this.
Thanks!
--Lou
I believe you can pay them a small fee and do a zone transfer so you are not hitting their name servers.
If you see value in the service, it should be worth the small fee. And since you are hitting them a lot, I have a feeling that you see value in the service.
Yes, at under 12 cents per user per *year* it's definitely worthwhile in
my personal opinion... I know several providers who have taken their
commercial service either because they wanted an SLA or because they
were contacted by Spamhaus because of their traffic levels.... that
price is rough and totally depends on how many email accounts you've
got....
-p
When we licensed Spamhaus a few years back, they required us to set-up a DNS slave server instead of querying against their public server. They had a special DNS client that allowed partial zone updates. Turns out we downloaded huge hourly updates.
We no longer use Spamhaus, relying instead upon Sender Base Reputation Scores (IronPort).
matthew black
e-mail postmaster
california state university, long beach
When we licensed Spamhaus a few years back, they required us to
set-up a DNS slave server instead of querying against their public
server. They had a special DNS client that allowed partial zone
updates. Turns out we downloaded huge hourly updates.
They now give you the choice of rsync or queries to non-public
servers. Unless you have a humungous mail system, queries are cheaper
and certainly less hassle.
We no longer use Spamhaus, relying instead upon Sender Base Reputation
Scores (IronPort).
How does the price compare?
R's,
John
Assuming you're already running a local caching server for your mail system...
Based on the spamhaus fee structure (# of e-mail accounts), our policy is to allow spamhaus to block queries from our public resolvers if they choose. The spamhaus folks certainly deserve compensation for their efforts, so customers that need such volume should do so from their own IP and pay a fee. While I believe it might be mutually beneficial for spamhaus to offer some sort of a recursive DNS provider/ISP fee structure, I can see where enforcement would be a problem. The resolution of that particular problem belongs to spamhaus and their individual users/customers.
/Jason
Laczo, Louis wrote:
Folks,
I'm looking for comments / suggestions / opinions from any providers that have been contacted by spamhaus about excessive queries originating from their DNS resolvers, typically, as a proxy for customers. I know that certain large DNS providers (i.e. google and level3) have either been banned or have voluntarily blocked spamhaus queries by their resolvers. We're currently in discussion with spamhaus and I wanted to see how others may have handled this.
They seem to be doing that a lot of late. They also contacted my
employer and demanded $100k/yr(?) for having a "Use Spamhaus RBL" in our
software. Next version will not have the ability to query Spamhaus
unless a user configures it themselves in the "Custom RBL" settings.
Michelle
? = could have been more, not sure without checking with the CEO, result
was the same.
Price comparisons would be difficult; with Ironport (Cisco now) you get hardware to go along with the service.
We received such a message from a Spamhaus Datafeed reseller
and eventually had our DNS servers blocked. What angered me was
that I analyzed our usage, and we were well below the thresholds
and met the TOS published at the Spamhaus website for no-cost use.
However, they said we had to subscribe to the Datafeed despite
that because we have a Barracuda appliance.
To me, it sounds like Barracuda customers are being singled
out in some conflict between Barracuda Networks and Spamhaus.
Spamhaus (via the reseller, MXTools) is leaning on Barracuda
customers hoping that they'll lean on Barracuda Networks so
that Barracuda Networks will do a deal at the corporate level
with Spamhaus.
Spamhaus does some good work, but being used as a pawn in
some conflict between vendors doesn't feel nice. And I want to
know how they figured out we had a Barracuda.
try using barracuda's own barbell(brbl) service..i don't know if it's built into your appliance. I have also found that greylisting(for me via postgrey) has done more than any rbl to nearly eliminate my spam.
Crist Clark wrote:
We received such a message from a Spamhaus Datafeed reseller
and eventually had our DNS servers blocked. What angered me was
that I analyzed our usage, and we were well below the thresholds
and met the TOS published at the Spamhaus website for no-cost use.
However, they said we had to subscribe to the Datafeed despite
that because we have a Barracuda appliance.
Well aside from I remember reading that they look for Barracuda
Appliances*, it does say on:
DNSBL Usage Terms - The Spamhaus Project
*Definition: "non-commercial use" is use for any purpose other than as
part or all of a product or service that is resold, or for use of which
a fee is charged. For example, using our DNSBLs in a commercial spam
filtering appliance that is then sold to others requires a data feed,
regardless of use volume. The same is true of commercial spam filtering
software and commercial spam filtering services.
And I want to know how they figured out we had a Barracuda.
* well have you considered that the Barracuda may be very specific in
it's IP stack, or they signature it produces in queries etc. Might have
a very specific open port for administration - and not forgetting that
if it's making queries very directly it's exposing it's IP address and
therefore can be tested very simply. Many different ways, and I bet I
could find out if I were to have a device to look at.
Michelle
I sympathise. It's very frustrating when you try to deal with these
anti-spam outfits in a reasonable way and you're met with almost completely
arbitrary b/s.
Nick
really? that happens? I'm shocked. Oh wait, you were being ironic!
-chris
Crist Clark wrote:
We received such a message from a Spamhaus Datafeed reseller
and eventually had our DNS servers blocked. What angered me was
that I analyzed our usage, and we were well below the thresholds
and met the TOS published at the Spamhaus website for no-cost use.
However, they said we had to subscribe to the Datafeed despite
that because we have a Barracuda appliance.
Well aside from I remember reading that they look for Barracuda
Appliances*, it does say on:
DNSBL Usage Terms - The Spamhaus Project*Definition: "non-commercial use" is use for any purpose other than as
part or all of a product or service that is resold, or for use of which
a fee is charged. For example, using our DNSBLs in a commercial spam
filtering appliance that is then sold to others requires a data feed,
regardless of use volume. The same is true of commercial spam filtering
software and commercial spam filtering services.
We do not fit into that. We are not selling an appliance or service
to others (the 'Cuda is for our internal corporate email only, not
customers). If we were still using my home-built SpamAssassin system,
it'd be OK to use Spamhaus. Now that we've purchased an appliance
and manually added a Spamhaus to the user-customizable DNSBL list
on it, it's not OK?
And I want to know how they figured out we had a Barracuda.
* well have you considered that the Barracuda may be very specific in
it's IP stack, or they signature it produces in queries etc. Might have
a very specific open port for administration - and not forgetting that
if it's making queries very directly it's exposing it's IP address and
therefore can be tested very simply. Many different ways, and I bet I
could find out if I were to have a device to look at.
I have considered that, but it would seem it must be some signature
in the queries. It does not query directly, but through our own
caching DNS servers (I won't name the DNS server software, but its
initials are B.I.N.D.).
Would appear to this uninformed ignoramus that Barracuda is using the
data for a commercial purpose and should be buying the feed.
It appears, therefore, that you have a beef with Barracuda.
Do they monitor this list, or is there a better way of contacting them?
According to the Spamhaus web site, Your mail volume is automatically
assumed to be very large, if you use a dedicated anti-spam
server/appliance of any type. It would appear that the logic is:
"everyone who has a low volume of mail MUST perform all spam
filtering on the mail server, and not have any separate machine
dedicated to spam filtering".
http://www.spamhaus.org/faq/answers.lasso?section=Datafeed%20FAQ#153
"
If your email volume is big enough that you need a Barracuda or
similar spam filter appliance, then you certainly CAN NOT use
Spamhaus's free public DNSBL servers.
"
Except that Baracuda appliances do not use the Spamhaus list, unless
the spam firewall admin manually makes a decision to add one of the
Spamhaus listss as a custom DNSBL. Baracuda _used_ to use Spamhaus
by default. They stopped using it by default in version 3.5.12,
in July of 2008.
http://www.barracudanetworks.com/ns/support/tech_alert.php
"The Barracuda Spam Firewall used to enable Spamhaus external block
lists by default when usage of those lists was free to all Internet
users. Now that Spamhaus is seeking license fees from some Internet
users, this change is being made to remove the previous default
settings"
If your mail volume is large enough that it made sense to shell out a grand to a few grand for a "spam firewall" and several hundred $ per year for updates, is it wrong for Spamhaus to want you to pay them too (if you want to use their data to improve your spam filtering)?
The yearly fee for small corporate query access (up to a few hundred users) is less than you'd pay for a year of updates on a "spam firewall".
Crist Clark wrote:
Crist Clark wrote:
We received such a message from a Spamhaus Datafeed reseller
and eventually had our DNS servers blocked. What angered me was
that I analyzed our usage, and we were well below the thresholds
and met the TOS published at the Spamhaus website for no-cost use.
However, they said we had to subscribe to the Datafeed despite
that because we have a Barracuda appliance.
Well aside from I remember reading that they look for Barracuda
Appliances*, it does say on:
DNSBL Usage Terms - The Spamhaus Project*Definition: "non-commercial use" is use for any purpose other than as
part or all of a product or service that is resold, or for use of which
a fee is charged. For example, using our DNSBLs in a commercial spam
filtering appliance that is then sold to others requires a data feed,
regardless of use volume. The same is true of commercial spam filtering
software and commercial spam filtering services.
We do not fit into that. We are not selling an appliance or service
to others (the 'Cuda is for our internal corporate email only, not
customers). If we were still using my home-built SpamAssassin system,
it'd be OK to use Spamhaus. Now that we've purchased an appliance
and manually added a Spamhaus to the user-customizable DNSBL list
on it, it's not OK?
To use a phrase that I use for myself on SORBS...
Their list their rules. If you don't like the rules, don't use the list.
They've stated you have an appliance and regardless of volume, you are
not 'non commercial' and have to pay a license. It's their list and
their license, so you cannot fault them for that no matter how much you
disagree with it.
Michelle
Michelle
Crist Clark wrote:
We do not fit into that. We are not selling an appliance or service
to others (the 'Cuda is for our internal corporate email only, not
customers). If we were still using my home-built SpamAssassin system,
it'd be OK to use Spamhaus. Now that we've purchased an appliance
and manually added a Spamhaus to the user-customizable DNSBL list
on it, it's not OK?
I knew I had read it somewhere...
The Spamhaus Project - Frequently Asked Questions (FAQ)
Quote:
If you do not have a current Spamhaus Datafeed subscription, then you
are abusing Spamhaus's public DNSBL servers. If your email volume is
big enough that you need a Barracuda or similar spam filter appliance,
then you certainly CAN NOT use Spamhaus's free public DNSBL servers.Contrary to what you may have been told by the nice appliance
salesman, Spamhaus does not have any agreement with Barracuda for the
use of Spamhaus DNSBLs with Barracuda appliances.Because Spamhaus's public DNSBL servers get heavily abused by
companies with spam filter appliances, mostly Barracuda appliances,
Spamhaus has implemented a control system on the public DNSBL servers
to flag and firewall such users and Barracuda appliances in particular.
Michelle