[anti-abuse-wg] New Abuse Information on RIPE NCC Website

As I'm about to shout "disclosure" at someone, I better mention that I'm affiliated with Spamhaus. I have no input / control / influence whatsoever on the listings side of things but I do work for a Spamhaus entity.

On 26 Jun 2013, at 13:44, Wilfried Woeber <Woeber at CC.UniVie.ac.at> wrote:

> Erik Bais wrote:
> [...]
>> For those that want to read up on what actually happened on that specific
>> incident in Latvia (July/August 2010), have a read on the following open
>> letter from CERT.lv
>> 
>> https://cert.lv/uploads/uploads/OpenLetter.pdf 

This snippet brought to us by Erik Bais.

Is this the same Erik Bais who filed a complaint with the Dutch police against Spamhaus in October 2011 <http://www.theregister.co.uk/2011/10/13/dutch_isp_accuses_spamhaus/>?

The MD of A2B who was providing connectivity to "German ISP Cyberbunker, aka CB3ROB"?

With CyberBunker being heavily implicated in the recent DDoS attack against Spamhaus. Heavily in as much as "Sven Olaf Kamphuis, a vocal spokesman for CyberBunker, was arrested at the request of Dutch authorities near Barcelona by Spanish Police after collaboration through Eurojust" <http://en.wikipedia.org/wiki/CyberBunker>.

Sir, I question your motives for bringing this up.

> And this actually wasn't the only or the first "incident" with Spamhaus.
> They also tried similer *piep*^Wbullying against NIC.at before.
> 
> Which actually has discredited Spamhaus in my personal opinion for sure,
> for knowingly disregarding local law, but that's slightly OT here - but
> maybe not...

Spamhaus is an organisation which publishes reputation datasets for users to do with as they wish. Many users wish to block inbound email based on Spamhaus' datasets. That's Spamhaus' users' prerogative. No pressure is exerted to use the lists.

There are no fees charged for the removal of an entity from a Spamhaus blocklist – the problem which initiated the listing simply needs to have been resolved.

The Spamhaus datasets consist of reputation lists – which is to say an entity's (Spamhaus') opinion as to the reputation of certain properties (IPs and domains). Third party, independent reports are used in any number of different industries to help organisations arrive at best possible decisions. In what way is this significantly different?

Extortion or bullying is not being applied. Laws are not being broken – whatever spin people may try to put on this.

Spamhaus' reputation lists have been published for over a decade now. Over that time some traction has built up to the point that slightly shy of two billion email accounts are protected (directly, indirectly or via derivative products) by the Spamhaus datasets. Such longevity and market acceptance has not been forced on anyone. Spamhaus simply does a damn good job and has done so for many years.

Simon