Politics of Zealous Blacklisters
I think that blacklists are a very important aspect of network security organizations. In fact, router blacklists may be considered one of the first lines of defense. But some organizations are a bit zealous in their blacklisting and are swollen with their own self-importance. And once blacklisting groups begin to wander into punditry on what is legal on the internet, the likelihood of lawsuits by phishers, or believe they are important enough to call domain registries onto the carpet for not playing nice, it may be time to find a new blacklisting organization.
Thanks to SANS, we have a pointer to SpamHaus’ tirade against nic.at.
spamhaus.org put the IP range of the Austrian domain registry (nic.at) on their Spamhaus Block List, even though they did not send spam messages. By doing that, they wanted to force nic.at to remove specific .at domains, whose subdomains reportedly host phishing sites. However nic.at did not comply as they claimed it would violate their general terms and conditions and it would also breach Austrian jurisdiction.
During the next few days different allegations occurred: It was claimed the subdomains where hacked (so the registration itself was all right) and nic.at referred spamhaus.org to the specific hosts’ and registrar as the specific problem was located there. The number of offending pages varies from 15 to hundreds , depending who (and also when) you asked. nic.at changed IP addresses only to be blocked a few hours later again. spamhaus.org refused to comment on its actions, making some issues even more confusing.
On the 21st spamhaus.org stopped the blocking (only listing nic.at as supporter to “name and shame”, still existing today), as they reported all offending pages are gone. nic.at countered that they did not remove a single domain, but the specific hosts’ finally reacted (to who they had referred spamhaus.org right from the start).
Now the Internet Service Provider Austria [ISPA] is warning its members against spamhaus.org because of their “overreaction”.
SpamHaus’ account of the issue is here, including their admission that the blacklisting was a “name and shame” publicity stunt. To their credit, SpamHaus tried very hard to solve the issue of nic.at’s lack of response by sending agents to the registrar’s offices to speak with representatives. But when that wasn’t enough, SpamHaus blacklisted a single non-operational IP address of the Nic itself.
Naming and shaming does indeed work. But you don’t want to use a working blacklist to do this, especially when so many government and private industries use that blacklist for keeping their infrastructure secure. If you want to name and shame, get a blog.