Daily Payload
Home | News Archive | Search | Submit Story | Subscribe | Contact Us

Spamhaus Blocks Amazon's EC2 Cloud Service

October 15, 2009

Spamhaus, one of the world's largest spam-fighting organizations, has blocked Amazon's entire US-based EC2 cloud computing platform over the actions of what the organization believes to be the acts of a single spammer. The blacklisting has resulted in significant disruption to dozens, if not hundreds, of legitimate businesses that rely on the cloud platform in order to conduct business.

In blatant disregard for the businesses affected by its actions, Spamhaus CIO remarked, "Our policy for delisting is that the spam has to stop and our editors must be convinced it is unlikely to restart when the listing is removed." He went on to say that, since spam was originating from within Amazon's network, they had no choice but to block the entire Amazon address space.

While he had no evidence to support his claim, Cox went on to say that "this problem seems to be caused by one single abuser, who may well have found an exploit giving him or her access to resources in the cloud." The only reason Cox makes this assertion is that he has seen a number of different IP addresses used for spamming, apparently oblivious to the way in which cloud computing platforms work.

While nobody likes spam, the methods used by blacklisting organizations are to determine which addresses are sources of spam are usually crude and flawed. As an example, some organizations will employ "spam traps", which are email addresses specifically established to catch spam, and then list IP addresses that send email to those addresses. The problem is that there are no mechanisms in place to prevent third parties from pretending to be a valid user of those email addresses in most cases. As a result, companies that operate legitimate mailing lists often receive requests from these bogus addresses and then send a reply asking for confirmation to join a mailing list or send a rejection message to alert the sender that they must be a subscriber to send email to the lists. The result is that legitimate mail servers get blocked.

Some Amazon EC2 customer are blaming Amazon for not working with Spamhaus, though the root of the problem is, in fact, companies that blindly rely on the services of such spam-fighting organizations. The methods are flawed and there are much better methods companies can employ to reduce spam volume.

Perhaps this extreme example of an overzealous organization that has been the source of significant disruption in business is further evidence that new email technologies like DKIM must be implemented universally. Sadly, though the technology exists to virtually eliminate spam and to positively identify spammers by domain name, most domain operators have not adopted the technology. Perhaps this might help provoke change in the right direction.