Another SBL Story

(I received this mail from a small ISP. The sender asked me to omit his name for fear of retribution.)

I manage a small ISP that for years utilized Spamhaus's SBL list. We have been in the ISP business since 1995 and thanks to this we managed to buy our IP netblock when they could be purchased, not leased like now.

We recently leased IPs off of our network to opt-in marketers. Later we found out these guys were some of the biggest spammers on the planet. (They were represented by a third party concealing their identity until the mailings started.)

The IP addresses they were operating from were removed from our network, swip'd to them and were routing though big name global network providers. As soon as we started receiving UCE complaints we began recovering the IPs back to our network. One of the clients managed to delay our attempts for a couple of months due to a poorly written lease arrangement and an old AUP policy. We could stop spammers inside our network but not when the IPs were hosted on someone else's network. At long last we did manage to get the lessee off the IP range and recover the IPs but the damage was done.

Now we have been labeled by Spamhaus as a "spam support service" though according to their own definitions this label does not apply. We won't even talk about the incorrect, borderline slander that was posted by Spamhaus regarding our company in its SBL entry. We have been blacklisted for what we have been led to believe is a six month period and are losing customers daily.

Spamhaus Spam Support Service Definition:
Services providing 'bullet-proof' hosting for spam service purposes, serving 'spamware' sites, or knowingly providing services for spam service purposes.
We did not provide any hosting services, we served no sites at all (spamware or otherwise), and we did not "knowingly" provide service for spam service purposes.

In reality when we found these guys were providing spam services, we alerted Spamhaus to the range it was coming from and reclaimed the IPs as quickly as possible. Barring any legal matters. What we got from Spamhaus in response to this was an upgraded blacklist entry that encompassed our entire netblock. All 16k IPs, not just the couple hundred the spam was coming from. Their response, "When an ISP contacts us about a spam source we just go ahead and blacklist all of the IPs the ISP owns/leases."

According to their De-listing policy:
IPs are removed immediately from the SBL upon receipt of notification from the IP owner (Internet Service Provider) that the spamming activity has been terminated.
RIGHT!

Our ISP is celebrating 10 years in business serving our local market. We have never allowed spam from our network and will not. We have adopted Spamhaus's AUP in good faith as it covers any issues and ISP could find itself dealing with. We alerted Spamhaus to this and a few other things and basically what we got back from them was this: we believe that for the right money the owner of the IPs would lease them out again, but if you keep yourself clean for 6 months we will release the block on your IPs.

Now it gets even better. After reclaiming all of our IPs back from their swip'd locations we took steps to lease IPs from our upstream so that Spamhaus could continue to block our IPs and our legitimate user mail could be delivered without blacklisting by Spamhaus. This worked great for about 3 weeks. Until we found that Spamhaus had blocked our upstream provider's IPs in relation to our blocked IPs. Once again, no spam has ever come from our servers, save occasional users with Virus/Trojan infected machines. So why did Spamhaus block these IPs? We don't know.

So we made arrangements to send our mail to a relay server, a closed relay server that only allows mail for relay from our mail server. Now the mail server that was allowing us to relay through them is blocked also.

So we continue to lose clients who have been with us for 10 years because one man has decided, in his opinion, that we are a spam support service.