The Spamhaus Project

Spamhaus: Bringing Clarity to a Sticky Subject

What is Spam, even?

Spam is the practice of filling up inboxes with junk emails. The name comes from a Monty Python sketch about a restaurant that has Spam (lunch meat) in almost every dish and where Vikings sing “Spam” over and over and over.

How does US law handle distasteful spam and spammers?

Via the CAN-SPAM Act, passed by the US Congress in 2003. The point of the Act was to create ground rules for email communications from businesses by establishing requirements for commercial messages, giving recipients the right to have a business stop emailing them, and spelling out the penalties for violations.

The CAN-SPAM Act sets the rules…

For “any electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service.” This includes emails promoting content on commercial websites and business-to-business emails. In other words, all emails from businesses – for example, a message to former customers announcing a new product line – must comply with the CAN-SPAM Act.

Spamhaus: Making its Own Rules

Spamhaus, as an international company that tracks email spammers and spam-related activity, freely ignores the United States CAN-SPAM Act. Their full explanation of how they define and manage spam is here, but essentially the deal is this:

What would be considered a legitimate marketing email under US law is considered spam by Spamhaus.

Spamhaus’s Standard? Confirmed Opt-In

Spamhaus bases their blocking of IP addresses on what they call confirmed opt-in, which basically means a recipient has to physically say yes to receiving emails from you. It sounds good–until you consider implications for legit businesses.

So – What is Spamhaus?

An international self-governing organization that operates in shadows and offers zero transparency or accountability. Here are some statements excerpted from their website:

ORGANIZATION ADDRESS

“Postal mail is held for weekly forwarding to the relevant Spamhaus team or person which is usually in a different country and therefore can take weeks to reach the intended team or person. Email is the sure and fastest way to communicate with Spamhaus…”

In other words… Their staff work in different countries. There are no real physical addresses and those that are published are merely forwarding addresses.

TELEPHONE

“The Spamhaus Project does not publish a telephone number. It is not possible to communicate with Spamhaus by telephone. The Spamhaus teams are located in many countries and different timezones, therefore email is the preferred method of contact.”

In other words… No phone number. No way of speaking to a person.

COMPANY STATUS

“The Spamhaus Project Ltd is a private non-profit company limited by guarantee. Registered in London, UK, Company No. 05303831.

As a non-profit organization, the company has no shareholders. All services provided by The Spamhaus Project Ltd are provided free of charge to the public. The Spamhaus Project Ltd does not have any commercial activity or conduct any business of any kind, does not sell any service or product, and does not enter into commercial contracts of any kind.”

“No commercial contracts.” Interesting, since Spamhaus Tech sells data feed subscription services to thousands of ISPs at hefty rates. Also, here is their CEO discussing their business model (c. 2004). And – there is a whole range of banners visible at the bottom of their website.

Coincidentally, Micfo signed up for their 10-day trial services back in 2013.

DIRECTORS

“Chief Executive Officer: Steve Linford

Information relating to other Spamhaus executives is kept confidential for security reasons. Further information is supplied to qualified government agencies on a need-to-know basis.”

In other words, no information is provided about the actual people behind Spamhaus. Spamhaus uses the alias Rob Schultz to communicate with virtually everyone.

One Could Ask:

  1. Why this allegedly respected and authoritative organization does not have an actual physical office?
  2. Why it’s impossible to speak with anyone within the organization?
  3. Why there are no phone numbers?
  4. Why are they making seemingly false statements about their business activity?
  5. What “security purposes” make information about their employees and executives confidential?
  6. Why is Spamhaus considered a legitimate operation?
  7. Why is Spamhaus’s authority never questioned?
  8. Why is Spamhaus asserting their authority to American companies when per their own argument in e360Insight vs. The Spamhaus Project the United States courts do not have jurisdiction over them? I have to believe that this sounds like a case of cherrypicking.
  9. Why hasn’t the US government opened a probe into Spamhaus and their activities?
  10. Why is it that companies like Spamhaus can operate in the shadows, without any transparency and accountability, use aliases, have no contact information for “security reasons,” yet when other companies attempt to engage in similar activities, they are labeled “fraudulent”?

For extra credit, let’s just consider this:

ARIN is a US organization governed by the laws of the United States. Spamhaus openly rejects the CAN-SPAM Act signed into bill by US Congress:

“ …The U.S. CAN-SPAM Act does indeed not ban the sending of Unsolicited Bulk Email, it merely outlaws the sending of Unsolicited Bulk Email with false or misleading sender information (and other specified conditions). The fact that sending Unsolicited Bulk Email, i.e: Spam, is not illegal in the U.S. or any particular country in no way overrides Spamhaus SBL Policy…

This is merely the byproduct of lack of oversight by organizations such as ARIN and Spamhaus. They appear to be able to cherry-pick when laws apply and when they don’t. (I wish this worked for parking tickets!) If ARIN and Spamhaus were governed and had proper oversight, their policy (and application) would have be consistent in every situation, and per the laws of the United States.

In upcoming posts I will be diving deep into the sticky details of this Spamhaus story to cover my experiences and evidence connected to their organization.

Please scroll down to the comments below and share your point of view on this fascinating situation. And again, thanks so much for your enthusiastic support! I don’t know how I could have made through all this without the love and support of my family and friends. This is the first step in our creating community around Helping Every Loving Parent (HELP) to spend time with their children. Every story is important.

Share
Leave a reply

Written by Amir Golestan

Newsletter

What to keep up with my story? Receive updates right in your inbox.

Follow Me

Follow me on Twitter and Instagram to stay informed.