Judge orders Spamhaus.org To Pay $11.7 Million In Damage [sic]
It was sent to the abuse role account for my personal domain, and the From and Reply-To address were set to one belonging to Steve Linford of Spamhaus, the UK-based anti-spam organisation. I don't usually hear from Steve and reading the message further revelead some rather unhinged stuff such as:
This ruling confirms e360insight's position that Spamhaus.org is a fanatical, vigilante organization that operates in the United States with blatant disregard for U.S. law. In addition, e360insight has proven that Spamhaus routinely exposes their customers and volunteers to extreme legal risk by continuing to engage in illegal blacklisting, defamation, extortion and blackmail in the name of fighting spam.
Checking the headers showed that the message was bogus. It was sent through EV1servers.net, and the Steve's email address had been forged into the headers.
Checking the Spamhaus website showed me what's going on:
A ROKSO-listed spammer (William L. Stanley) is spamming a large amount of Internet Service Providers' abuse and support desks with spams giving notice of an invalid Illinois (U.S.) court ruling and legal threats to Internet Service Providers that they "will be next" if they block spam from Spamhaus-listed spammers.
If you have received such spam with threats to your company or network, please do not respond to it. The spammer has additionally set the 'reply-to' address to a spamhaus.org address to pretend the spam is sent by Spamhaus.
An Illinois court without jurisdiction has indeed entered a no-defence default ruling against Spamhaus. The default ruling is invalid and in no way affects Spamhaus.
The background to the Illinois court case is here and the relevant Register of Known Spam Operations (ROKSO) record here.
Kind of drives home the point what scum spammers are, doesn't it?
If you get one of these, complain to the ISPs where the spam originated from, not Spamhaus.
Update I am told that forging the email address like this is a federal offence in the US, under the CAN-SPAM act.
Other related posts:
Video: Kim Dotcom and Mathias Ortman at the IITP Mega breakfast
Two-factor authentication broken
The problem with naming and shaming
comments powered by Disqus