Spamhaus blocking Austria's registrar

[neroux]

Seems Spamhaus cannot be considered anylonger as reliable source.

Previously Spamhaus.org complained about 15 .at domains to nic.at noting they have been used for phishing. nic.at informed spamhaus.org of the legal and technical issues involved, however Spamhaus still insists on the immediate deletion of the domains based on the indication of phishing.

nic.at cannot - according to the registry terms and conditions and Austrian jurisdiction - comply with this demand. Subsequently Spamhaus has listed nic.at without further ado on their email spam blacklist.

In their notice to registrars, nic.at makes it clear they in no way support spamming or phishing. Due to the legal situation they note their options are very limited, mainly because the contract is with the domain owner themselves. Additional services such as URLs or email addresses are part of the contract. In regards to phishing, the domain itself is not involved as a tangible infringement. Furthermore nic.at is not in the legal position to ultimately determine the purpose of phishing for a domain. For these reasons nic.at note they cannot meet the demand of domain deletion.

nic.at further notes they cannot and will not act as a court and cannot judge these cases. nic.at will not take on liability for any acts.

nic.at is currently investigating legal proceedings to ensure Spamhaus changes its mind. nic.at is also investigating several technical solutions to guarantee email delivery.

http://www.domainnews.com/registries/1320070620/nicat-domains-blacklisted-by-spamhaus

 

[labrocca]

I would rather trust spamhaus than .at registrar.

 

[neroux]

I would rather trust spamhaus than .at registrar.

Thats exactly the point, given this story Spamhaus cannot be trusted anylonger.

 

[Peter]

Thats exactly the point, given this story Spamhaus cannot be trusted anylonger.

I would 100% disagree with you there. This only seems to support spamhaus. What other course of action could be taken?

Would you think it right if they do not block these type of things?

It is a completely ridiculous scenario when the registry cannot take down the offending domain. Going by their TOS people can openly abuse their domains and have nothing done to them by the registry, they are free to continue carrying out such activities.

 

[neroux]

I would 100% disagree with you there. This only seems to support spamhaus. What other course of action could be taken?

Would you think it right if they do not block these type of things?

It is a completely ridiculous scenario when the registry cannot take down the offending domain. Going by their TOS people can openly abuse their domains and have nothing done to them by the registry, they are free to continue carrying out such activities.

Well, apart from the fact that the domains (the websites actually) in question were hacked to display the phising code without the owner's knowledge, the registry/registrar is simply the wrong contact to speak to.

The offending services in this case werent DNS but HTTP, hence the logical contact is the webhoster.

Furthermore, Spamhaus is providing lists with IP addresses where Spam and similar originated from. As this obviously hasnt been the case here, the action Spamhaus took qualifies as nothing else than blackmailing.

I am certainly not supporting phishing sites, but what Spamhaus did was not only rather childish and extremly unprofessional but they also lost all their credibility as reliable source of spamming IP addresses.

 

[Peter]

Well, apart from the fact that the domains (the websites actually) in question were hacked to display the phising code without the owner's knowledge, the registry/registrar is simply the wrong contact to speak to.

The offending services in this case werent DNS but HTTP, hence the logical contact is the webhoster.

Nowhere in that article does it state that the domains were hacked so how do you come about that conclusion.

Regardless of that fact what difference would it make? if for example the site was hacked and housed child pornography or some other illicit material would it still be ok for the registry not to act?

It is not up to spamhaus to resolve the situation, they get paid to help block spam etc, they will do what they see as the best solution to do this.

Furthermore, Spamhaus is providing lists with IP addresses where Spam and similar originated from. As this obviously hasnt been the case here, the action Spamhaus took qualifies as nothing else than blackmailing.

What makes you think spam was not an issue? how do you think they get people to these phishing sites?

 

[Mike]

...and how do you think that nic.at is going to elevate themselves over applicable laws? I don't believe that any registrar in any civilized nation is condoning spam/phishing, .at is not going to be the exception. However, at the same time, i fully trust nic.at's statement that their hands are legally bound until further investigation and that Spamhouses' banning was definitely premature.

It would be interesting to know how far Spamhouse has done their homework to inform themselves about the applicable laws or if they drew their proverbial guns and fired before firing. Excerpt from the article:

Spamhaus still insists on the immediate deletion of the domains based on the indication of phishing.

Now, i'm not an attorney, but since when is the word "indication" associated with "solid proof"?

I agree with the fact that nic.at may need to overhaul their agreements, however, when you look at European/Austrian laws, that's a bit easier said then done.

IB

 

[Peter]

...and how do you think that nic.at is going to elevate themselves over applicable laws? I don't believe that any registrar in any civilized nation is condoning spam/phishing, .at is not going to be the exception. However, at the same time, i fully trust nic.at's statement that their hands are legally bound until further investigation and that Spamhouses' banning was definitely premature.

I do agree that of course nic.at cannot elevate themselves and take action above the law obviously.

If it is the case that they do not have the power to delete/suspend a domain that has been found to be a phishing/spam domain then the said laws need to be looked at.

However I do not think it right that spamhaus should wait for bureaucracy to catch up and allow such site to continue operating without being flagged for what they are. If they feel that these site are carrying out such activities then they SHOULD take action.

I take your point about the wording of the article but that does not necessarily indicate the actual wording spamhaus used. The wordings of that document are of David Goldstein and him alone, he does not show quotes and the link he gives for spamhaus is invalid. I would think spamhaus have very good evidence to suggest that these sites are doing as has been reported.

 

[neroux]

Regardless of that fact what difference would it make? if for example the site was hacked and housed child pornography or some other illicit material would it still be ok for the registry not to act?

I am sorry, but you completely ignored my arguments. The point is the domain registry has a contract for the domain name, which didnt violate any law however (trademark, third party rights, ....). The actual problem was the content of the one of the services (HTTP to be exact). Hence the webhoster is the only and logical contact.

It is not up to spamhaus to resolve the situation, they get paid to help block spam etc, they will do what they see as the best solution to do this.

What makes you think spam was not an issue? how do you think they get people to these phishing sites?

Sorry, but do you actually know what this issue is about?

Spamhaus did not block the domains in question (which wouldnt have had any effect anyhow in this case) but listed the registry who wasnt involved at all. This qualifies as blackmailing.

 

[Peter]

I am sorry, but you completely ignored my arguments. The point is the domain registry has a contract for the domain name, which didnt violate any law however (trademark, third party rights, ....). The actual problem was the content of the one of the services (HTTP to be exact). Hence the webhoster is the only and logical contact.

Actually I missed that bit in your previous post I was commenting on the fact you stated that the domains were hacked but that seem to be 100% based on guess work as nothing in the article suggests this.

 

[labrocca]

It would be interesting to know how far Spamhouse has done their homework to inform themselves about the applicable laws or if they drew their proverbial guns and fired before firing. Excerpt from the article:
Now, i'm not an attorney, but since when is the word "indication" associated with "solid proof"?
IB

Any good lawyer wouldn't accuse anyone of phishing. It's just like news organizations calling people "alleged" or "person of interest". If you say someone is phishing...you have to be 100% sure otherwise you will be fighting a libel battle. So in most cases they use words like "indicatation" only to protect themselves legally.

Spamhaus has been a great organization from day one. I was even banned from them at one point and I found out why...my server was compromised. So if it wasn't for them I might not have even known. Basically they are the spam police. If they point the finger you better look around and make sure it's not at you.

I use the RBL system and never had any issues.

 

[Mike]

calling people "alleged" or "person of interest". If you say someone is phishing...you have to be 100% sure otherwise....
... If they point the finger you better look around and make sure it's not at you.

I absolutely agree with both of your points. "Alleged" and "Indicated" are both terms that point towards a suspicion w/o solid proof.

If they ring the alarm bell, nic.at should be doing their homework, i agree with that as well.

Fact remains, looking at both of these statements, the ban was still premature and certainly uncalled for. Again, like most other domainers, i'm 100% against phishing and spam, but i'm also against Spamhaus going "rogue" with bans because an agency is obeying their individually applicable laws.

 

[labrocca]

Most people that use SPAMHAUS are also aware of their low tolerance policies. That's why most major ISPs don't use them but for smaller servers it's a real handy tool. Rogue isn't how I would describe their actions...maybe premature but certainly not rogue.

http://www.nic.at/

Anyone else getting problems connecting to their site? For all we know...Spamhaus was the first to recognize their systems were compromised and if that's the case. NIC.AT should be thanking them.

 

[Peter]

Anyone else getting problems connecting to their site? For all we know...Spamhaus was the first to recognize their systems were compromised and if that's the case. NIC.AT should be thanking them.

Doesnt work for me either at the moment although it did work for me yesterday.

 

[labrocca]

So one has to really wonder about that don't you think? Seriously...spamhaus tracks MILLIONS of spams...they are one of the first people to know if a system is compromised and used for spam.

 

[neroux]

Most people that use SPAMHAUS are also aware of their low tolerance policies. That's why most major ISPs don't use them

And they do fine.

Rogue isn't how I would describe their actions...maybe premature but certainly not rogue.

As I said I would even call it blackmailing. If people use their services, they do so as their lists shall indicate/contain hosts which are actively sending Spam. In this case however they abused their own system to force/blackmail an organisation into doing something illegal.

For all we know...Spamhaus was the first to recognize their systems were compromised and if that's the case.

I am sorry, but did you even read the article? Their systems were not compromised at all.

NIC.AT should be thanking them.

What for? For being blocked for no reason?

 

[Mike]

Doesnt work for me either at the moment although it did work for me yesterday.

Just checked, works fine for me.

 

[ZuraX]

You are all missing the point. The domains are registered by Russian phishing gangs. Spamhaus has been following this same gang from domain to domain and getting them shut down. Its only nic.at that has refused to stop these criminals.

Maybe this will get the stupid EU laws changed so that ISPs and registers in the EU can actually stop crap like this. Until then, me and many others are blocking all traffic from EU net space. I all the whole net block as I see spam from it or other abuse.

http://www.spamhaus.org/organization/statement.lasso?ref=7

 

[neroux]

You are all missing the point. The domains are registered by Russian phishing gangs. Spamhaus has been following this same gang from domain to domain and getting them shut down. Its only nic.at that has refused to stop these criminals.

For the third time, this is not of concern of the registry. I quote

The point is the domain registry has a contract for the domain name, which didnt violate any law however (trademark, third party rights, ....).

Maybe this will get the stupid EU laws changed so that ISPs and registers in the EU can actually stop crap like this.

Which laws would you be referring to? There is nothing that prevents an ISP from shutting down an illegal website. As far as registries/registrars are concerned, please see above.

On a related note, please point out where .com registrars are bound to remove DNS entries, when the domain name does not violate any trademarks, third party rights and so on but only the website or another service is used to commit illegal activities

Until then, me and many others are blocking all traffic from EU net space. I all the whole net block as I see spam from it or other abuse.

I cant see you or anybody else blocking european connections.

 

[Mike]

Maybe this will get the stupid EU laws changed so that ISPs and registers in the EU can actually stop crap like this.

Thank You! This is the point that i've been trying to make,...you just went a lot more efficient about it! :lol: