SpamHaus Drop List

Steve Linford linford at
Fri Aug 24 09:42:30 UTC 2007

On 24 Aug 2007, at 01:49, Derek wrote:

> hjan wrote:
>> Does anyone use spamhaus drop list ?
>> I'm glad to listen opinions or experience.
>> Regards,
>> Gianluca
> My experience is not specific to the DROP list but regarding the  
> RBL/Zen service I have found the 'moderators' of the lists can  
> abuse their power and unable to provide any proof to their entries.

A quick search in our removals archive brings up the particular  
listing Derek's experience relates to: SBL53319

In April Derek was hosted on Intercage (aka Atrivo, aka US-based home  
of malware, DNS exploits, malware C&Cs and botnet spam cannons).  
Intercage/Atrivo is a /20 used predominantly by serious crime gangs  
from the Ukraine and Russia, the /20 is firewalled to hell and back  
by those who know about it. Amongst all the East European cyber-crime  
gangs stuffed into that /20 there's the rare legitimate customer like  
Derek dotted about here and there, they can be counted literally on  
one hand.

In contacting our team about the SBL listing, Derek googled a bit for  
"Spamhaus" and read a posting by a ROKSO spammer claiming we were  
child molesters, nazis and members of the KKK, and unfortunately  
Derek fully believed it, so he contacted our removals team from that  
perspective... Advisably not the best way to have a constructive  
dialogue with our team.

SBL Removals declined to provide Derek with proof of the cyber-crimes  
being committed by the gangs on Intercage, since Derek did not  
provide his FBI badge number.

With over 100 SBL listings all for malware, botnet C&Cs, phishing and  
carding cyber-crime, as well as being closely connected with RBN  
(Russian Business Network), Intercage ( is indeed  
currently on the SBL and is in our DROP list:

> But when your on the wrong side of the fence it is very annoying,  
> if one of the moderators has a beef with your provider - look out!
> Derek

In this particular case, I think it's fair to say that Spamhaus "has  
a beef" with Derek's provider. So do all of the internet's security  

   Steve Linford
   The Spamhaus Project

More information about the NANOG mailing list