Spamhaus Provides Answers: Part 6
This is part six of a series in which Steve Linford, chief executive of anti-spam organization Spamhaus, agreed to field questions from Magill Report readers, who submitted more than 60.
The rest of this post, with the exception of an editor's note at the end, is from Spamhaus.
Let's take the next two together:
43. Do Spamhaus volunteers take “complaints” from other people, or are they only identifying “bad actors” based on personal receipt of a message?
44. How many volunteer complaints are required to flag a sender? (One? Ten?) Is this tracked at the individual level or just total? For example, one volunteer who complains five times counts as one or five?
Spamhaus neither solicits nor accepts spam reports (complaints). Our spam experts research many different sources of information including both live and trap addresses as well as other many other streams of data. Out of the billions of connections and hundreds of millions of spam messages we accept past DATA, we really don't see spam as a single digit problem.
45. Would Spamhaus support a reconfirmation (COI) program only for non-active records? (All active records would not be reconfirmed.) How would Spamhaus define “active” for this purpose.
We encourage COI for initial address acquisition and we also support it to remediate some problem lists. Subscribers should have already confirmed their opt-in status at time of acquisition or via engagement such as actually buying a product. Simply opening a message does not inherently demonstrate permission, but active participation (purchase, discussion, etc) might. Bounces and unsubscribes must be fully processed before such a permission pass. If a list is tainted by a bad import segment, then such segments should be removed. Finally, after the list is brought up to good hygiene standards, a permission pass (COI) can validate the remaining subscribers. Hopefully it goes without saying that there should be good reason to believe the list had a bona fide "opt in" provenance to begin with, and was not simply some compendium of things that looked like email addresses scraped together from dark places where hucksters hide.
In exceptional cases where the provenance of the list was particularly reputable, we have heard of as many as three confirmation passes to build full engagement of would-be subscribers. We even blogged about this back in 2008.
46. I'm wondering how to get the Spamhaus Whitehat Network-label, what are the requirements?
Whitehat Star images are displayed when ISPs--with direct IP allocations from the RIR--have no SBL listings on their network and our SBL Team agrees that the ISP demonstrates stellar Abuse@ handling including both proactive and reactive spam prevention. An example of it is visible here.
47. If a mailer feels they have a legitimate dispute to an SBL listing, does Spamhaus act as Judge and Jury, or is there an independent arbitrator? If not, why not?
The Spamhaus team has always provided sufficient internal checks and balances to satisfy our users. They have always been the "independent arbitrator" of our listings and listing policies.
48. Is your goal to shut down all non-double-optin commercial email, or just spammers? Based on how Spamhaus treated Gap Brands, it seems like the former.
We just want to stop spam. Our goal is to prevent our users from receiving spam. We do find that COI is a valuable tool in that regard and we hope Gap Brands and other senders also find it to be more valuable than spamming.
[Editor's note: This is the final installment of the questions Linford has answered to date.]