back to article SpamCannibal blacklist service reanimated by squatters, claims every IP address is spammy

SpamCannibal – a defunct service that issued blacklists of known spam servers – was hijacked early on Wednesday morning, spewing its own unwanted crap in the process. El Reg was tipped off by a reader who told us that SpamCannibal is "pumping out Blacklist notifications for some of our servers and then when you go to …

  1. Anonymous Coward
    Anonymous Coward

    That's why you should not use random RBLs you've never heard of.

    There is a reason why there are only a very limited number of RBLs with a genuinely good reputation.

    The rest are a quagmire of false-positives (with boatloads of false-negatives as an added bonus).

    1. Alan Brown Silver badge

      "That's why you should not use random RBLs you've never heard of."

      More to the point it highlights that using any DNSBL is never set-and-forget.

      There's been a steady churn of reliable DNSBLs for decades as operators find that they're a lot more work and expense than they're able to dedicate.

  2. macjules

    And worse ..

    Use BriefYourMarket.com’s database of 20 million+ UK households to digitally filter through streets, postcodes and areas to find more of the same. Slice and dice by gender, tax band or lifestyle – and then when you’ve found the perfect list - send them personalised marketing collateral to their door in a few clicks. The data is yours to keep and because it’s all part of BriefYourMarket.com, when they make that sale, you already know all you need to keep your relationship going. Meet BriefYourMarket.com data – the secret to hot prospects.

    Once a client registers a mailing list with BYM they then use the customer data in that list to extend their own database. Unsubscribing from one, for example Dauntons "GDPR compliance" (yeeaaah, riiight) only serves to act as a positive for BYM.

    This is pretty much as good an example of GDPR breach as I have seen so far.

    1. Potemkine! Silver badge

      Re: And worse ..

      "Meet BriefYourMarket.com data – the secret to hot prospects."

      What a bunch of vicious lizards. I cross fingers for GDPR enforcement agencies falling on their back in a near future. May they take no prisoner and show no mercy!

  3. bombastic bob Silver badge
    WTF?

    deliberate attempt at irony

    when a spammer blocking service URL is taken over by spammers, malware pushers, etc..

    really it's just a form of revenge. I hope their registrar has a policy about that... (time for a takedown)

    1. Alan Brown Silver badge

      Re: deliberate attempt at irony

      not exactly the first time this has happened.

      However, this time around - given the GDPR and the content of the website - perhaps the takedown should come from the ICO (yeah right)

  4. Cuddles

    Malware

    "Visiting the site earlier today flung fake Adobe Flash updates at our sandboxed browser, downloads no doubt riddled with malware"

    So the downloads actually contained Adobe Flash?

  5. veteran-of-the-spam-wars

    Nothing to see here, move on

    Practically any domain name that expires is immediately taken over by domain hoarders looking to monetize it in some way - such as by "returning" it to the original owners for a sum.

    Hoarders usually put in wildcard DNS. That means any query to any subdomain/host address of that domain will return a result.

    In the case of blocklists, anybody using a blocklist of any kind should make sure that the responses they get are of the expected kind; a response other than 127.x.x.x should be discarded as invalid. Problem solved.

    In this case (and iẗ́ is NOT the first of this ilk) queries to the repurposed domain are all returning the host address (not 127.anything) of the hoarder's web site. This has nothing to do with the fact that the domain used to be a blocklist domain or any other feature of the domain itself; this is standard modus operandi for domain hoarders.

    There is nothing newsworthy here, if you don't count the fact that people using blocklists are not checking the response codes to make sure only valid responses are taken as such.

    1. Drew 11

      Re: Nothing to see here, move on

      "Practically any domain name that expires is immediately taken over by domain hoarders looking to monetize it in some way"

      Correction. Practically every domain that expires is hijacked by the Registrar utilised by the domain owner, who then resets the DNS to their own and counts the traffic in order to monetise the domain and then auction it off prior to the time limit when they're supposed to release (delete) the domain.

      Registrars like doing this because they usually get to keep the domain under their control (which is anti-competitive) and make a LOT more money at auction than they would if it was deleted and re-registered. ICANN, of course, has turned a blind eye to this matter.

  6. onefang

    Earlier this week dnsbl.cyberlogic.net started reporting that some, then all of my servers are blacklisted, then it gave them the all clear, then bl.spamcannibal.org "blacklisted" them. I've removed them both from my nagios checks. I did double check my logs, nothing bad going on with my email servers. The other 70 odd black listing sites nagios checks are still reporting I'm good, as they have always done.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like