Blacklisted by SORBS – a day in the life of Gandi.net
By Joe on Thursday 4 March 2010, 13:40 - Gandi - Permalink
Seeing as this is an issue that is now affecting some of our customers, we thought we’d write a quick post to let you know what is going on. As those of you who know Gandi.net will know, our entire history has been about being fair to our customers and taking a stand against the shady practices of the domain name industry, and the internet industry in general. This of course includes anti-spam policies, and indeed we support SpamHaus which is an anti-spam organisation (http://www.gandi.net/supports/)
So it is with surprise and regret that we must tell you that we have been blacklisted by SORBS (http://en.wikipedia.org/wiki/Spam_and_Open_Relay_Blocking_System) for “harbouring spammers”, a charge which I’m sure you can agree is unlikely.
This situation has arisen because of our customer protection processes that are core to our beliefs. Where a customer of ours is a spammer, then we will of course take action. We don’t protect spammers.
But we cannot take action against a customer until we are provided with proof that they actually are a spammer. The requirement of proof is something that we keep strict. There are many situations where complaints by one party against another without proof have led to action by domain companies which is hasty (http://news.cnet.com/2100-1025_3-6153607.html, and an article written about this and registrar complaint procedures following the action http://news.cnet.com/Survey-Are-domain-registrars-free-speech-friendly---page-2/2100-1025_3-6155614-2.html?tag=mncol)
So when you want to make a complaint about a domain or a customer of ours, please do (abuse at gandi.net), but you will require proof. And by proof we mean original and complete documentation showing the offense. In the case of spam, this must be full and complete email headers, and not extracts or a sample, or a cut and paste of something. The original headers please.
Similarly, we cannot take action based solely on circumstantial evidence that a given domain or individual may or may not be simply associated in some form with another person or entity, nor on the basis of simply subjective opinion.
Once we have this proof, we kick off our procedures. Immediately.
Anyway, back to SORBS. So back in December we were blacklisted by SORBS without notice. The SORBS process seems to be that you are blacklisted first, then you can have a conversation, and finally you can pay to be removed from their blacklist (see ‘criticism’ section http://en.wikipedia.org/wiki/Spam_and_Open_Relay_Blocking_System).
We had two objectives at this stage;
- 1. Understand why we were blacklisted and take appropriate action
- 2. Get off the blacklist
For part 1, we required proof that an offense had taken place by our customer. SORBS initially did not provide complete and original proof of the spamming domains and the spam email. They wanted us to take action based on their assertion. It took many requests and replies before we were finally able to get the original documentation that they had in their possession all along.
Once we had this documentation, we have kicked off our RIP process to contact the customer and begin proceedings. The issue is still not clear cut, as no spam originated from Gandi, or the domains we host, but 2 domains we host were mentioned in the spam. We will investigate and let you know. So that’s part 1 done.
But for Part 2, we are still blacklisted. It seems the only way to be removed from the blacklist is to make a donation to a legal defence fund for a case won in 2002. We will not pay to be white-listed, this is just not the way we work. We will continue to follow this up with SORBS, but we cannot be sure of the outcome. Why they couldn’t speak first, punish later is still unclear. But paying to be removed is just not Gandi.
We regret that this has led to us being blacklisted, but we make no apology as we would do it all again. We will protect our customers rights until we have proof they have offended. Innocent until proven guilty. Is this so strange?
Apologies for any inconvenience this may cause any of you, but we thought we should explain.
Comments
Sorry to hear this Joe. SORBS are well known to use heavy-handed tactics and they seem to have a personal vendetta gainst one person in Australia in particular. They blacklisted our ISP's entire netblock last year purely because they decided in their own minds that one user was a friend of an australian spammer, and not because of any actual spam or other abuse. Are you able to move some of your affected services to other addresses, or did they do the same and sh**can the whole block?
Hope you get it sorted soon. Keep up the good work!
Gazza
Hi Gary,
It it, sadly, our entire CIDR netblock. We are working to see how best to deal with the blacklist issue, and as Joe mentioned action is underway for the first part. We'll keep everyone updated as things progress.
Kindest regards,
Leland
Hello,
on pourrait avoir la VOSTFR ? :p
++
<french>Elle arrive dans 5/10 minutes :)</french>
This is why I have moved my domain registrations to Gandi. Spammers frequently send "joe jobs," which are emails that mention another person's domain to harm his reputation. They can easily take revenge against the people who report their criminal activity by mentioning a reporter's domains or email addresses in spam for things like child pornography. I know the people at Gandi have educated themselves enough about spammers to be able to investigate and distinguish a joe job from a real spam email. I seriously doubt the staff at SORBS would have any idea how to do it.
SORBS have stated their side of this story at http://groups.google.com/group/news...
@Tom, yes we saw that. We have nothing to hide and each to their own. If they honestly believe that with our history and reputation that we are accepting money to protect spammers, then I'm not sure there's a lot we can do to convince them otherwise. Ultimately our customers can decide what they want to believe.
The fact that they state that they have domains with us shows they must have chosen us for a reason (probably our anti-spam reputation), and why they think we've changed to spam-mongers is a mystery.
Thanks,
Joe
Just casually observing this, but it seems that there is more on this thread elsewhere.
To quote from google groups:
"
Of course we showed them clearly that it was Wayne Mansfield, but they
insisted on our disclosing of the spamtrap information. We refused as
there was no basis to disclose it to GANDI as the spam itself was not
from their network.
Current information shows GANDI are still providing spam support
services for this well known *CONVICTED* spammer. (
http://en.wikipedia.org/wiki/Wayne_... )
==
Seems I didn't post a follow up to my original post pointing out that
"Leland Vandervort" is actually Ryan of GANDI. Why someone such as Ryan
thinks he needs to hide behind an alias I guess I'll never know.
Michelle
"
--
So Gandi people hide behind aliases??
Greg
@Casual Observer:
I have read the Google groups thread and there are a number of misrepresentations.
- With reference to the alleged Spammer. The individual is NOT listed in ROKSO, despite assertions to the contrary. The individual may well have been so-listed in the past, but this is not the case for the past several months.
- The email trace provided as "evidence" does not show any domain hosted at Gandi as being the spam source or subject domains. Two passing references to domains in the signature line indirectly point to domains registered here, but neither are the source or actual subject of the email in question. One of them, in fact, no longer exists.
- The mail itself did not pass through any Gandi network services or infrastructure.
- Further analysis and tests of the mail in question reveals that it is actually a newsletter from a "double opt-in" list, and I have myself tested this by subscribing and successfully unsubscribing without difficulty from two private email addresses.
- and no, Ryan Anderson and I are two entirely different people (any casual use of google or the RIPE database would have already established that fact...)
Essentially, we are being asked to take action purely for reason of "association", rather than actual concrete abuse of our services, which is something that we are unable to do.
Leland
You guys are really full of bullshit. Why can't you just admit that you're more interested in making money instead of doing what is morally and ethically the right thing to do?
So much for your "no bullshit" which really is major league prime time bullshit.
Sorbs are pretty good at investigating and I have no reason to doubt their findings in so far as both Wayne Mansfield and the true identity of "Leland Vandervort" is concerned. Why does Gandi see it necessary to blatantly kie to the masses??
Caveat emptor!
As of late, I have been receiving spam I cannot even understand (because it is in a language I do not speak) from a Gandi customer. I have been reporting it to Gandi as instructed above and I have [abuse #NNNN] numbers to report (five separate ones in the #32xxyyy range) if somebody is interested.
It is my experience in this case that Gandi do not take action even after it has been shown this is a spammer, although low volume, who has been at it for a long time (my addresses have received the same spam from elsewhere since March 2009 and I seem to have started reporting it to Gandi no later than in February 2010).
Somewhat surprisingly, however, they kindly included the spammer on the cc list of the support ticket so that the spammer could see who the complainant is, listwash, retaliate and whatever else it is that spammers do when allowed to see the complainer.
Here is what Gandi had to say about it:
> We know pretty well this customer, it's clearly not a real spammer as
> you say, we have already closed multiple case with him.
And here is the spammer's response - surprisingly enough, in the language that cannot be understood:
>> Je vous remercie pour votre réponse.
>>
>> Effectivement, on n'est pas des spammers.
>>
>> On essaie de notre maximum de respecter la charte des opt-in et des
>> désabonnement.
>>
>> Nous classons automatiquement les désabonner pour ne plus leur envoyer
>> des emails.
>>
>> Nous avons une newsletter scientifique mensuelle en collaboration avec la cité
>> des sciences de Tunis et une autre pour la promotion de produits réels.
>>
>> Nous luttons contre le spam et nous ne voulons pas avoir cette étiquette.
>>
>> J'apprécie votre soutien
>>
>> A bientôt
I can only say that I did not subscribe to the mailing list(s) involved so the bulk email in question truly is spam to me because I did not request to be on those mailing list(s). I have no interest in anything related to Tunis. I also have no way to tell how my address(es) came to be on their list(s) nor is it of any importance.
As for SORBS, they should put their money where their mouth is and move their domain registration(s?) away from Gandi if they think Gandi really is so bad.
Sounds like the typical SORBS bullshit. Self-righteous pricks that they are.
After reading all about SORBS, it should be added that a website which only allows communication via a registration first is wrong, and then when you do sign up the system throws you of with an error, I find this disgraceful, I worked with my ISP found the problem, and deleted the script that was the problem, and firewalled the person IP who was doing it, no more problem all is happy, except SORBS I have been judged and convicted without a trial, I think SORBS should be taken of air...
I hope you've taken the obvious step of making sure Gandi's mail servers don't use the SORBS blacklist in any way.
More seriously, while I have a great deal of respect for anyone who takes the time to fight spam, blacklist operators often seem to go a bit insane. Block spammers, but don't cause collateral damage. And don't expect everyone else to accept assertions without evidence.