I think in general that spam blocking databases are a good thing. I am as frustrated with spam as the next person. However, I think SpamHaus is irresponsible in the service they provide for the simple reason that they abuse their power and refuse to implement levels of granularity in their database. For example, right now my organization the Terrorism Research Center is being blocked by SpamHaus. We’ve operated on the same single static IP address for five years and we have never had a complaint against our IP address with SpamHaus. So why are we being blocked? Because according to SpamHaus we live in a bad Internet neighborhood and should be blocked because another IP address in our same subnet sent a direct mailing for Staples. Instead of just blocking the IP address engaging in spamming, they are blocking the whole subnet!
Let’s look at a real-world equivalent to what Spam Haus is doing.

John Walsh runs a national sex offender registry at FamilyWatchDog.us. This is a responsible service that lists individuals and their granular Street Address.

What if John Walsh followed the SpamHaus methodology? Well, when a sex offender moved into your neighborhood, instead of listing the street address, they would list your whole neighborhood.

Now, let’s imagine that your neighborhood being listed resulted in your not being able to get a job because an employer voluntarily looked at the list, saw there was an offender in your neighborhood and can’t tell if it is you or not so they refuse your right of employment. Also, when you try to mail in your bill using USPS it is returned to sender because your power company doesn’t accept mail from any listing in the Family Watchdog database.

When you contact Family Watch dog, they tell you the world is a big place. You are a free citizen and have the power to move and not live in a neighborhood with a sex offender.

This is exactly what SpamHaus is doing to TRC right now.

Lists of offenders, whether they be sexual predators or spammers can be a good thing, but not when they are operated by irresponsible entities that build a level of trust and then manipulate the system in ways that are harmful to the communities they are trying to protect. The Terrorism Research Center operates 24/7/365 because our customers rely on the intelligence we provide to stay safe. Also tens of thousands of people subscribe to our free newsletter to stay better informed on issues of terrorism and homeland security. However, SpamHaus is impacting our ability to do good work. Their attitude in dealing with these issues is arrogant, cocky and wrong. You can argue until you are blue in the face that SpamHaus only maintains a database and implementation is voluntary, but the bottom line is they have established an extensive following and have a responsbility to provide accurate results to their users.

If you are currently using SpamHaus, you should take a serious look at how their policies might impact your organization. If you like SpamHaus (as most do) you should email them and encourage them to be more responsible net citizens. There is no reason to block the Terrorism Research Center IP. There is no record of spam sent by us, no complaints against our organization in over 10 years of Internet operation. We’ve been responsible net citizens, it is time for SpamHaus to do the same.

I am happy to talk to any media outlets that want to discuss this story.

Update: As of 30-Jan-2007 09:34 GMT SpamHaus has changed the record to block only the offending individual IP address, not the entire subnet. This is what they should have been doing from the start. This issue is far from over because we need to hold SpamHaus accountable for their lazy and coercive practices. They should not be blocking entire subnets, especially when they have proof that doing so will hurt legitimate organizations (we provided that proof in 2005 to them). They should not use their status as the maintainers of a widely used spam database to coerce organizations to switch ISPs. They need to stay in their lane and focus on providing accurate listings.