Spamhaus requires that the owners of any listed IP addresses personally contact the organization and justify why they should be delisted.
"Our policy for delisting is that the spam has to stop," said an email from Spamhaus CIO Richard Cox, "and our editors must be convinced it is unlikely to restart when the listing is removed." He explained that the offender, a 'warez' spammer who was sending viruses, phishing attacks and spam advertising, appeared to be using any number of IP addresses from EC2 locations within the United States, so Spamhaus had no choice to list the entire address block as a culprit.
"This problem seems to be caused by one single abuser, who may well have found an exploit giving him or her access to resources in the cloud," said Cox. The exploit appeared to range widely across various subnets in EC2. Until he could be sure that the exploit or originator of the traffic had been identified and quashed, he couldn't remove the blacklisting.
In the mean time, EC2 users are getting increasingly irritated with the widespread failure of email delivery from applications and servers hosted with AWS. An AWS forum member affected by the blacklisting responded to a suggestion that he use a third-party SMTP relay with ire.
" 'Amazon does not get involved...you'll have to find a workaround' -- that's unacceptable," he wrote. "This is affecting ALL EC2 customers sending mail. Get off your high horse and work with Spamhaus on this."
An Amazon support representative said, in reply, that they were working with Spamhaus as fast as possible to resolve the malicious traffic.
"We are treating this with high priority," he said.
Carl Brooks is the Technology Writer at SearchCloudComputing.com. Contact him at firstname.lastname@example.org.