Amazon EC2 email blocked by antispam group Spamhaus

By Carl Brooks, Technology Writer 14 Oct 2009 | SearchCloudComputing.com

Enterprise IT news roundup Digg This!     StumbleUpon     Del.icio.us

More on Amazon EC2: Amazon EC2 attack prompts customer support changes Medical researcher taps HPC on-demand service over Amazon EC2

Spamhaus is one of the largest and most used RBLs in the world. ISPs, email servers, networking devices, antispam appliances and applications all rely on it for constantly updated lists of worldwide IP addresses that are generating spam. Once an IP address is listed, most of the computing world will automatically reject any mail traffic from it as spam.

Spamhaus requires that the owners of any listed IP addresses personally contact the organization and justify why they should be delisted.

"Our policy for delisting is that the spam has to stop," said an email from Spamhaus CIO Richard Cox, "and our editors must be convinced it is unlikely to restart when the listing is removed." He explained that the offender, a 'warez' spammer who was sending viruses, phishing attacks and spam advertising, appeared to be using any number of IP addresses from EC2 locations within the United States, so Spamhaus had no choice to list the entire address block as a culprit.

This is affecting ALL EC2 customers sending mail. Get off your high horse and work with Spamhaus on this. A frustrated AWS forum member

"The same abuser has exploited Rackspace's Slicehost in a very similar way, and that had to be listed in the SBL as a result," said Cox. Rackspace, however, operates under slightly different policies than AWS. Cox said that Rackspace worked closely with Spamhaus to isolate the traffic. AWS has a 'hands-off' approach to users of its EC2 services. It guarantees no protection except uptime and takes no responsibility for its users' actions, although it will remove users that violate its Terms of Service.

"This problem seems to be caused by one single abuser, who may well have found an exploit giving him or her access to resources in the cloud," said Cox. The exploit appeared to range widely across various subnets in EC2. Until he could be sure that the exploit or originator of the traffic had been identified and quashed, he couldn't remove the blacklisting.

In the mean time, EC2 users are getting increasingly irritated with the widespread failure of email delivery from applications and servers hosted with AWS. An AWS forum member affected by the blacklisting responded to a suggestion that he use a third-party SMTP relay with ire.

" 'Amazon does not get involved...you'll have to find a workaround' -- that's unacceptable," he wrote. "This is affecting ALL EC2 customers sending mail. Get off your high horse and work with Spamhaus on this."

An Amazon support representative said, in reply, that they were working with Spamhaus as fast as possible to resolve the malicious traffic.

"We are treating this with high priority," he said.

UPDATE: Spamhaus has moved the U.S. EC2 IP block to its Policy Block List (PBL), a weaker form of blacklist that may allow EC2 users to send and receive legitimate traffic. Spamhaus says that it still cannot permit individuals to appeal the ban but the change should help.

IP addresses listed in the PBL are listed as conditional spam-origination points, unlike the original SBL. Spamhaus said the change will allow email operators to send authenticated mail traffic to outside mail servers and allow emails to link back to sites with EC2, both of which the SBL blacklisted. This may allow EC2 users to easily redirect mail to servers outside EC2 and let them continue to use mail-driven applications from within EC2.

Spamhaus said that PBL listing can normally be appealed by individuals within EC2 but, in this case, they couldn't allow that as the spammers might slip through.

"Unlike Amazon, we do not know who is a legitimate customer with a long-existing mail server and who is not," said a statement on their Web site. For its part, Amazon has stated that they are trying to resolve the issue as fast as possible with Spamhaus. The modification of the block is an indication that there has been at least some degree of understanding reached.

"We investigate and respond aggressively to all complaints of spam coming from the [EC2] service. We are working with Spamhaus to understand why they took this measure and prevent this issue from affecting our users in the future," said Amazon spokesperson Kay Kinton in an email.

Carl Brooks is the Technology Writer at SearchCloudComputing.com. Contact him at cbrooks@techtarget.com.

Tags: Public cloud computing services,  Network and application performance in the cloud,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Public cloud computing services The Daily Cloud: IBM and the Air Force talk cloud computing Microsoft to add Remote Desktop and VM support to Azure The Daily Cloud: Amazon and Microsoft butt heads on cloud pricing The Daily Cloud: Oracle caves on cloud computing Amazon EC2 adds features to combat email blacklisting Amazon hooks up with XML search startup Mark Logic Cloud computing's only for grown-ups, survey says Cloud computing market starts off 2010 with a bang Video encoder picks Rackspace over Amazon for performance Infrastructure as a Service: How to maintain control Network and application performance in the cloud Amazon gains professional-grade memcached distribution Five requirements for deploying an application in a public cloud Oracle users balk at cloud computing VMware vCloud gets connected Performance woes the next big hurdle for cloud Eucalyptus, Adaptec announce cloud services An old-fashioned business moves into a new age with cloud Google to build cloud OS, CSC resells Microsoft Network considerations in cloud computing Bandwidth issues deter HPC users from cloud services

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Amazon Elastic Compute Cloud  (SearchCloudComputing.com) Blue Cloud  (SearchCloudComputing.com) cloud cartography  (SearchCloudComputing.com) cloud computing  (SearchCloudComputing.com) Hadoop  (SearchCloudComputing.com) hybrid cloud  (SearchCloudComputing.com) public cloud  (SearchCloudComputing.com) Windows Azure  (SearchCloudComputing.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary