If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks.
Al Iverson over at Spamresource has a great round-up of the news, if you didn't manage to catch this item, go check it out, then come on back, we'll wait ...
Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers, who happen to be some of the biggest sites and services on the Internet. Spamhaus notes they protect as many as 1.7 billion email accounts.
Some reasonable criticism was aimed at the New York Times, the BBC and Cloudflare for being a little hyperbolic in their headlines, and sure, it was a bit Chicken Little-like, the sky wasn't falling and the Internet didn't collapse.
But don't let the critics fools you, this was a bullet we all dodged.
For one, were Spamhaus to be taken offline, their effectiveness in filtering spam and malware would rapidly decay, due to the rate at which their blocklists need to be updated. The XBL anti-botnet feed and the SBL list both have many additions and deletions every day. These services are used to protect mail servers and networks against the most malicious criminal traffic. If they go down, a lot of major sites would have trouble staying up, or become massively infected with malware.
There are also a ton of small email systems that use the Spamhaus lists as a key part of their mail filtering (for free as it turns out). Were those lookups prevented, or tampered with, those systems would buckle under the load of spam that they dispense with ease thanks to Spamhaus.
To put it into perspective, somewhere between 80% & 90% of all email is spam, and thats the stuff Spamhaus helps filter. So it doesn't take a Rocket Scientist to figure out that if filters go out, so do the email systems, in short order. AOL's Postmaster famously said, at an FTC Spam Summit a decade ago, before the inception of massive botnets, that were their filtering to be taken offline, it would take 10 minutes for their email systems to crash.
Due to some poorly researched media reports (hello, Wolf Blitzer!), there is a perception that this is a fight between two legitimate entities, Spamhaus and Stophaus; some press outlets and bloggers have given equal time to the criminals (we use that word advisedly, there is an ongoing investigation by law enforcement in at least five countries to bring these people to justice). Nothing could be further from the truth. The attackers are a group of organized criminals, end of story. There is nothing to be celebrated in Spamhaus taking it on the chin, unless you want email systems and networks on the Internet to stop working.
So yeah. this was a big deal.
Postscript: There were some reports early on in the attack that some of the Spamhaus feeds may have been hijacked. There is no indication that that is ongoing.
