DDoS attack shuts down anti-spam blacklist

Osirusoft, one of the largest anti-spam blacklists, has been shut down by its operator following a barrage of massive Distributed Denial of Service (DoS) attacks that have crippled the service.

Services such as relays.osirusoft.com have come under fire recently for blocking legitimate email as well as spam.

The service used a variety of techniques to maintain a real-time dynamic list of IP addresses that are known to have spam originate from them. By using the list in real time, a mail server can determine if it should accept and process a message or disregard it as spam.

Managing director of Australian broadband provider Ideal Internet Services, Darren Worley, doesn't use blacklists as a general rule. "We don't use them for various reasons... it's about controllability. You're passing control to some other entity, and if you're not in control of your own mail servers then it's a problem for your own business."

Lists such as Osirusoft are a good idea, Worley says, but don't work as well as they could because of practical concerns. "The alternative is a whitelist. If you're a known, good custodian of a mail server and you're not an open relay then certainly a whitelist is an attractive option," he said.

However the goal of assembling a comprehensive blacklist and a whitelist "known spammer", "known responsible" database just isn't going to happen, Worley said. "It would take every mail server in the world to subscribe to it."

At this stage no statement has been made from the operator of the service, but the industry speculates the service may come back in a different form when DDoS attacks from spammers have subsided.

Worley says administrators shouldn't be too concerned about permanently losing mail sent to servers configured to use the list -- it's more likely to simply disrupt email delivery. "Most mail transfer agents do an obligatory 'try for 5 days' to deliver mail, depending on the errors of course," he said.