Mynymbox vs. Spamhaus

History

We've been battling with Spamhaus for a few weeks now, as domains keep ending up on the DBL domain block list, even though they're used for perfectly normal purposes. We've opened several tickets with Spamhaus and their standard answer is: "not suitable for removal". Reason: "Bad Internet Neighbourhood" or in their words: "The domain is not eligible for removal while being associated with this neighbourhood." If you want to question this, the ticket is usually closed without any comment.

In one of our last tickets, someone finally got in touch with us and revealed a few more details. The reason for the "Bad Internet Neighborhood" appears to be that we "had" registered some domain names that were used for phishing purposes. We removed these, of course, long time ago. The problem Spamhaus seems to have is that they cache their DNS server queries and don't renew them, thus treating these already removed domains as active forever. This then results in domains ending up on the DBL.

We also explained them our process for Domain Name Registrations and that we manually review any Domain Name before we do the registration. We check domain names and do not allow names that are obviously used for phishing, spam, etc. But Spamhaus doesn't care about that, even if we are more careful now as the most "normie" providers!

Bad Internet Neighbourhood

As described above, domains end up on the Domain Block List (DBL) if they are associated in a "Bad Internet Neighborhood." That's why they block some of our domains with their absurd filter rule.

Why absurd?

Let's imagine we own a big store and we know Bob. Bob is a normie, works every day, lives a normal life and lives in an area where he's surrounded by some bad neighbors. Still he lives their because he likes the area. As the store owner, we now say that since Bob lives in this area with "bad" neighbors, he's no longer allowed to enter our store. Great and very fair situation for Bob, right?

Centralization at the highest level

If you check the status of a domain on mxtoolbox.com, especially for email traffic reasons, you might also look at the blacklist. There are approximately 70 blacklist providers listed on mxtoolbox. There may even be more.

A domain is now on Spamhaus's DBL due to the absurd rule described above. Spamhaus is one of 70 services that operate spam filters. And now centralization is taking effect, which is extremely dangerous. Of all 70 operators, Spamhaus is often the only service that has a domain on the DBL and blocks it. This is something that ALL email server operators should urgently consider as they block also emails from normal domains!

Spamhaus seems to have taken over the world of email, as it often prevents domains from being used for email traffic, even though they are used for completely normal purposes.

Update - August 10th

Spamhaus has also put Mynymbox.io on their Domain Black List (DBL). The reasons for this are very, very questionable.

1. Mynymbox.io uses its own nameservers which are not available for customers
2. Mynymbox.io had previously used its own mail server that was not available for customers.
3. Mynymbox.io uses its own web server, which is also not available for customers.

Despite these points, Spamhaus sees Mynymbox.io in a "Bad Internet Neighbourhood".

We had opened a few tickets for mynymbox.io, all except for one ticket were just closed with the usual copy & paste rejection - not possible for delisting - from Spamhaus.

On July 25th we opened the last ticket, of course we received the usual answer - not possible for delisting -, but the ticket remained open. We send our answer to this with all explanations and details but haven't received an answer since July 25th.

In general, we no longer receive an answer for any domains.

It seems to us that Spamhaus is now completely ignoring us and that they are not willing to remove domains from their lists, even if we have send them all clear technical informations. We don't get any more information why Spamhaus still blocks domains, although we would of course work on possible issues.

If we wouldn't have the opportunity to switch to an external mail server, we could no longer send emails to customers, partners and other companies, which would affect our service enormously (we are working on a new solution for us).

Mynymbox is a privacy hosting provider, which Spamhaus apparently does not like at all, as we know from another case.

We seriously ask ourselves whether one cannot speak of discrimination and even business damage.

We are thinking about it.

Update - October 2nd

Absolutely nothing has changed in the overall situation with Spamhaus. We still don't know the real reason for the fight against us. In one ticket they wrote it is about some domains, but as written above, this is wrong and they have a way to many false positives. Our domain mynymbox.io is also still on their DBL without any reason. The whole fight makes us believe that it is all just about against us as privacy provider.

In the meantime, our ASN has also landed on Spamhaus's ASN drop list. A brief explanation of what Spamhaus uses the ASN drop list for:

The Spamhaus ASN-DROP list contains Autonomous System Numbers (ASNs) that are controlled by spammers or cyber criminals, as well as ASNs that have been hijacked and are being used for malicious purposes such as the dissemination of malware, Trojan downloaders, and botnet controllers.

So we are being portrayed as criminals, as a bulletproof hosting company, even though we clearly state on our website that we are not criminals and that we are compliant with all local laws.

After we requested a delisting, the first response was:

"The fact that your company is registered on a small island in the Caribbean tells us more than enough. No legitimate hosting service in good standing that we know of has to register offshore to evade law enforcement agencies."

We then wanted to relocate our company to another jurisdiction, the registration was successful, and everything was fine. We informed Spamhaus of this in a new ticket for the ASN delisting and attached proof of the company registration. The response was:

"Thank you for contacting Spamhaus ASN Removals,

We appreciate you letting us know about moving your company to the XX, however this will not affect your ASN-DROP listing.

Regards,
XXX"

We thought that Spamhaus is supposed to be the "good guy" of the internet. When you have a provider like us that obviously care and goes the extra mile to even change its corporate structure, Spamhaus should be sensible to that and encourage it.

They aren't.

This blog post continues as we are still arguing with Spamhaus.