It has come to my attention today that the almost famous Spam Block List provider put the IP addresses of the Austrian Registry nic.at on their block list.
The list that Spamhaus provides is actually something good: it allows mail server administrators to automatically block mails arriving from servers that are known to be operated by phishers.
At this point Spamhaus took the wrong term, though. They demanded from the Austrian Registry to delete 15 domains that they consider to be used by phishers, apparently without providing (enough) evidence to nic.at. So nic.at responded that — because of Austrian law — they cannot just delete domains without proof of bogus WHOIS addresses.
I cannot judge who is ultimately right in this dispute (like did Spamhaus provide enough evidence or not), but I can definitely judge that Spamhaus took the wrong decision when they started to block the IP addresses of nic.at in their list.
Welcome to the Kindergarten, guys.
nic.at is bound to Austrian law, and as a foreign company you can’t just come along and ask them to remove certain domains. What if someone would go to your registry and request deletion of spamhaus.org without providing any legitimate reason.
Dear Spamhaus, you need to stick to your policy. Your block list is about phishers, and nic.at did not send out any phishing mails. You can’t just put someone on there because you want to pressure them.
As a result, mail server administrators should no longer rely on block lists of such a provider who misuses his own list for trying to put other companies/organizations under pressure. So this is the right moment to remove sbl-xbl.spamhaus.org from your server configuration.
Coverage on the German Heise.de.
Update 2007-06-20: They have stopped listing nic.at. Finally they see reason. (They have changed the IP address block to 193.170.120.0/32 which matches no addresses); also see german futurezone.
You might have missed that I have updated the posting this morning already. Still my point is, that Spamhaus should not misuse its own tool in order to try to pressure another service that did not send spam or phishing e-mails.
Nic.at is required by Austrian law to verify wrong entries before they can delete domains. Spamhaus did not provide proof of that. End of story.