It’s not exactly breaking news that Spamhaus is being hit with a DDOS attack. In truth, they are often hit with DDOS attacks, though most are pretty average attacks which Spamhaus is well protected against. This recent report is a bit different though, not only has it been ongoing for over a week, it has been recorded as the largest known DDOS attack ever. Spamhaus reported traffic approaching 300Gbps, which has since been confirmed by reliable outside sources.

This report has sparked quite a wave of media, reporting that such an attack could “rock the very foundations of the internet.” Many media outlets have also reported that the attack has likely affected many users internet speeds and connectivity. Blizzard, a popular video game publisher, also posted a notice to its users that they were monitoring the issue.

Whether or not the attack was strong enough to break the internet is up for debate. Many of the leading names in Information Security have said that while the attack was significant and exposed some real problems, it was not necessarily as bad as the internet Armageddon that media-networks were making it out to be.

What is more interesting though, is the details behind why Cyberbunker initiated the attack. If you aren’t familiar with Spamhaus, they are one of the largest Email Security organizations in the world. They use a variety of sophisticated methods to find spammers and provide a listing of all known spammers, available for anybody who wants to use them. In this instance, Cyberbunker claims that Spamhaus is an internet vigilante that has wiggled into a position of power, able to decide who is a spammer and who isn’t regardless of the circumstances. The DDOS attacks are in direct retaliation to Listings by Spamhaus.

So are Cyberbunker’s attacks justified? Definitely not. While Spamhaus does have a very heavy influence on the email networks, their services are provided free of charge, and there is no law or requirement forcing any person to utilize their lists. Spamhaus acts within the law, and they act to protect those who utilize their listings. Even if they did arbitrarily block an organization, they are still within their rights to do so.

As the Abuse and Deliverability manager, I am occasionally in communication with Spamhaus, making sure that none of our users are sending spam, and that our IPs are not present within their listing. While I cannot bring any specific issues to light, I can say that Spamhaus is a very reputable organization, and even in the past, when our own servers somehow found themselves on the Spamhaus Blacklist, Spamhaus has been understanding, helpful, and professional every time that I have had the pleasure to work with them.

So how has this affected Benchmark Email users?

While it’s hard to say exactly, there appears to have been no major ramifications towards our systems or users. It is possible that recipient ISPs may have had trouble accepting email during the attacks, but not so much that it would have made a noticeable difference in bounce or open rates. We are continuing to monitor the issue, however it does appear that the worst has passed.