Recently, there have been news about CloudFlare clashing with SpamHaus. The spam-fighting service says it’s concerned about how the CloudFlare status may be used for cybercrime.
Preface
SpamHaus, the service responsible for the compilation of widely-used spam lists and reducing spam targeting users, is saying that CloudFlare has to step up. Recently, news have started circulating related to SpamHaus’s disappointment of CloudFlare in that the team behind the SpamHaus project has started feeling that CloudFlare isn’t doing anything to prevent abusers from using its service.
What’s CloudFlare and SpamHaus?
CloudFlare is a well-known company that provides DoS and DDoS protection for web properties. The CloudFlare status in this case is to essentially act as a reverse proxy that protects cloud infrastructure from various kinds of attacks. After performing a CloudFlare login, users of CloudFlare are free to add their web properties into the CloudFlare system to direct the traffic coming into their web properties through CloudFlare.
CloudFlare offers many services ranging from enabling users to add CloudFlare to their infrastructure free of charge to enterprise plans with a custom price point. Paid CloudFlare status plans strive to provide a 100% uptime SLA, some of them support Single-Sign-On (SSO), and all of them provide role-based access control. All CloudFlare plans come with various support options and enable users to add up to 65/155/310/760 CloudFlare rules that enable users to make adjustments to requests and responses as necessary after performing a CloudFlare login.
SpamHaus on the other hand provides IP and domain reputation intelligence services that was founded in 1998 to fight spam.
What’s the Fuss Between CloudFlare Status and SpamHaus?
One could say that CloudFlare and SpamHaus nowadays aren’t exactly on the best terms – CloudFlare aims to protect the web from cyberattacks by letting anyone use its CDN after a CloudFlare login and choosing a plan that can be either free or paid, but SpamHaus alleges that around 10% of all domains listed on its blocklist are running nameservers provided by CloudFlare. Further, some within SpamHaus believe that websites that may be advertising services to cybercriminals may be hosted on CloudFlare. That’s not a good look!
In one of their recent blog posts, SpamHaus alleged that many domains supporting shady activities are behind the CloudFlare CDN – thus, the issue is clear. SpamHaus wants CloudFlare to do something about this.
On the other hand, CloudFlare says that because questionable websites that may run through CloudFlare only use their CDN services and because CloudFlare does not actually host these websites, it’s difficult to take them down, but SpamHaus does argue that they’re not asking CloudFlare to remove content off the web, but rather to stop providing their services to possibly malicious parties.
SpamHaus further states that the abuse-handling policy offered by CloudFlare is largely problematic because the service may be passing on abuse complaints to the abuser instead of acting on them.
If CloudFlare is doing this, there may be multiple upsides to such an approach: the team doesn’t have to do any “deep digging” into abuse reports and dealing with abuse reports may be automated, thus keeping the problems out of CloudFlare’s hands. However, SpamHaus is arguing that such an approach isn’t enough and they’d want CloudFlare to ban the abusers from using its services altogether for a safer web.
With CloudFlare being a leader in today’s CDN market, it’s hard to not see the upsides behind using services behind a CloudFlare login, however, it seems like SpamHaus is disappointed in CloudFlare’s handling of incidents and calls for CloudFlare to act in the fight for a safer web. We will see how this unfolds, but regardless, we do hope that CloudFlare status and SpamHaus can find methods to combat spam and cybercrime together.
Summary
SpamHaus is disappointed in CloudFlare’s handling of incidents – the team behind SpamHaus says that CloudFlare should do more in the fight for a safer web and put in effort to provide a stronger response to reports of abuse and the like.
CloudFlare’s impact in keeping the world safe from cyberattacks and acting as the world’s leading CDN is hard to deny either and we’re sure that the team behind CloudFlare login does everything in their power to keep services fast and safe to use, but we do hope that CloudFlare finds ways to provide stronger responses to reports of this nature.
If you’ve enjoyed this blog, make sure to come back to our blog in the future to educate yourself on more security topics, follow us on X (Twitter), LinkedIn and Facebook, and until next time.
FAQ
What is CloudFlare Status?
CloudFlare is one of the most popular services offering a CDN appliance to make the web faster and more secure. Its services include a firewall (WAF), protection from all kinds of DDoS attacks free of charge, and more. CloudFlare plans start from 0$ a month (access is free), and the most expensive plan in this very moment is the Enterprise plan for enterprise-level protection.
What is SpamHaus?
SpamHaus is a company created to fight spam – SpamHaus provides safety-minded IP and domain reputation intelligence services and blocks spam for Internet Service Providers (ISPs) and email servers.
Why Should I Use BreachDirectory?
Consider using the BreachDirectory data breach search engine to be the first to know when your account is exposed in any data breach, use the BreachDirectory API to implement the data existing in the BreachDirectory database into your own software appliance, make sure to read our blog to stay updated in the cyber news space, and until next time.