Amazon EC2 email blocked by antispam group Spamhaus

Amazon's entire U.S. EC2 operation has been branded as spam, and mail traffic out of EC2 is grinding to a halt.

Real-time blacklist (RBL) provider Spamhaus has listed all U.S. EC2 IP addresses as spam. They say they need to hear from Amazon to resolve the issue. In the meantime, AWS users are reporting stiff struggles to get legitimate email traffic out of the cloud.

More on Amazon EC2:
Amazon EC2 attack prompts customer support changes

Medical researcher taps HPC on-demand service over Amazon EC2

Spamhaus is one of the largest and most used RBLs in the world. ISPs, email servers, networking devices, antispam appliances and applications all rely on it for constantly updated lists of worldwide IP addresses that are generating spam. Once an IP address is listed, most of the computing world will automatically reject any mail traffic from it as spam.

Spamhaus requires that the owners of any listed IP addresses personally contact the organization and justify why they should be delisted.

"Our policy for delisting is that the spam has to stop," said an email from Spamhaus CIO Richard Cox, "and our editors must be convinced it is unlikely to restart when the listing is removed." He explained that the offender, a 'warez' spammer who was sending viruses, phishing attacks and spam advertising, appeared to be using any number of IP addresses from EC2 locations within the United States, so Spamhaus had no choice to list the entire address block as a culprit.

This is affecting ALL EC2 customers sending mail. Get off your high horse and work with Spamhaus on this.
A frustrated AWS forum member,
"The same abuser has exploited Rackspace's Slicehost in a very similar way, and that had to be listed in the SBL as a result," said Cox. Rackspace, however, operates under slightly different policies than AWS. Cox said that Rackspace worked closely with Spamhaus to isolate the traffic. AWS has a 'hands-off' approach to users of its EC2 services. It guarantees no protection except uptime and takes no responsibility for its users' actions, although it will remove users that violate its Terms of Service.

"This problem seems to be caused by one single abuser, who may well have found an exploit giving him or her access to resources in the cloud," said Cox. The exploit appeared to range widely across various subnets in EC2. Until he could be sure that the exploit or originator of the traffic had been identified and quashed, he couldn't remove the blacklisting.

In the mean time, EC2 users are getting increasingly irritated with the widespread failure of email delivery from applications and servers hosted with AWS. An AWS forum member affected by the blacklisting responded to a suggestion that he use a third-party SMTP relay with ire.

" 'Amazon does not get'll have to find a workaround' -- that's unacceptable," he wrote. "This is affecting ALL EC2 customers sending mail. Get off your high horse and work with Spamhaus on this."

An Amazon support representative said, in reply, that they were working with Spamhaus as fast as possible to resolve the malicious traffic.

"We are treating this with high priority," he said.

Carl Brooks is the Technology Writer at Contact him at [email protected].

Dig Deeper on AWS business applications