Hi, @inajob, Spamhaus doesn’t recognize that Netlify is a web hosting service. We offer free webhosting and people do create phishing sites with our service. We take them down when reported but malicious sites are a reality for every web hosting company.
Each time a subdomain of
netlify.app is flagged as phishing Spamhaus adds the apex/bare/root domain of
netlify.app to their domain block list. They do this even though this is different than the domain name used for the phishing.
Taking this shortcut and reporting the apex domain makes things easy for Spamhaus. They only have to keep track of the apex domain, even if the apex domain isn’t the actual bad actor. They oversimplify reality.
However, this isn’t accurate or helpful has it then blocks millions of sites instead of just one phishing site. It doesn’t directly affect Spamhaus though so it is of little concern to them.
Again, this makes things easy for Spamhaus but hard for Netlify. How does someone appeal this behavior at Spamhaus? Answer: No one can!
There is no appeal process at Spamhaus. Sure, there is a web form but there is no way to get them to change this false reporting of the apex domain for a phishing site on a subdomain.
There is no way to talk to anyone at Spamhaus about this. They keep adding our domain and we keep submitting removals from the DBL. However, this is all automated systems and speaking to a person is impossible. I know. I’ve tried.
As much as Spamhaus has the best of intentions, I consider them flawed and unfair in their real world practices. All I want them to do is accurately reflect reality, but reality is complex and doing so takes more effort than their current gross oversimplification does.
(Does it show that I’m bothered by their behavior?)
If there are other questions about this, please let us know.