Cloudflare, known for its content delivery service (CDN), is facing criticism for its policy in combating Internet abuse. Spamhaus expresses concern regarding Cloudflare’s approach to managing abuse and urges the company to review its existing measures.
For many years, Spamhaus has been monitoring how attackers utilize Cloudflare services to conceal their actions. A list of Spamhaus blacklist (SBL) includes 1201 unresolved cases, with 10.05% of domains listed in the Domain Blocklist (DBL) using Cloudflare servers, indicating potential spam or fraudulent activities.
Research indicates that websites advertising services for cybercriminals often operate on Cloudflare servers. Domains offering “Bulletproof Hosting” are frequently hosted on Cloudflare, along with other cyber resources like forums for selling stolen data and conducting DDOS attacks.
Cloudflare’s abuse management policy states that the company cannot remove content as it is not a hosting provider. Instead, Cloudflare redirects abuse complaints to the site owners and hosting providers. However, Spamhaus argues that this approach is flawed as it allows attackers to hide behind Cloudflare services and disregard abuse notifications.
Spamhaus suggests Cloudflare should cease providing services to attackers upon receiving evidence of their illicit activities, including suspending their operations.
Cloudflare’s system enables users to utilize memorable domain names rather than complex numerical IP addresses when accessing resources on the Internet.