Suomispam is a reputation database for IP addresses deemed likely to send spam in the Finnish language.
Large global blacklists do not always have a good coverage of smaller countries and linguistic areas. That coupled with increasing levels of Finnish spam have created the need to improve collection and distribution of reputation data about the senders of Finnish spam.
Note that Suomispam by itself does not block email or operate a database of personal data. It only provides a list of IP addresses that we consider probable sources of Finnish spam. Operators of mail servers may or may not use that information to block the actual messages.
We consider spam to mean UBE, i.e. unsolicited bulk email. If the message was unsolicited and bulk email, it is spam. It is not relevant to this definition wether the sender is breaking an actual law in his/her country.
Note that if the recipient is a named person (even if in someone's employment), unsolicited spam is illegal in Finland most of the time.
We often notify the operator of the network about spam causing the listing, but that may skipped if we feel they likely do not care.
The plan is to start sending explicit notifications of Suomispam listings to registered abuse addresses in the future, but currently such explicit notifications may or may not be sent.
The type of sending host is estimated before a listing. If the sending host is deemed suspicious and/or spam focused, the listing may be immediate. If the sending host is a shared mail server with likely significant non-spam-related use, we give the operator some time to fix the problem.
If an operator is known to support spam or if they have previous listings, we reserve the right to list addresses immediately.
Neighboring IP addresses may be listed if they appear to be related to the primary listed IP address and likely sources of similar spam.
We treat IPv4 and IPv6 addresses the same.
A host is placed on the secondary gl.suomispam.net gray list if the host is a source of significant (compared to amounts of spam) non-spam email that would be unduly harmed by the main list. This would typically include outbound mail servers of major isp's if they refuse to terminate spamming customers. The purpose of the secondary list is to aid in spam scoring and should only be used in conjunction with other scoring criteria.
IP addresses will be delisted once we believe the spam problem has been dealt with. Usually a notification by the operator about clearing the problem is sufficient. Egregious cases of spam may require proof that the flow of spam has actually stopped. If the operator continues to provide support services (such as webhosting) for the spammer, delisting might be delayed as a safety precaution.
Old listings may be rechecked every now and then and delisted if they no longer seem to be likely sources of spam.
We believe that currently all listings have to do with spam that in addition to being UBE is also illegal in Finland. We reserve the right to list even legal spam senders if that were to become a major problem in the future. So far we have not found need for that since legal Finnish spam is practically nonexistent at the moment.
Especially using a bought address list is practically illegal. To our knowledge there are no Finnish email address lists available that would be legal to use for direct marketing as is.
Note: this is not legal advice and we urge you to consult your attorney for any legal advice. In the end the courts are the final test for ruling if something is illegal or not. With spam the process can take several years and therefore we do not bind ourselves to that but instead use our own judgment to provide reputation data of UBE instead of legal verdicts.
A typical Finnish spam violates one or more of these conditions:
SVTL forbids spam without prior permission or customer relationship to natural persons. Sending marketing to a company is permitted if the company has not forbidden it and if all other requirements are met.
The act requires that the sender always provide clear instructions on how to forbid further direct marketing. The messages have to contain the identity and contact information of the sending party. The messages also have to be clearly recognizable as direct marketing.
Note that 29 § explicitly allows operators to filter all direct marketing, even if sent legally.
If the sender of bulk email has a list of email addresses which contain any names at all (for example firstname.lastname@example.org), the address list forms a register of personal information.
Therefore the sender is legally bound to maintain a description of the register containing the register's owners/maintainers and/or representatives full identity and contact information, description about the purpose of the register, description of the registered persons and information, description of where records are given and if they are transported outside the EU or EEA, and description about how the register is protected.
The description of the register has to be made generally available and in most cases (especially with direct marketing) the description has to be sent to the Data Protection Ombudsman 30 days before starting collecting or using records. So if a company bought a list of email addresses and did not provide a proper description for the authorities 30 days prior, they are in violation.
All messages must contain information identifying the used register (Public registers and Internet is not the name of a valid personal data register) and notification about the register must be sent to people whose information is processed. The operator of the register is in charge of making sure all the data is valid and current. Processing old email addresses is therefore illegal and for example mails hitting spamtraps is a proof of violation.
Operating a register of personal information is a fairly complex task that requires a lot of legal knowledge. Most of the time people who operate or sell email address lists are blatantly in violation of this act. The maximum sentence for a personal register violation is 1 year in jail.
The main list of Suomispam is available for normal light use as a DNSBL. Just point whatever software you use to bl.suomispam.net.
The secondary list containing spam sources with significant non-spam use are listed in they gray list gl.suomispam.net. It should not be used for direct blocking of email, but it is aimed to be useful for scoring likely spam.
In addition to IP listings, we also provide a domain blocklist dbl.suomispam.net. It can be used to check for domains known to be related to spammers / used in spam.
At the moment the only way to contact Suomispam is to send email to email@example.com.