Who is Sebastian Foss, and Why Does Spamhaus Say He's Using My IP?

peter's picture

I was just trying to make a rather friendly comment on a blog I sometimes follow and was blocked by their new spam-prevention software.  It gave me the message to click one link to understand why, then click another link, then finally, I was told that my IP address range has been used repeatedly by Sebastian Foss.  To quote from the spamhaus.org website page I was served: is listed on the Spamhaus Block List (SBL)

12-Apr-2009 07:47 GMT | SR01

Register Of Known Spam Operations (ROKSO)

Spam Operation: Sebastian Foss is listed on the Spamhaus Block List as being assigned to, being under the control of, or otherwise providing service to a professional spam operation listed on the ROKSO database as 'Sebastian Foss'

Spam Source

Source of spam and proxy hijacking. The following IP addresses, which are part of this /24 range, are being used by a professional western-based spammer called Sebastian Foss. Foss has gained control of these IP addresses, either by infecting computers or by buying service from a local Philippines firm which allows him to spam. Spamhaus has many reports of spam being sent from these IP addresses by Sebastian Foss.

Sebastian Foss operates from:


Notes for globenet.com.ph Abuse/Security

A listing in the ROKSO database means that this spammer has already been terminated by a minimum of 3 Internet networks for AUP violations. ROKSO spammers are professional spammers who will use every trick to try to stop you from terminating them. Please do not allow your network to be a haven for ROKSO spammers, doing so puts your network in the position of "Knowingly providing Spam Support Service". See: ROKSO records for Sebastian Foss

Removal Procedure

As this is a known professional spam operation, it is important that all service to the Sebastian Foss spam operation be terminated before this listing can be removed from the SBL. There can be no functioning web site, mail or DNS server still serving the spam operation in

To have record SBL68817 ( removed from the SBL, the Abuse/Security representative of globenet.com.ph (or the Internet Service Provider responsible for connectivity to needs to contact the SBL Team to advise how the spam problem has been terminated.

If you are a representative of globenet.com.ph, you also need to see this:
Current globenet.com.ph SBL Listings


So I googled this name Sebastian Foss, and as best I can tell, he's a German who also goes by the name Robert Meyer, selling get-rich-quick schemes using pseudo-fake software downloads.  Is this guy actually in the Philippines, or is it more likely that some sucker who bought one of his products is spamming Foss's advertisements? I'm using globe broadband from Dumaguete, which I know gives me a different IP every time I turn on the modem.


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

We're experiencing the same.

We're experiencing the same. Did you somehow find a solution on this?.

sort of

 We also have SmartBro - so whenever I get that problem I have to switch to the SmartBro.  That's sort of a solution, I guess... 

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.