# LunaNode being booted from SingleHop



## MannDude (Dec 21, 2013)

> [Luna Node] Important notice regarding all services
> 
> 
> SpamHaus Project Ltd., a company registered in London which maintains a
> ...


That's too bad. I like SingleHop and it's nice having a solid Chicago alternative to the rest.


----------



## zzrok (Dec 21, 2013)

That is a real shame.  What is the consensus on BurstNET?  Good?  Bad?


----------



## Amitz (Dec 21, 2013)

Compared to Singlehop? Quite shi**y...


----------



## MannDude (Dec 21, 2013)

Then again I think they were doing like 14 IP VPSes for $7/mo~... so I guess it's not a big surprise they may have attracted some not-so-good clients. Too bad.


----------



## lunanode (Dec 21, 2013)

We are migrating our clients who choose to remain with us to BurstNET PA scranton facility where we will own our own hardware, and be able to service our own equipment as opposed to leasing from Singlehop.

We have been a client of singlehop for three years and never had a problem with spam until we started offering low end VPS products, and although we complied with the abuse reports and immediately suspended the clients who allegedly have been sending bulk unsolicited emails, we are still being forced to have our account terminated.

Having done the research on spamhaus, although in theory I agree with what they are trying to do, but their practice of illegally blackmailing ISP to terminate client's accounts, when the client is also a service provider is simply unacceptable. Also especially when we have done our part to the best of our abilities by manually screening new accounts and considering blocking of all outgoing traffic on port 25 by default. Too bad at this point in time there is not any legal measure that can be taken to prevent this from happening.

With all that said, we see this as an opportunity and experiences like these will continue to add to our experience and help us to assist our clients better in the future.


----------



## drmike (Dec 21, 2013)

What 14 IPs in a package?  Why would anyone....

Lunanode is a member here... Hoping they say something.  Cause the letter calling SpamHaus illegal and all that jazz, wow, yeah, wrong bubba.  That might fly with newbie users.  Rest of us know SpamHaus has issues but illegal, ahh no. 

Burst is certainly a downgrade.


----------



## blergh (Dec 21, 2013)

See? Spamhaus is cancer and needs to be stopped. Fuck spamhaus.


----------



## perennate (Dec 21, 2013)

MannDude said:


> Then again I think they were doing like 14 IP VPSes for $7/mo~... so I guess it's not a big surprise they may have attracted some not-so-good clients. Too bad.


The additional IP addresses are in a /29 or /28 block, which I think isn't useful for spammers anyway. Almost all of the abuse came from clients with /30 (one useable IP) and /29 blocks. We already dealt with the issues and have instituted manual screening of new customers; yet SpamHaus is refusing to acknowledge any of our communications, despite us reiterating that we are willing to work with them.


----------



## perennate (Dec 21, 2013)

> Lunanode is a member here... Hoping they say something.  Cause the letter calling SpamHaus illegal and all that jazz, wow, yeah, wrong bubba.  That might fly with newbie users.  Rest of us know SpamHaus has issues but illegal, ahh no.


See http://www.quackpotwatch.org/opinionpieces/spamhausspewsaffidavit.htm for an explanation of which laws SpamHaus has repeatedly violated. Also note that E360 won a lawsuit against SpamHaus in 2011, although the legal fees ended up being more than the penalty SpamHaus was forced to pay. SpamHaus mostly targets small companies like us, and we don't have the money to pay for a lawsuit.

Edit: corrected A2B Internet -> E360. See http://en.wikipedia.org/wiki/The_Spamhaus_Project#e360_Lawsuit

The penalty was dropped from $11 million, to $27,000, and then to $3 on appeal.

Edit2: also I'd think it'd be the newbie users who don't understand the shady things SpamHaus does.

Edit3: and the reason the penalty was dropped was not because they didn't think SpamHaus did illegal things, but because E360 couldn't demonstrate that they had actually suffered as much of a loss to their revenue as what they claimed.


----------



## drmike (Dec 21, 2013)

"blackmailing ISP to terminate client's accounts, when the client is also a service provider is simply unacceptable"

How do they do that?  Threaten to list larger IP blocks / all of the provider's ranges?  Sounds effective to me   Don't want companies playing whack-a-mole with the migrating spammers.

When stuff like this happens I think of other plagued networks with spam. CC anyone?   They all seem to survive and inevitably accounts are shuttered and some folks shown the door... or their new IP ranges.

Sad that providers don't have better intergration with their upstream.  Applies to SPAM issues as well as the often used DDoS issue.


----------



## drmike (Dec 21, 2013)

perennate said:


> Almost all of the abuse came from clients with /30 (one useable IP) and /29 blocks


How many clients caused this issue?

Were you able to identify the clients?  Were their accounts and payments valid?


----------



## perennate (Dec 21, 2013)

> Sad that providers don't have better intergration with their upstream.  Applies to SPAM issues as well as the often used DDoS issue.


We communicated with SingleHop and with SpamHaus, but SpamHaus refused to delist the IP ranges despite our resolution of all issues and institution of manual screening of new customer data.



> How many clients caused this issue?


Primarily a single client who registered eight accounts from different IP addresses. We terminated all of the accounts and blocked the common subnet, as stated in the email.



> Were you able to identify the clients?  Were their accounts and payments valid?


The client was identified and we have not had further issues after blocking his subnet and disabling automatic provisioning for new clients. The names, addresses, and other information were most likely faked, although appeared legitimate. There is no indication that the payments were not "valid".



> How do they do that?  Threaten to list larger IP blocks / all of the provider's ranges?  Sounds effective to me   Don't want companies playing whack-a-mole with the migrating spammers.


We already curbed abuse with manual screening. We contacted SpamHaus and informed them we would also be willing to make further adjustments if they found the other policy changes insufficient. They are ignoring all of our communications.


----------



## jarland (Dec 21, 2013)

The spammer must have really been successful for it to come to this. Heavy handed as SpamHaus may be, they would be working toward their own irrelevance if a little spam caused them to start blacklisting such large subnets every day. After a while they would just be a list of subnets that, if subscribed to, would cripple the internet entirely. So I hope LunaNode has learned a lesson about policing outbound e-mail, as a provider you just have to monitor for high traffic of certain types and you have to open a dialogue, followed by port blocks if they don't respond soon, and eventual termination if they don't respond at all. Privacy and all that jazz is nice, but no one wants the kind of privacy that comes as "Your e-mails will be so private that they won't even reach anyone's inbox."

Best of luck to the guys.


----------



## perennate (Dec 21, 2013)

jarland said:


> The spammer must have really been successful for it to come to this. Heavy handed as SpamHaus may be, they would be working toward their own irrelevance if a little spam caused them to start blacklisting such large subnets every day. After a while they would just be a list of subnets that, if subscribed to, would cripple the internet entirely. So I hope LunaNode has learned a lesson about policing outbound e-mail, as a provider you just have to monitor for high traffic of certain types and you have to open a dialogue, followed by port blocks if they don't respond soon, and eventual termination if they don't respond at all. Privacy and all that jazz is nice, but no one wants the kind of privacy that comes as "Your e-mails will be so private that they won't even reach anyone's inbox."
> 
> Best of luck to the guys.


We have suspended all virtual machines where reports were received about spam within a few hours after receiving the report.


----------



## jarland (Dec 21, 2013)

perennate said:


> We have suspended all virtual machines where reports were received about spam within a few hours.


Spam can go on for weeks before reports. Monitor port 25 and open a ticket at x number of simultaneous connections. It's worth it.


----------



## drmike (Dec 21, 2013)

Oy vey!

You lads are getting spanked by one user's actions.  This is very unfortunate.

I agree with @jarland, sounds like a good heavy load of spam was involved here.

I ask about the subscribers because when/if stuff like this happens, there should be provider database for these users and to shame / block their future attempts.

Would be nice to see the garbage they were sending out.


----------



## perennate (Dec 21, 2013)

jarland said:


> Spam can go on for weeks before reports. Monitor port 25 and open a ticket at x number of simultaneous connections. It's worth it.


We'll try to work on that as an alternative to blocking outgoing traffic to port 25 by default. However SpamHaus doesn't seem to care either way, it's easier for them to just shut down small companies.

Either way, the same situation won't happen again with the disabled automatic provisioning for new clients.


----------



## DomainBop (Dec 21, 2013)

Are you positive that moving to BurstNet will solve your problems with Spamhaus?  If you don't convince them that you're innocent they'll probably blacklist any IP you move to since they've labeled you a "spam hosters / operation".

*SBL207665* *184.154.99.0/27* *singlehop.com* 15-Dec-2013 07:21 GMT lunanode.com spam hosters / operation  

*SBL207663* *173.236.82.176/28* *singlehop.com* 15-Dec-2013 07:09 GMT LunaNode sapm block  

*SBL207344* *108.163.229.224/28* *singlehop.com* 12-Dec-2013 05:07 GMT LunaNode spa block  

*SBL206962* *69.175.68.128/28* *singlehop.com* 08-Dec-2013 22:43 GMT LunaNode spam block  

*SBL206907* *173.236.14.32/28* *singlehop.com* 08-Dec-2013 19:25 GMT LunaNode spam block  

*SBL206845* *173.236.15.240/28* *singlehop.com* 08-Dec-2013 06:50 GMT LunaNode spam block


----------



## perennate (Dec 21, 2013)

DomainBop said:


> Are you positive that moving to BurstNet will solve your problems with Spamhaus?  If you don't convince them that you're innocent they'll probably blacklist any IP you move to since they've labeled you a "spam hosters / operation".
> 
> *SBL207665* *184.154.99.0/27* *singlehop.com* 15-Dec-2013 07:21 GMT lunanode.com spam hosters / operation
> 
> ...


The five records are related to the customer who registered multiple accounts. The first record is our web server, which doesn't send any email (we have a dedicated mail server outside of SingleHop LLC's network). We're not positive of anything since SpamHaus Project Ltd. is ignoring our communications, but presumably they won't blacklist our IP address blocks with BurstNET if no spam is sent.


----------



## lunanode (Dec 21, 2013)

Not certain, but that is a possibility that what you mentioned could happen. I discussed this with perennate, and if it does come to that, despite the preventative measures that we will take, as well as continuing to try to establish communication with spamhaus, we might just need to go with a new name : /


----------



## lbft (Dec 21, 2013)

perennate said:


> The five records are related to the customer who registered multiple accounts. The first record is our web server, which doesn't send any email (we have a dedicated mail server outside of SingleHop LLC's network). We're not positive of anything since SpamHaus Project Ltd. is ignoring our communications, but presumably they won't blacklist our IP address blocks with BurstNET if no spam is sent.


If they designate you a "spam operation" (as they seem to have done in one listing there) they will list any IPs they associate with you, regardless of any lack of actual spam.


----------



## mcmyhost (Dec 21, 2013)

perennate said:


> We'll try to work on that as an alternative to blocking outgoing traffic to port 25 by default. However SpamHaus doesn't seem to care either way, it's easier for them to just shut down small companies.
> 
> Either way, the same situation won't happen again with the disabled automatic provisioning for new clients.


Use FraudRecord, it's quite useful.


----------



## Francisco (Dec 21, 2013)

lbft said:


> If they designate you a "spam operation" (as they seem to have done in one listing there) they will list any IPs they associate with you, regardless of any lack of actual spam.


Yep.

I hope burst is informed of your policies because if you get any SWIP entries, Spamhaus may track them.

You could go with CC. They love spammers and doesn't afraid of anything.

Francisco


----------



## perennate (Dec 21, 2013)

mcmyhost said:


> Use FraudRecord, it's quite useful.


Manual screening has proven effective enough so far. We've informed SpamHaus of the changes we've made to our policies, but they haven't responded.


----------



## perennate (Dec 21, 2013)

lbft said:


> If they designate you a "spam operation" (as they seem to have done in one listing there) they will list any IPs they associate with you, regardless of any lack of actual spam.


It is ironic because that's the listing that is completely illegitimate. I'm glad they at least haven't blacklisted our mail server.


----------



## perennate (Dec 21, 2013)

> If you don't convince them that you're innocent they'll probably blacklist any IP you move to since they've labeled you a "spam hosters / operation".


Also I really don't know what else we can do to convince them. We've already informed them of the changes, especially the manual screening.  We've told them that we'd be happy to take additional actions if they deem what we've done so far to be insufficient. But they responded once and now seem to be ignoring our emails.


----------



## jarland (Dec 21, 2013)

Offer to buy them lunch, can't hurt.


----------



## drmike (Dec 21, 2013)

Francisco said:


> You could go with CC. They love spammers and doesn't afraid of anything.


You had to go there, ehh? 

Explain to me how CC goes on and on with Spamhaus listings and doesn't end up perma-listed on ranges?  I mean, everyone I know probably could find multiple email SPAMS that originated from their ASN.


----------



## perennate (Dec 21, 2013)

> I hope burst is informed of your policies because if you get any SWIP entries, Spamhaus may track them.


To what policies are you referring?



> You could go with CC. They love spammers and doesn't afraid of anything.


Well, we've terminated all spammers on our network and are manually screening new customer information.


----------



## DomainBop (Dec 21, 2013)

drmike said:


> Explain to me how CC goes on and on with Spamhaus listings and doesn't end up perma-listed on ranges?  I mean, everyone I know probably could find multiple email SPAMS that originated from their ASN.


The difference is CC owns its IP addresses and (eventually) terminates the clients Spamhaus has labeled as spammers and then Spamhaus gives CC a  pat on the back for helping keep the Internet safe from spam.  LunaNode doesn't have its own IP space and has been labeled as a spammer ("spam host / operation") by Spamhaus.  It would be much easier for LunaNode to clean up this mess if they owned their IP space because then their client would have been labeled the spammer and LunaNode would get a pat on the back from Spamhaus when they terminated the client.  As it stands now, Singlehop will be getting the pat on the back from Spamhaus for giving LunaNode the boot.


----------



## drmike (Dec 21, 2013)

So, the golden lesson is... Get your own IP space.


----------



## cubixcloud (Dec 21, 2013)

Having the number resources (PI Space) is really great but along with that are expenses and infrastructure costs to be considered.

I get Spamhaus has a mission and many people use them. But to label a provider as "spam host / operation" without concrete evidence is completely wrong. This could be construed as libel. But there are so many VPS/VPN/Hosting provider front companies out there that you really have to look at your customers.

Spamhaus has been threatening a lot of ISPs lately. IMO SingleHop should not have let Spamhaus bully them unless there is more to the story than meets the eye. If the provider doesn't stand up for legitimate customers that simply had issues then who will?


----------



## cubixcloud (Dec 21, 2013)

drmike said:


> So, the golden lesson is... Get your own IP space.


Easy enough if you can justify. Better hurry we are in Phase 3 for our region.


----------



## lbft (Dec 21, 2013)

cubixcloud said:


> IMO SingleHop should not have let Spamhaus bully them unless there is more to the story than meets the eye.


http://www.spamhaus.org/sbl/listings/singlehop.com

LunaNode wasn't the only source of SBL listings for SingleHop and it probably just reached a number where SpamHaus spanked them.


----------



## SkylarM (Dec 21, 2013)

cubixcloud said:


> Having the number resources (PI Space) is really great but along with that are expenses and infrastructure costs to be considered.


If you're large enough to apply for an ARIN IP block, you really have ZERO reason not to do so. Almost every datacenter I can think of will announce IP space free of charge if you don't have your own switch/router with a BGP session. Most DC's likely charge for the BGP session if you go that route, but are willing to announce your IP space free.

Costs of IPs are much cheaper direct with ARIN than through a provider, and gives you more control. I don't really see why anyone large enough to get IPs hasn't done so.

@Lunanode, GL with the move. Sucks to see Spamhaus do that to you. Hopefully their responses are just slow due to Christmas and such.


----------



## cubixcloud (Dec 21, 2013)

But just because you are large enough doesn't mean you should from a financial stand point. You can just as easily get space reallocated and you can announce anywhere long as you have an ASN with a LOA of course.

Yes, I agree the mileage varies with the costs per DC or upstream provider, however, there is more to it than just announcing your space. That's the easy part. That's why we have so many /24s deaggregated on the global routing table which is a discussion for another day. You need to also consider RFCs/BCPs.

The proper way to obtain IP space is to ask your provider -> ask your provider's upstream -> then finally ask ARIN if it's your region.


----------



## dcdan (Dec 21, 2013)

Have you tried nodewatch? Looks like you are running OpenVZ; nodewatch will stop all spammers in like 10 seconds.


----------



## Aldryic C'boas (Dec 22, 2013)

DomainBop said:


> The difference is CC owns its IP addresses and (eventually) terminates the clients Spamhaus has labeled as spammers and then Spamhaus gives CC a  pat on the back for helping keep the Internet safe from spam.


Heh, not quite.  Spamhaus is *very* well aware of CC's habit of knowingly selling ranges to spammers under the Velocity name.  Last I spoke with them on it, they're just debating what course of action to take on the issue.

Back on topic... Every now and then I hear some Spamhaus horror story, or get linked to a "read this to see why Spamhaus is evil" page.  And the first thought that always comes to mind is "This is the same Spamhaus I deal with?  The same guys that remove any SBLs we get within minutes of me dealing with the problem?  That will commonly email me directly about a problem rather than just issue an SBL?  The same folks that know me on a first name basis and have never once given us cause to complain?"

Eh, I dunno.  Just seems a bit surreal - like waking up one day to hear that De La Casas ended up a mass murderer or something.  That "Really?  _THAT_ guy?" feeling.


----------



## Francisco (Dec 22, 2013)

I used to deal with spamhaus during my DSN days. They were always reasonable, even when they knew Ed was playing games. For whatever reason they gave me an easy enough time and didn't hold it against us when we finally got the hell out of there.

I know it's a strong marketing tool, but you offering a /29+ with a VM for pennies isn't worth it. Spammers can't buy a /29 for $5, nevermind a /28 that you did for $7.50/month or something like that. Really, if they sign up and get 2 - 3 days of pure pound, they'll never charge back on you.

When we first opened up BuyVM on LEB we got a spammer signup within 24 hours. He was terminated 48 hours after that and never charged back. He never disputed it, argued it, made threats. He hit and run and our SBL was gone pretty quick, too.

Francisco


----------



## signius (Dec 22, 2013)

Legitimate businesses are becoming increasingly fucked off with Spamhaus & how they conduct their business.

I know a couple of people who run small UK ISPs &Spamhaus do not have a good or respected reputation among most ISPs due to their practices of blacklisting entire IP Blocks of an ISP without warning often, because of abuse from a single IP address. I am also told they are an absolute pain in the fucking ass to try and deal with & that they are technically ignorant on many issues.

I think they started out with good intentions but recently they seem to have got ideas above their station, just look up the recent thread of their unworkable nonsense bullshit ideas & trying to involve the UK government also.

I am not sure if there has been some management changes of late within Spamhaus but if there has they need to review things.


----------



## lbft (Dec 22, 2013)

Spamhaus does have a bit of a reputation for being very difficult to work with if they don't know you, but then again we _are_ only hearing one side of the story here. 

Either way I can't see any amicable resolution coming when they've already decided someone's a spam operation and when someone's threatened them with reporting to law enforcement/regulatory bodies.


----------



## Wintereise (Dec 22, 2013)

I dunno, I took a new network online last August.

They were initially trying to be very stern, but I explained our situation -- and verified that the client indeed got booted (This was ROKSO stuff, even), and they worked with me to remove us off the list. No bullshit, no nothing.

But yeah, moral of the story: own your IPs if IPs are prime commodity to your business.


----------



## serverian (Dec 22, 2013)

Why not those fuckers just list the whole damn internet and be done with it?


----------



## cubixcloud (Dec 22, 2013)

serverian said:


> Why not those fuckers just list the whole damn internet and be done with it?


0.0.0.0 to 255.255.255.255


----------



## perennate (Dec 22, 2013)

lbft said:


> Either way I can't see any amicable resolution coming when they've already decided someone's a spam operation and when someone's threatened them with reporting to law enforcement/regulatory bodies.


We did not threaten them to do that. We simply did it.


----------



## nunim (Dec 22, 2013)

perennate said:


> Also I really don't know what else we can do to convince them. We've already informed them of the changes, especially the manual screening.  We've told them that we'd be happy to take additional actions if they deem what we've done so far to be insufficient. But they responded once and now seem to be ignoring our emails.


So you've submitted a delisting request for http://www.spamhaus.org/sbl/query/SBL207665  and you've received no response?  I've always found them quite reasonable to work with and not prone to false positives like some of the other listing services.


----------



## SkylarM (Dec 22, 2013)

Spamhaus has always been good to us  They'd forward a complaint we'd suspend and reply/use their typical forms.


----------



## perennate (Dec 22, 2013)

nunim said:


> So you've submitted a delisting request for http://www.spamhaus.org/sbl/query/SBL207665  and you've received no response?  I've always found them quite reasonable to work with and not prone to false positives like some of the other listing services.


We've had this email exchange with them: https://www.lunanode.com/duWqmq8ANgGYJCmH.html

IMO we haven't really received any meaningful replies.


----------



## Aldryic C'boas (Dec 22, 2013)

Trying to get listing removed _en masse_ is one of the reasons you're having problems.  You should be using the provided links for each SBL to email about the individual cases.


----------



## perennate (Dec 22, 2013)

Aldryic C said:


> Trying to get listing removed _en masse_ is one of the reasons you're having problems.  You should be using the provided links for each SBL to email about the individual cases.


We sent emails about some of them like the listing of our web server. We have not received a response to any of those.

Since we do not own these IP addresses, generally SingleHop contacts them individually. We are listed on SWIP though.

At this point do you think we should still email about each case? Because we'd be sending the same thing for each one.


----------



## Aldryic C'boas (Dec 22, 2013)

Did you receive the auto-responder replies from their mail sorting bot?


----------



## perennate (Dec 22, 2013)

Aldryic C said:


> Did you receive the auto-responder replies from their mail sorting bot?


Yes.


----------



## Aldryic C'boas (Dec 22, 2013)

Hmm, odd indeed.  In a decade of working with them, it is exceedingly rare that I had to wait more than an hour for a reply.

I saw it mentioned a few times that this wasn't your IP space, but it was being leased to you?  Makes one wonder if the IP space was already dirty, or had past issues, and you're inheriting that mess as well.  Keep in mind that there several notorious companies using 'front' names to sell to spammers and avoid getting themselves dirty (ColoCrossing->Velocity is a very good example of this;  DirectSpace is another example).  I bring them up just to point out that Spamhaus has to deal with "we didn't know it was a spammer - really" excuse pretty regularly, and it's very possible that they're trying to dig deeper to see what's really going on.

Selling IP blocks isn't helping you either - looking at those SBLs, all the IPs are sequential.  All it's going to take is a single spammer to make it look like you knowingly resell blocks to shady folks.  Also worth keeping in mind that the listing is for SingleHop directly - Spamhaus may be expecting them to get involved, since the IP space is in their name.  It's worth getting with SingleHop directly, explaining to them all the steps you've taken, and asking them to step forward as well.  If they do, it'll likely help out a great deal.  And if they refuse?  You have no reason to stay with them anyway.

Folks are right though - you need your own IP space.  Then even if you have to deal with persistent SBLs, you won't be getting eviction notices over it.


----------



## Reece-DM (Dec 22, 2013)

Did all of this start once you were featured on LEB? Just curious...


----------



## Setsura (Dec 22, 2013)

Reece said:


> Did all of this start once you were featured on LEB? Just curious...


Presumably:



lunanode said:


> We have been a client of singlehop for three years and never had a problem with spam until we started offering low end VPS products


----------



## Francisco (Dec 22, 2013)

Aldryic C said:


> Hmm, odd indeed.  In a decade of working with them, it is exceedingly rare that I had to wait more than an hour for a reply.
> 
> I saw it mentioned a few times that this wasn't your IP space, but it was being leased to you?  Makes one wonder if the IP space was already dirty, or had past issues, and you're inheriting that mess as well.  Keep in mind that there several notorious companies using 'front' names to sell to spammers and avoid getting themselves dirty (ColoCrossing->Velocity is a very good example of this;  DirectSpace is another example).  I bring them up just to point out that Spamhaus has to deal with "we didn't know it was a spammer - really" excuse pretty regularly, and it's very possible that they're trying to dig deeper to see what's really going on.
> 
> ...


Just as you say that.....

http://www.spamhaus.org/sbl/query/SBL208547

http://www.spamhaus.org/sbl/query/SBL208537

Fran


----------



## SrsX (Dec 22, 2013)

Francisco said:


> Just as you say that.....
> 
> http://www.spamhaus.org/sbl/query/SBL208547
> 
> ...


The irony.


----------



## DomainBop (Dec 22, 2013)

Francisco said:


> Just as you say that.....
> 
> http://www.spamhaus.org/sbl/query/SBL208547
> 
> ...


/18 muchos IPs muchas gracias Spamhaus



> 198.46.192.0/18 is listed on the Spamhaus Block List - SBL 2013-12-22 18:44:24 GMT | velocity-servers.net snowshoe spam range
> 
> 
> 
> ...


----------



## Francisco (Dec 22, 2013)

you should bold the 'again'

Francisco


----------



## perennate (Dec 22, 2013)

Aldryic C said:


> Trying to get listing removed _en masse_ is one of the reasons you're having problems.  You should be using the provided links for each SBL to email about the individual cases.


This may have worked. I'm not sure yet, as our webserver is still listed despite in not sending spam. I'm not sure why they only replied to the ones I sent today, and not the ones a few days ago, maybe someone else started handling it.


----------



## perennate (Dec 22, 2013)

SpamHaus Project Ltd. appears to have additionally delisted our web server block. I don't see any further blocks listed. I will not confirm any changes in the status yet as we are still communicating with SingleHop LLC.

I am regaining trust in SpamHaus but they still have a ways to go, this caused us and I'm sure our customers as well a lot of frustration.

Note that either way I believe we (Luna Node) will be proceeding to offer services is Scranton in BurstNET's facility with owned equipment (and hopefully our own IP ranges);  ideally this will be an additional location and not a migration!


----------



## jarland (Dec 22, 2013)

Watching with much interest.


----------



## drmike (Dec 22, 2013)

perennate said:


> Note that either way I believe we (Luna Node) will be proceeding to offer services is Scranton in BurstNET's facility with owned equipment (and hopefully our own IP ranges);  ideally this will be an additional location and not a migration!


Now that's more like it 

Glad to hear this.


----------



## Francisco (Dec 23, 2013)

perennate said:


> To what policies are you referring?


Sorry, this is a late reply but figured I'd explain what I meant.

You need to make sure they know what issue happened in the past and what you have done to improve it. The best thing you can do in situations like this is make sure your upstreams know exactly what's coming.

Anyone we've ever done business with we warn them that we ddos attacks do happen and we have things like autonull, etc, to help with it. If they can't assist with nullroute communities or things like that we stop talking to them.

If you're upfront then they'll be more inclined to not chew your face off.

Francisco


----------

