# Spamhaus listing us for being listed and will not remove listings now?



## coreyman (Sep 12, 2015)

So we've got reports from Spamhaus and taken care of them promptly every time. Mostly the reports are about 'tinba botnet controllers' and I think this is some clients machines being compromised. The other day I got a report that one of our /24s had been listed so I checked it out and here is the link.

http://www.spamhaus.org/sbl/query/SBL269077

They listed our range because we had reports back in May, but have only had 4 reports in the last two months. So I emailed them with this.



> I'm sorry I dont understand what this report is? I took care of all of
> the offending 'botnet controllers' and everything else listed and you
> listed my ranges again for the same reason?




```
[SIZE=12px][FONT=arial]They replied with this. 
I want to know how in the hell they can legally be judge jury and executioner? Good ole' CC obviously got special treatment, did they pay them off? Is this Spamhaus trying to extort me? 
Keep in mind I have much more ip space, and they only listed the /24 that my VPS customers are on.
[/FONT][/SIZE]
```



> ```
> [SIZE=12px][FONT=arial]Hello
> 
> I'm afraid, too much repeated abuse from your IP space.
> ...


Spamhaus removal procedure per their website -



> To have record SBL269077 (104.255.96.0/24) removed from the SBL, the Abuse/Security representative of bitaccel.com (or the Internet Service Provider responsible for supplying connectivity to 104.255.96.0/24) needs to *contact the SBL Team* by email (use this link) to explain how the abuse problem has been terminated (we need to know exactly how the issue has been dealt with and that this abuse problem is fully terminated). If the abuse problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.


They are only listing /27s, /28s, and /29s of single offenders over at softlayer.com? They don't have a single /24 listed and they are #1 on the top 10 worst offenders.


----------



## Licensecart (Sep 12, 2015)

We need a new BlackListing service to take over from SpamHaus, they are great but if you are taking action and fixing it I don't see why they won't remove them from their lists. You aren't Colo-Crossing.

Tweet the douche: https://twitter.com/thomasspamhaus


----------



## Robert (Sep 12, 2015)

I hate Spamhaus, only one previous listing, and they've listed 3 of our ranges. Absolute joke of a company, can't even be bothered to respond to our emails.


----------



## tburke (Sep 12, 2015)

Spamhaus is one of the better blacklists around, they don't just blacklist people for no reason. Keep your shit clean and you won't have a problem.


----------



## HBAndrei (Sep 12, 2015)

It's bad from either side if you look at it.

From the blacklist's perspective, if an IP or range keeps getting blacklisted and they keep removing it then it pretty much defies the purpose of the blacklist, since spam will go through every time it gets delisted.

While from a provider's perspective with all the spam prevention methods some clients will still find ways to do it, and the IP ends up being blacklisted, even if you terminate the client you're still left with a tainted IP or range.


----------



## MannDude (Sep 12, 2015)

Spamhaus isn't perfect but I do applaud their efforts. I do hope this can be resolved though timely. Dealing with blacklists and similar items from various sources is now an administrative overhead for any company in the industry, as tedious and annoying as that can be. (Especially when response and corrective action on their ends aren't taken as quickly as you'd like).

Best of luck and let us know how it goes.


----------



## coreyman (Sep 12, 2015)

Well while some points I agree with you guys you have to look at it another way. A TINBA Botnet controller is not in any way an email spam delivery method and now my clients are getting mails bounced because that range is listed in the SBL due to tinba botnet controllers.



> Spamhaus is one of the better blacklists around, they don't just blacklist people for no reason. Keep your shit clean and you won't have a problem.



We did keep our shit clean by responding to every SBL record in a timely manner. Then they listed us for being listed.....


----------



## Robert (Sep 13, 2015)

coreyman said:


> Well while some points I agree with you guys you have to look at it another way. A TINBA Botnet controller is not in any way an email spam delivery method and now my clients are getting mails bounced because that range is listed in the SBL due to tinba botnet controllers.
> 
> 
> 
> ...


Pretty much the same experience I had/am having.


----------



## joepie91 (Sep 13, 2015)

tburke said:


> Spamhaus is one of the better blacklists around, they don't just blacklist people for no reason. Keep your shit clean and you won't have a problem.



Certain people keep claiming that. Yet there are frequent (very plausible) stories from people having issues getting Spamhaus to respond reasonably - or even respond at all. So how does that work?


----------



## HN-Matt (Sep 13, 2015)

The nightmare of petty, corrupt email traffic cops. Better send that $20 PayPal payment to whitelist.douchebag or they might just hold _your entire /24_ hostage for who knows how long. Seems like another one of those areas of contemporary idiocracy where its hard to determine if the situation is more hilariously pitiful than genuinely irritating.


----------



## coreyman (Sep 13, 2015)

Well I replied with the following yesterday.



> So 4 reports in the past two months is 'too much' to get delisted? I'm
> really confused now as we have people like colocrossing with TONS of
> reports and you've delisted their entire IP space.
> Your policy states
> ...


 Mr Thomas Morrison replied with this.



> Hello
> 
> I'm afraid, we can't help you at the moment.
> 
> ...


So now I am royally fucked. I'm going to have to renumber all of the clients that complain and who knows how many of them I am going to lose due to this.

Edit: Actually there goes the first client that complained 1d 12h ago. They just put in a request to cancel their service.


----------



## Licensecart (Sep 13, 2015)

Quote said:


> I'm afraid we can't help you at the moment.


Something you'd expect to hear from a bunch of school kids… Sorry we can't help you I need permission from my mum and dad, or sorry we can't help you at the moment because I need a system administrator to fix it for us.

You should get them to contact *S*illy *B*astard *L*owlifes or refund them and invoice the "SBL" for the loss.


----------



## HN-Matt (Sep 13, 2015)

Silly Bastard Lowlifes? But I thought SpamHaus was an esteemed pillar of the spam fighting community!

Good Heavens, do you mean to tell me they are not as reputable as Barracuda when it comes to petty traffic stops?


----------



## RLT (Sep 13, 2015)

Snowshoe, spammers and botnets?

Sounds like c a while back.


----------



## coreyman (Sep 13, 2015)

> Snowshoe, spammers and botnets?
> 
> Sounds like c a while back.



Except we took care of the issues upon receipt.


----------



## jarland (Sep 13, 2015)

joepie91 said:


> tburke said:
> 
> 
> > Spamhaus is one of the better blacklists around, they don't just blacklist people for no reason. Keep your shit clean and you won't have a problem.
> ...


I don't know. I see it too. I also have dealt with them several times in my various roles and never found them to be unfriendly or unreasonable in conversation. I don't want to say that anyone's story isn't legitimate, I've no doubt a history of being well received in such venues where others are not, surely it is about how you speak to them above all else. My attitude has always been "Thanks for helping us identify these problems, here's what I've done to resolve it."


----------



## Nick_A (Sep 14, 2015)

SBL = terminate. Keeps things simple with SpamHaus.


----------



## Coastercraze (Sep 14, 2015)

> SBL = terminate. Keeps things simple with SpamHaus.



Yup that's about the jist of it. Guess it depends on who you deal with.


----------



## Licensecart (Sep 14, 2015)

HN-Matt said:


> Silly Bastard Lowlifes? But I thought SpamHaus was an esteemed pillar of the spam fighting community!
> 
> Good Heavens, do you mean to tell me they are not as reputable as Barracuda when it comes to petty traffic stops?



looks like it mate, I used to support them, but if ColoCrossing can get away with it and they are the hellhole of Hosting, when someone tries to prevent it and work with them, they act like a bunch of tossers they loose my respect


----------



## joepie91 (Sep 14, 2015)

jarland said:


> joepie91 said:
> 
> 
> > tburke said:
> ...


That really shouldn't matter. Their supposed job is to prevent spam - not to be judge, jury and executioner on somebody's writing style. If they cannot handle complaints in a _neutral _manner (ie. results-oriented, rather than judging by personality as they seem to be doing), then they are not doing their job well.

The e-mail from Spamhaus that Corey quoted above, assuming that it is not being misrepresented, is absolutely unacceptable and unprofessional.


----------



## lbft (Sep 14, 2015)

Quote said:


> Certain people keep claiming that. Yet there are frequent (very plausible) stories from people having issues getting Spamhaus to respond reasonably - or even respond at all. So how does that work?


Very plausible? Almost all of those stories come from people I wouldn't trust to run a clean network.


----------



## joepie91 (Sep 14, 2015)

lbft said:


> Quote said:
> 
> 
> > Certain people keep claiming that. Yet there are frequent (very plausible) stories from people having issues getting Spamhaus to respond reasonably - or even respond at all. So how does that work?
> ...



I've seen e-mail threads.


----------



## Munzy (Sep 14, 2015)

I still don't understand why providers don't install fail2ban, and unattended-upgrades by default.


----------



## rds100 (Sep 14, 2015)

Fail2ban by default is likely to result in customer complaints / support desk nightmare from customers who fail to type correctly their passwords. But unattended-upgrades by default sounds reasonable.


----------



## Munzy (Sep 14, 2015)

> Fail2ban by default is likely to result in customer complaints / support desk nightmare from customers who fail to type correctly their passwords. But unattended-upgrades by default sounds reasonable.



The thing is, so what if fail2ban blocks them initially. In the long run it makes by far more sense to have. That way you aren't having to spend time cleaning up a compromised vm, reporting to authorities, dealing with spamhaus, etc. It just makes sense. The other great thing about fail2ban is it isn't idiotic. A simple reboot will generally clear the listing, and it would protect at least a little from initial weak password combos.


----------



## AuroraZero (Sep 14, 2015)

This may be a stupid question but did these ips happen to belong to someone else before they were swiped to you? If that is the case they may have been listed more times then you know of, and this may be the problem.


----------



## mitgib (Sep 14, 2015)

Munzy said:


> > Fail2ban by default is likely to result in customer complaints / support desk nightmare from customers who fail to type correctly their passwords. But unattended-upgrades by default sounds reasonable.
> 
> 
> 
> The thing is, so what if fail2ban blocks them initially. In the long run it makes by far more sense to have. That way you aren't having to spend time cleaning up a compromised vm, reporting to authorities, dealing with spamhaus, etc. It just makes sense. The other great thing about fail2ban is it isn't idiotic. A simple reboot will generally clear the listing, and it would protect at least a little from initial weak password combos.


https://www.serverping.net/clients/cart.php?a=confproduct&i=1 intergrates with WHMCS and WHM with csf installed so clients can unban themselves


----------



## coreyman (Sep 14, 2015)

> This may be a stupid question but did these ips happen to belong to someone else before they were swiped to you? If that is the case they may have been listed more times then you know of, and this may be the problem.



ARIN assigned these ips to us at the beginning of this year.



> > Fail2ban by default is likely to result in customer complaints / support desk nightmare from customers who fail to type correctly their passwords. But unattended-upgrades by default sounds reasonable.
> 
> 
> 
> The thing is, so what if fail2ban blocks them initially. In the long run it makes by far more sense to have. That way you aren't having to spend time cleaning up a compromised vm, reporting to authorities, dealing with spamhaus, etc. It just makes sense. The other great thing about fail2ban is it isn't idiotic. A simple reboot will generally clear the listing, and it would protect at least a little from initial weak password combos.


What does fail2ban have to do with spamhaus being non supportive?


----------



## DomainBop (Sep 14, 2015)

Quote said:


> They listed our range because we had reports back in May, but have only had 4 reports in the last two months.


12 reports, including 2 escalations on that one /24 in the past 4 months is quite a bit, and even if Spamhaus removes that SBL a large percentage of your customer's emails are still going to be blocked in many places because the reputation of most of the IPs on that /24 is absolute shit at SenderBase:  http://www.senderbase.org/lookup/?search_string=104.255.96.0 .  Looking at another of your blocks 104.255.98.x , I'd be shocked if the 50+ IPs used for *.whiterteeth.com subdomains aren't being used for either email spam or comment spamming.


----------



## coreyman (Sep 14, 2015)

> Quote said:
> 
> 
> > They listed our range because we had reports back in May, but have only had 4 reports in the last two months.
> ...



In the past two months there have been 4 reports total on that 96.x range. Of course the reputation is going to be absolute sht, we are listed in the SBL!!

IF you haven't noticed, most of those reports are for TINBA BOTNET controllers. These do not emit email spam.


----------



## DomainBop (Sep 14, 2015)

coreyman said:


> > Quote said:
> >
> >
> > > They listed our range because we had reports back in May, but have only had 4 reports in the last two months.
> ...


Spamhaus tends to take a longer term view of IP SBL reports for an IP block or network operator than just the past 2 months ,so when they decide to escalate they'll usually look back at the cumulative SBL history over the past 6-12 months.


----------



## coreyman (Sep 14, 2015)

> coreyman said:
> 
> 
> > > Quote said:
> ...


So after spamhaus finally decides to send over all the tinba botnet controller reports all on the same day, then they escalate you for botnet hosting right after, and then you get listed ~ 3-4 months later it's an automatic range blacklist time with no redemption? Seems legit.


----------



## RLT (Sep 14, 2015)

yep that whiterteeth.com home page looks real legit. Placeholder type of page with 50 sub-domains..

To be on a SBL that 54% increase in email volume is interesting. Add in the 5 + average for the past month. My they're busy little typers aren't they.

I wonder what viber-marketing.info is?


----------



## Munzy (Sep 14, 2015)

> > This may be a stupid question but did these ips happen to belong to someone else before they were swiped to you? If that is the case they may have been listed more times then you know of, and this may be the problem.
> 
> 
> 
> ...


Nothing really, it is in regards to the fact that many of the listing on spamhaus are because of exploits and compromised servers. It was a way to help prevent it.


----------



## coreyman (Sep 14, 2015)

> > > This may be a stupid question but did these ips happen to belong to someone else before they were swiped to you? If that is the case they may have been listed more times then you know of, and this may be the problem.
> >
> >
> >
> ...


I already have some things in place that prevent tons of connections to a single ip address, and nodewatch tests passwords, so idk.


----------



## Munzy (Sep 14, 2015)

> I already have some things in place that prevent tons of connections to a single ip address, and nodewatch tests passwords, so idk.



I'm not saying you don't. One of the big flaws I always saw with openvz were there crappy templates, that didn't have as good of decisions being made. I guess I would run things differently if I was running them.


----------



## coreyman (Sep 15, 2015)

Just an update. I sent this.



> When will you be able to help us? Look, we have lots of customers
> waiting on this listing to be removed. What do we need to do on our end
> to fix this?


Thomas replied with.



> Hello Corey
> 
> Since this is already the second (!) escalation listing due to massive
> botnet hosting, I doubt that we will be able to remove this listing in
> ...


So I guess two botnet reports in the past two months is considered 'massive botnet hosting'.


----------



## Gary (Sep 15, 2015)

> So I guess two botnet reports in the past two months is considered 'massive botnet hosting'.



It doesn't say two is massive, it says there were two which were massive. Whether they were or not is another matter, of course.


----------



## DomainBop (Sep 15, 2015)

coreyman said:


> Just an update. I sent this.
> 
> 
> 
> ...


To get yourself back in their good graces the next time you contact them you should tell them what you've done to prevent it from happening again, i.e. _"We implemented xyz monitoring to detect/prevent botnets..."_, _"We implemented xyz during registration to reduce the number of abusive clients signing up..."_, etc.  Spamhaus is also like google and expects you to kiss their ass in all communications (even when it is entirely their fault) so don't lose your temper when communicating with them...

----------------------

Semi off-topic, Spamhaus (finally) went after a lot of the crap on AWS today (AWS has been a huge source of crap over the years: email and comment SPAM, bots..especially SEO bots) , lots of Amazon SBL's issued today and Amazon now has 185 SBL's and is sitting in the #2 spot on the Spamhaus worst ISP list.  +1 for whacking Bezos & Co.


----------



## IndoVirtue (Sep 20, 2015)

Look at the key points on the SBL pages: "Can't trust this IP space at the moment."

At the moment. I would suggest leaving that /24 IP idling for 1 ~ 3 months. Explain to the VPS customer your circumstance and the need for an IP change (I'm aware and admit that this is actually sounds easier than doing it). After that, you can contact them again to remove the listing. State that the IP has been cleaned from the abusers and not being used for some months already (in a non-aggressive way). Then ask them politely if there's any additional steps or information needed in order to remove that listing. They might go on defensive mode again if your tone is deemed a bit aggressive by them.

The goal here is to get the IP delisted. Questioning and making a problem of their decision, even if you're in the right, might not yield a good results.

If you do it right, it should work. Source? I'm not authorized at the moment to disclose the source info


----------



## coreyman (Sep 20, 2015)

> Look at the key points on the SBL pages: "Can't trust this IP space at the moment."
> 
> At the moment. I would suggest leaving that /24 IP idling for 1 ~ 3 months. Explain to the VPS customer your circumstance and the need for an IP change (I'm aware and admit that this is actually sounds easier than doing it). After that, you can contact them again to remove the listing. State that the IP has been cleaned from the abusers and not being used for some months already (in a non-aggressive way). Then ask them politely if there's any additional steps or information needed in order to remove that listing. They might go on defensive mode again if your tone is deemed a bit aggressive by them.
> 
> ...



Yes this is absolutely ridiculous, they wouldn't even reply to the last response I made to them. Looks like my customers and I will be waiting 3 months to get this listing removed, and we'll see how many customers I lose due to TINBA BOTNET controllers.


----------



## RLT (Sep 20, 2015)

So hosting the tiny banker is ok?


----------



## coreyman (Sep 20, 2015)

> So hosting the tiny banker is ok?



Noone has even remotely hinted at that. What isn't ok is the lack of support from spamhaus and the failure to follow their own removal policy.


----------



## DamienSB (Sep 21, 2015)

I have to say, i find this to be an enjoyable thread.


----------



## ChrisK (Sep 21, 2015)

As spamhaus said, this is the second escalation for this particular netblock.. If you are making no attempt to clean up your network why should spamhaus delist you?

IIRC you rented IPs a while back and they were too SBL'd which forced the provider to terminate you: https://vpsboard.com/topic/6279-stay-away-from-damien-and-his-company-supremebytes-my-review/


----------



## kaniini (Sep 21, 2015)

coreyman said:


> They replied with this. I want to know how in the hell they can legally be judge jury and executioner? Good ole' CC obviously got special treatment, did they pay them off? Is this Spamhaus trying to extort me? Keep in mind I have much more ip space, and they only listed the /24 that my VPS customers are on.


Hi!

While I can't speak for Spamhaus, I will simply point out that it's legal under 47 USC § 230.  They can publish whatever they want, and users can use their lists to block whatever they want.

That said, I am pretty sure I have seen lots of SSH scanning and other activities from Bitaccel hitting my network.  So maybe you should stop selling to trash.


----------



## kaniini (Sep 21, 2015)

IndoVirtue said:


> If you do it right, it should work. Source? I'm not authorized at the moment to disclose the source info



Because there isn't any.  Spamhaus don't roll like that.  Once they are pissed off at a provider at this level, it will never be delisted until the IP space is returned.  Unless you mean waiting for him to not pay his ARIN fees and have it revoked


----------



## RLT (Sep 21, 2015)

I think I will start checking for it.


----------



## coreyman (Sep 22, 2015)

> I have to say, i find this to be an enjoyable thread.



Yes how amusing since that was an SBL for email spam and this is an SBL for a TINBA botnet controller.



> coreyman said:
> 
> 
> > They replied with this. I want to know how in the hell they can legally be judge jury and executioner? Good ole' CC obviously got special treatment, did they pay them off? Is this Spamhaus trying to extort me? Keep in mind I have much more ip space, and they only listed the /24 that my VPS customers are on.
> ...



That's awfully funny since we've received no abuse reports for such, and we have a system in place to block excessive connections on any protocol.



> As spamhaus said, this is the second escalation for this particular netblock.. If you are making no attempt to clean up your network why should spamhaus delist you?
> 
> IIRC you rented IPs a while back and they were too SBL'd which forced the provider to terminate you: https://vpsboard.com/topic/6279-stay-away-from-damien-and-his-company-supremebytes-my-review/



 We've implemented some more fraud checking rules since spamhaus got all iffy and won't delist this current range. I'm not sure what you mean by 'no attempt to clean up your network' as the tinba botnet controller reports have drastically reduced since before this second listing.


----------



## Robert (Oct 12, 2015)

Turns out they thought some of our ranges were hijacked... Finally got a response after messaging in for an unrelated SBL. All resolved now.


----------



## LeaseVPS (Oct 24, 2015)

We had heaps of issues with all sorts of abuse from our VPS clients. We started doing some big data (ELK reporting) on our sflow data which would show us abuse before it even got reported

Clients would come up with all sorts of BS excuses but when we showed them the ELK reports they would just cancel

The other option for you is to run a SMTP service / gateway and block all direct SMTP, I've heard of people using things like scrolloutf1 for more of a turn key solution, but with anti-spam you have heaps of options to block spam on gateway / mail forwarder

We watch our ELK reports, if we suspect spam, we can turn on port mirroring based off an ACL, which just gives us the full packets for SMTP traffic, We provide the pcaps to our clients and block outbound smtp

abuse is just one of those things if you let it get out of control it will effect your legit clients and ultimately your reputation


----------



## coreyman (Oct 25, 2015)

Well it's been over 30 days now and spamhaus is still not responding to us. I sent a mail from my personal gmail and they sent the following message -



> Hello,
> 
> Thanks for your email.
> You need to contact your Internet Service Provider (ISP).
> ...


I then responded from my business email and said I am the owner and repeated the steps we had taken to remove the abuse and they aren't responding.


----------



## Tyler (Oct 26, 2015)

coreyman said:


> Well it's been over 30 days now and spamhaus is still not responding to us. I sent a mail from my personal gmail and they sent the following message -
> 
> 
> 
> ...



SpamHaus wants to talk to the people in charge. They want to talk to the owners of the IPs or ISP.


----------



## coreyman (Oct 27, 2015)

Tyler said:


> coreyman said:
> 
> 
> > Well it's been over 30 days now and spamhaus is still not responding to us. I sent a mail from my personal gmail and they sent the following message -
> ...


well they don't want to talk to me. Still no replies.


----------



## coreyman (Nov 6, 2015)

I just kept replying and eventually someone else from spamhaus other than


Thomas Morrison


replied and we got the listing removed, two months later.


----------



## rmlhhd (Nov 6, 2015)

coreyman said:


> I just kept replying and eventually someone else from spamhaus other than
> 
> 
> 
> ...



We've got a subnet listed, emailed them at least 5 times now. Still no reply, even tried tweeting them about response times.


----------



## HN-Matt (Nov 6, 2015)

coreyman said:


> replied and we got the listing removed, two months later.



Took me almost 5 months to get an IP delisted from Barracuda despite it never having sent any spam to begin with. I guess 2 months isn't so bad in the grand scheme of Kafkaesque anti-spam bureaucracies.


----------



## drmike (Nov 6, 2015)

HN-Matt said:


> Took me almost 5 months to get an IP delisted from Barracuda despite it never having sent any spam to begin with. I guess 2 months isn't so bad in the grand scheme of Kafkaesque anti-spam bureaucracies.



Problem I have with all companies and even the spam police is providing customer support in a timely manner.


People ending up on lists should understand why and be given evidence of it.  Cleanup should need documented for real.  I see providers just say they've handled it, but no proof thereof.  Should require something more.


Delisting should happen, however there should be clear penalty and escalation documented.  For instance, range gets dinged again in 30 days, it remains on list for 30 days.  Subsequent issues elongate the listing time.  I realize it's imperfect process, but more transparent and fair.. plus someone actually home at these places for a change.


----------



## coreyman (Nov 6, 2015)

drmike said:


> Problem I have with all companies and even the spam police is providing customer support in a timely manner.
> 
> 
> People ending up on lists should understand why and be given evidence of it.  Cleanup should need documented for real.  I see providers just say they've handled it, but no proof thereof.  Should require something more.
> ...



I know Spamhaus does keep record of the last times your space was listed with them and it does elongate the listing time if you've been listed before.


----------



## HN-Matt (Nov 7, 2015)

drmike said:


> Problem I have with all companies and even the spam police is providing customer support in a timely manner.
> 
> 
> People ending up on lists should understand why and be given evidence of it.



eh, I wouldn't necessarily ask for 'evidence' as that can be easily fabricated on the blacklist's part. Otherwise, I agree that they should convey _why _the IP was listed in their own words. In the absence of evidence, an explanation—however vague or meaningless—will at least create a context for the circumstances of the listing. False positives become increasingly absurd with each passing day of contextless silence...
 



> Delisting should happen, however there should be clear penalty and escalation documented.  For instance, range gets dinged again in 30 days, it remains on list for 30 days.



Broad-brush listing is antiquated to the extent that 'ownership' of a range doesn't necessarily constitute guilt. If the RBL refuses to delist per individual IP, I would wager there's some sort of ridiculous ulterior motive at play. I can see how a blacklist org might want to lean on the owner of a range, but there's no genuine or 'valid' reason to punish the non-spamming IP within it (some of which may have no relation to the owner) other than pigheadedness imo.


----------



## willie (Nov 7, 2015)

HN-Matt said:


> I can see how a blacklist org might want to lean on the owner of a range, but there's no genuine or 'valid' reason to punish the non-spamming IP within it (some of which may have no relation to the owner) other than pigheadedness imo.



I think you answered your own question.  If I'm a non-spammer and the IP that I use is blacklisted because I'm hosted by someone who also hosts spammers, I end up moving elsewhere, which deprives the host of revenue.  That's part of the way the blacklist leans on hosts to get rid of spammers for real instead of making empty gestures.


----------



## coreyman (Nov 7, 2015)

willie said:


> I think you answered your own question.  If I'm a non-spammer and the IP that I use is blacklisted because I'm hosted by someone who also hosts spammers, I end up moving elsewhere, which deprives the host of revenue.  That's part of the way the blacklist leans on hosts to get rid of spammers for real instead of making empty gestures.



That's part of the way blacklists blackmail hosts to get rid of anyone that they want you to get rid of.


----------



## HN-Matt (Nov 7, 2015)

willie said:


> I think you answered your own question.  If I'm a non-spammer and the IP that I use is blacklisted because I'm hosted by someone who also hosts spammers, I end up moving elsewhere, which deprives the host of revenue.  That's part of the way the blacklist leans on hosts to get rid of spammers for real instead of making empty gestures.



Sure, but I didn't mean from the POV of a client who would default to blind faith in a blacklist's willful ignorance. I meant from the perspective of non-spamming hosts who have pockets of IP space within larger ranges owned by different hosts. In other words, you would have ended up moving elsewhere based in a false positive.


but I mean if you feel content 'depriving hosts of revenue' who didn't deserve it, have fun with that I guess.

(I don't really care, mostly just think it's kind of amusing to see immediate transitions from blind faith to groundless accusations of complicity)


----------

