amuck-landowner

Quadranet Needs to BAN SMTP. Spammer UTOPIA.

drmike

100% Tier-1 Gogent
So for a long time I was blah about Colocrossing because they were, and sort of continue to be a spam source that needed reigned in.


Now currently Quadranet is blowing up on Senderbase.  See: http://www.senderbase.org/static/spam/#tab=3


They are SECOND on the Top          25         50         100      Spam Senders by Network Owner for the Last Day . They've been there up at the top for a good long while.


See also: http://www.senderbase.org/lookup/org/?search_string=QuadraNet


I'll say this, Quadranet needs to get to cleaning up the mess on their network.  It is time to take the lead we sprung on Colocrossing and BLOCK SMTP traffic by default.


I am being lazy, cause I am busy, but soon, I am going to rip through the ranges if I don't see something change over at Quadranet.


Spamhaus isn't much on Quadranet currently, but expect that to change. They have 11 listings:
http://www.spamhaus.org/sbl/listings/quadranet.com


Spamhaus is great for pruning matters way late and after much escalation.  Meaning they are slow to this party, much slower than should have been.


How bad is it?  Pfft. Cleantalk.org says this:


155.94.128.0/17
32768 IPs  
8445 IPs seen
7660 of those IPs were SPAMMING
meaning 23.37% of the IPs in that fat range are spam use.


To put that in context, every 4th house in your neighborhood has bad shit happening in it.


Of course there are other ranges soiled too...  And I get the whole VPS provider excuse... But it's simple enough to block SMTP that even Colocrossing did it... allegedly... (unsure why they still remain a spam factory)
 
Last edited by a moderator:

AndrewM

New Member
DrMike,


I appreciate your concern. QuadraNet is and always has been dedicated to maintaining a clean network and we are committed to ensuring that this problem does not get out of control. We have been diligently working to mitigate the recent outbreak that you are noticing, and I can assure you that QuadraNet is not now and has never been a spam friendly provider. 


It is not a necessity for QuadraNet to block SMTP on a network wide level because we do not cater to spammers, and as such we are in no position to have to block this at a network wide level and inconvenience our customers. 


QuadraNet is a proactive provider when it comes to abuse and it is not something we take lightly, though spam can plague any network and it has shown to affect even the largest ones (RE: IBM/Softlayer + Spamhaus). 


We appreciate your feedback and I assure you this is something that is being worked on.


If you have any questions, feel free to reach out to me here or by email (andrew.moore[at]quadranet.com)


Thanks, 
 

DomainBop

Dormant VPSB Pathogen
How bad is it?  Pfft. Cleantalk.org says this:

Quadranet's AS29761 has an 87.64% spam rate at CleanTalk...

ASN, Organization name    Country    Detected IP addresses    Spam active IP addresses    Spam rate


33    AS29761 QuadraNet, Inc    United States US    26 051    22 843    87.69%

 ...which is a hell of a lot better than the 92.64% of Incero IPs which are used for spamming  https://cleantalk.org/blacklists?record=54540 

ASN, Organization name    Country    Detected IP addresses    Spam active IP addresses    Spam rate
1    AS54540 Incero LLC    United States US    2 882    2 670    92.64%

or the 92.91% of ColoCrossing IPs which are used for spamming

ASN, Organization name    Country    Detected IP addresses    Spam active IP addresses    Spam rate


10    AS36352 ColoCrossing    United States US    49 017    45 543    92.91%



The comment and botnet spammers that Cleantalk measures are probably a bigger threat and more costly to companies that get hit by the crap coming out of crappy dirty networks like those three but because there is really no penalty, i.e. no comment spam blacklist that can cripple a provider if they get put on it (as there is for email spam where Spamhaus SBL's can deal severe blows to the worst offenders) , most providers and their abuse departments basically ignore the problem because hey they're making a good profit from those comment spammers.  Yeah, a provider can brag about their white star at Spamhaus for proactive measures they take against email SPAM like one of the providers mentioned above does but it doesn't necessarily mean they have a clean network as those high Cleantalk spam rates show.  

And I get the whole VPS provider excuse

I don't get it because that was a completely bullshit excuse Biloh made up.  I blame that excuse on winter weather in Buffalo because a recent study showed that gloomy weather impairs cognition.

A recent study, conducted at the University of Alabama at Birmingham, found that people were almost three times as likely to have impaired cognition after gloomy weather compared to those in sunny climates 


source: http://www.selfgrowth.com/print/768669

Ideally I'd like to see the laws changed so that companies that run dirty networks could be fined for the crap coming out of their networks because I don't think it's fair that the companies that get hit with the crap coming from these networks should have to bear the brunt of the cost (mitigation costs, lost productivity, etc, etc, etc) while the fuckwads like CC et al who are responsible for hosting the crap profit from it.
 
Last edited by a moderator:

qps

Active Member
Verified Provider
@DomainBop The CleanTalk percentages are not accurate.  Quadranet has 341,504 IP addresses announced (per bgp.he.net), but CleanTalk says they only have 4095 (for AS8100), with 3000 with problems.


3000/4095 compared to 3000/341000 is a big difference.
 

drmike

100% Tier-1 Gogent
I appreciate your concern. QuadraNet is and always has been dedicated to maintaining a clean network and we are committed to ensuring that this problem does not get out of control. We have been diligently working to mitigate the recent outbreak that you are noticing, and I can assure you that QuadraNet is not now and has never been a spam friendly provider. 

I appreciate the time you took @AndrewM to reply.   I know you are one of the nose-to-the-grind workers there.  Your paycheck probably doesn't get fatter when shit flows out of Quadranet.   But I am certain when someone is playing on the network but not paying for that luxury, you are one of the people who has to clean things up.

 QuadraNet is not now and has never been a spam friendly provider

Careful before you choke on your popcorn.  QN has long been slapped about and prior name of the place was infamous for spam. 


I'd rain on parades and set fires on this matter with pastes or quotables, but the burn would be worse than major hemorrhoid flare up.  I know for a fact QN is selling to mailers and only cares if IPs hit Spamhaus.  If they do not, zero f--ks given.  Now, where in the company this is accepted, I don't know.. But it is and it puts money in the bank over there.

It is not a necessity for QuadraNet to block SMTP on a network wide level because we do not cater to spammers, and as such we are in no position to have to block this at a network wide level and inconvenience our customers. 

Inconvenient it really isn't...  It's rather normal these days.  It's something I whined about a while back, but hey, it just makes sense.   I don't know the last time I've need to send email out via SMTP normally.  Every mail provider takes stuff in with checksums, locked systems, access lists, different ports, etc. Everyone seems to use 3rd party systems to broadcast their email since it is such a PITA otherwise and beyond customers control on reputation, fails, etc.  Why should a bare metal type place have an open network like this today where the implications could be large long term Spamhaus dingings to your sensibility?

QuadraNet is a proactive provider when it comes to abuse and it is not something we take lightly, though spam can plague any network and it has shown to affect even the largest ones (RE: IBM/Softlayer + Spamhaus). 

IBM/Softlayer got targeted by Brazilians, allegedly.  Perhaps their spat of free giveaways weren't such a good idea?  Like free $500 credit, free startup $1k, etc.  Their solution?  Same one, block SMTP network wide, put allowed on an ACL.


Unsure what it says if we compare things here... Sure Softlayer is big... So are many other entities compared to Quadranet.. and everyone else isn't lighting up lists for bad behavior.  Token example of a big co getting screwed while their management failed to address things doesn't minimize the mess going on at QN. If anything it says mass vs. mass that QN is out of ratio for vile actors on network.


Okay, while I am on comparing the top cats, let's look at Senderbase, a credible source for email bad behavior.


#1 = Vietnam Posts and Telecommunications Group -  owned by the Vietnamese Government, and the national post office of Vietnam. Second largest company in Vietnam.  Owns the largest cellular company in Vietnam.  More than 20,000 employees. Annual revenue of $6.5 billion.   Senderbase volume of 7.7


#2-3 = Quadranet --- Senderbase volume of 7.5-7.6 


I'll stop there without putting numbers and going on more rambling... Point should be obvious.
 
Last edited by a moderator:
  • Like
Reactions: RLT

drmike

100% Tier-1 Gogent
@DomainBop The CleanTalk percentages are not accurate.  Quadranet has 341,504 IP addresses announced (per bgp.he.net), but CleanTalk says they only have 4095 (for AS8100), with 3000 with problems.


3000/4095 compared to 3000/341000 is a big difference.

I'll toss my hat in on this, because it has long troubled me with Cleantalk and the numbers.


It appears that CleanTalk detects IPs whenever someone running their software / addon / mod submits an IP.   Assuming my side that such is not a blind lookup, but actually something problematic that gets flagged and thus submitted.  Meaning those IPs - total they have, are all the IPs that have been either queried or submitted for that ASN.  


If anyone runs a CleanTalk addon/plugin/whatever feel free to chime in.


What this says though on some ranges is those ranges might be solely provided for spamming or as providers like to play often, it's just a customer gone wild or hacked.  I see some really problematic ranges but I am busy and sitting on my hands :)
 

DomainBop

Dormant VPSB Pathogen
@DomainBop The CleanTalk percentages are not accurate.  Quadranet has 341,504 IP addresses announced (per bgp.he.net), but CleanTalk says they only have 4095 (for AS8100), with 3000 with problems.


3000/4095 compared to 3000/341000 is a big difference.

CleanTalk only counts the IPs that are recorded by their anti-spam plugins  on member sites so the total IPs they show for a provider are only a fraction of the total IPs in any given AS.  So using Quadranet as an example: 4K of its 341K IPs visited sites using the CleanTalk plugin and 3K of those 4K IPs engaged in malicious activity.
 

drmike

100% Tier-1 Gogent
#1 = Vietnam Posts and Telecommunications Group -  owned by the Vietnamese Government, and the national post office of Vietnam. Second largest company in Vietnam.  Owns the largest cellular company in Vietnam.  More than 20,000 employees. Annual revenue of $6.5 billion.   Senderbase volume of 7.7


#2-3 = Quadranet --- Senderbase volume of 7.5-7.6 


I'll stop there without putting numbers and going on more rambling... Point should be obvious.

Sorry to quote myself, borderline insane.


Now just imagine if we scaled up a Quadranet or Colocrossing to that income level -- to that player level in an economy...  


I think at that point we'd all be buried under 15 feet of virtual and real spam and the internet would break.. or most of us just would unplug.


The ratio here is of reason-ability.  


Clearly QN handily profits from guys who should be dragged from behind a vehicle for a few country miles.  If you don't, have at it, get to whacking them and booting them.  GO ahead.  Prove it... Get your numbers way down.  I'll even note the effort and applaud you...  Results thing.
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
It is not a necessity for QuadraNet to block SMTP on a network wide level because we do not cater to spammers, and as such we are in no position to have to block this at a network wide level and inconvenience our customers. 

Looking at Spamhaus' Top 10 tonight I see one provider (#7) which owns a "cloud" company that does block outbound SMTP (customers must submit an authorization form to lift the block).  Their inclusion on the Top 10 raises questions about the effectiveness of SMTP port 25 block policies that can be waived by opening a ticket and promising to be good...

inconvenience our customers. 

Redstation's policy probably fits that description.  They force all dedicated server customers to route all email traffic through Redstation's email relay service servers and strictly limit the number of emails that can be sent.  Redstation's IP range used to be a cesspool before they instituted this policy (I had their ranges blocked for a few years) but the new policy seems to have cleared things up.  


Their policy definitely isn't friendly to hosting providers though, and it would force any business that sends a lot of transactional emails to use a 3rd party service.

Redstation provides a free premium relay with 500 daily emails for your primary IP and 100 daily emails for additional IPs with every dedicated server
 

drmike

100% Tier-1 Gogent
Looking at Spamhaus' Top 10 tonight I see one provider (#7) which owns a "cloud" company that does block outbound SMTP (customers must submit an authorization form to lift the block).  Their inclusion on the Top 10 raises questions about the effectiveness of SMTP port 25 block policies that can be waived by opening a ticket and promising to be good...

Nice, I see Choopa on that list.


I've never noticed Choopa blocking SMTP as a policy.  I think they only do that on Vultr.  Thus, the mess they have on their Choopa ranges.
 

DomainBop

Dormant VPSB Pathogen
Nice, I see Choopa on that list.


I've never noticed Choopa blocking SMTP as a policy.  I think they only do that on Vultr.  Thus, the mess they have on their Choopa ranges.

I scanned a few of those listings and they seem to be mainly Vultr IPs and a few listings for one of Choopa's larger customers ReliableSite (not to be confused with Choopa's brand ReliableServers).  Another case of cheap VPS attracting the wrong emailing crowd.
 

drmike

100% Tier-1 Gogent
I scanned a few of those listings and they seem to be mainly Vultr IPs and a few listings for one of Choopa's larger customers ReliableSite (not to be confused with Choopa's brand ReliableServers).  Another case of cheap VPS attracting the wrong emailing crowd.

Hahaha well I am truly dumbfounded... Perhaps their blocking at Vultr is on the node itself and something not uniformly rolled out across everything... or they could just be endorsing mailers... Too much of that still, play to pay.


It raises a huge question mark and only way out of that question is someone fat fingered configs style excuse.
 

drmike

100% Tier-1 Gogent
I scanned a few of those listings and they seem to be mainly Vultr IPs and a few listings for one of Choopa's larger customers ReliableSite (not to be confused with Choopa's brand ReliableServers).  Another case of cheap VPS attracting the wrong emailing crowd.

Choopa is down to 5 listings on Spamhaus. Good cleanup in past 12 hours there...
Quadranet is still riding 11 listings.
Colocrossing has *just* 5 listings...


I am blah about Spamhaus listings with this group.  Some of it is same bad actors on ranges.  Senderbase spells it more clearly.


Senderbase sezzzzzzzzzzzzzzz...
Ranked 23rd - Choopa - 7.0 email volume today, 7.0 email volume past 30 days
Ranked 3rd - Quadranet - 7.6 email volume today, 7.7 email volume past 30 days
Ranked 9th - Colocrossing - 7.4 email volume today,  7.4 email volume past 30 days

Not to worry, I see other familiar faces on there at the top too...  Unsure why folks can't keep their nets clean when running real business.  I mean I understand having shit stuffed in ranges when no care given, no workforce, lucky to even have outsourced tickets in the lowest bid location across the biggest pond.  I'll start to assume more of these shops are that if it continues....  Or if there is a workforce it's skeleton and abused to death with more way more task load than clock time.
 

DomainBop

Dormant VPSB Pathogen
Another day, another great pic:


2015-11-13_06-43-52.png



Maybe they need help identifying the source of some of those spam emails --> http://www.senderbase.org/lookup/org/?search_string=QuadraNet


Multiple IPs with poor rep for jcmailer.com and cjsender.com, home pages for both sites are a login page for Imnica Mailer.  ImnicaMail is a budget email marketing service hosted by Quadranet. The service seems to be heavily market on Warrior forum and other similar marketing forums (you know, the ones that will help you get a #1 ranking on google and become rich overnight without any effort!), and according to comments on Web of Trust, spammers are attracted to it by its low prices (and its $1/30 days trial offer). https://www.mywot.com/en/scorecard/imnicamail.com


SenderBase web reputation for mail.cjsender.com: POOR SenderBase web category: ILLEGAL ACTIVITIES http://www.senderbase.org/lookup/host/?search_string=mail.cjsender.com .  All of the IPs in the /24 that cjsender.com  is hosted on have poor reputations http://www.senderbase.org/lookup/ip/?search_string=66.63.179.138  (Imnica has several other IP blocks in addition to that one)


If you're a hosting company like OC3networks and you have a customer running a "double opt-in" email marketing service that is a magnet for spammers you're probably going to end up with a bunch of IPs with a poor reputation. They also have a customer that runs a mail filtering service (it provides spam and virus filtering, greylisting services) which probably accounts for some of Pacifi-Crack's high daily email volume.  The IPs assigned to the mail filtering service seem to have good to neutral reps at SenderBase so probably not much spam coming from those IPs.

DomainBop said "CleanTalk only counts the IPs that are recorded by their anti-spam plugins  on member sites"

Their WordPress plugin has 30,000 active installs.  They also have plugins for most of the popular CMS and forum scripts (including IPB), and Magento
 

RosenHost

New Member
We were with Crissic. After QuadraNet acquisition, our mails are now also ending up in spam folders of recipients. I hope this gets resolved soon
 
Top
amuck-landowner