I think you are missing the point. The issue is not about other people causing issues, that will always be the case. The issue is how the host/provider responds to that issue. Do they do it in a timely, effective and honest manner or not?
ColoCrossing, Quick to Get Large IP Blocks Issued and Faster to Soil Them
Aldryic C'boas
The Pony
Going back to my easily obtainable hammer example: all of our automated and mass email SMTP is pushed through AmazonSES. We're talking upwards of a hundred-thousand emails a month, for just a couple bucks a month.
There is *no excuse* for "being stuck with dirty IPs" when solutions such as SES exist so cheaply. And even if your IPs are clean - why would you want the hassle of validating your own MX when that couple bucks to Amazon gets you guaranteed whitelisting?
There is *no excuse* for "being stuck with dirty IPs" when solutions such as SES exist so cheaply. And even if your IPs are clean - why would you want the hassle of validating your own MX when that couple bucks to Amazon gets you guaranteed whitelisting?
The host is not the user.
the end user should not punised for a hosts way of doing things.
we are working on doing everthing in-house.
It's only hotmail we have issues with.
we have tried to fill in they form but then got a error saying they was no route for the form to go.
so i need to contact them to get it sorted.
Aldryic C'boas
The Pony
If keeping all mail services in-house is a perogative, then it behooves you to ensure that either 1) you own (and can therefore clean) the IP block in question, or 2) rent said IP space directly from a responsible provider that owns and cleans the range.
If you're renting IPs from an upstream who is in turn renting said IPs from their upstream, then you are simply asking for trouble. Spamhaus is not to blame for the lack of integrity of the block's owner.
If you're renting IPs from an upstream who is in turn renting said IPs from their upstream, then you are simply asking for trouble. Spamhaus is not to blame for the lack of integrity of the block's owner.
Last edited by a moderator:
if spam comes from one ip address you don't block evey ip address in the block 64 ip address. as i get 1 ip per provider.
fisle
Active Member
Yes except when it continues A LOT and host clearly isn't doing anything, showing that they indeed love to spam, then you can start blocking more. Don't be so stupid please.
I nerver spam so why should i have my ip address blacklisted?
Cause Spamhaus are teaching someone a lesson
Aldryic C'boas
The Pony
They're not YOUR IPs. The PROVIDER's IPs are blacklisted - you are merely renting the use of them. Spamhaus has no clue who you are.
so why blacklist ip's ware theys no spam.
Spamhaus does not start off listing 64 IPs, all listings begin as /32 and then escalate to become wider until the provider responsible for the block does take action.
This is what I like to call the "bitching customers" theory. It's a real theory, and it works.
Aldryic C'boas
The Pony
You are insufferably thick. This has been explained to you several times now - as a courtesy, I will attempt once more to simplify things to your level.
You rent IP space owned by a provider. The IPs are not yours, and whenever someone runs a WHOIS to check the IP they will see the provider listed as owner. You, and what you do with the IP, are irrelevant.
If said provider hosts a client that sends spam and earns an SBL from Spamhaus, then typically only the spamming IP will be listed for the first offense.
If the provider doesn't bother to remove the spammer, or makes it clear that they are willing to sell to spammers, then the SBL will be extended to encompass entire IP blocks. From the starting /32 (one IP), to /28s, /26s, /24s, and so on.
You, and what you do with the IP you rent, are irrelevant. Because the upstream provider is willingly selling to spammers, large amounts of their IP space are marked in the SBL. You simply happen to be a casualty of collateral. If this inconveniences you, then you should address the issue with your provider. Or move to a legitimate host.
Spamhaus doesn't know who you are, and they are not to blame for your problems. Your provider is to blame, and if you insist on staying with a provider that won't keep their IP space clean, then the blame lays with you for being too stupid to leave.
You rent IP space owned by a provider. The IPs are not yours, and whenever someone runs a WHOIS to check the IP they will see the provider listed as owner. You, and what you do with the IP, are irrelevant.
If said provider hosts a client that sends spam and earns an SBL from Spamhaus, then typically only the spamming IP will be listed for the first offense.
If the provider doesn't bother to remove the spammer, or makes it clear that they are willing to sell to spammers, then the SBL will be extended to encompass entire IP blocks. From the starting /32 (one IP), to /28s, /26s, /24s, and so on.
You, and what you do with the IP you rent, are irrelevant. Because the upstream provider is willingly selling to spammers, large amounts of their IP space are marked in the SBL. You simply happen to be a casualty of collateral. If this inconveniences you, then you should address the issue with your provider. Or move to a legitimate host.
Spamhaus doesn't know who you are, and they are not to blame for your problems. Your provider is to blame, and if you insist on staying with a provider that won't keep their IP space clean, then the blame lays with you for being too stupid to leave.
BrianHarrison
Member
Completely true. In my experience with Spamhaus I've found them to be quite reasonable and a whole heck of a lot more responsive than other blacklists.
Seems like not much has changed at B2Net/ServerMania/ColoCrossing -- if you open http://www.senderbase.org/ and zoom in the map to the United States you'll quickly see that one of the largest sources of spam in the country is out of their datacenter.
Well that's the point some people have been making. The same spammer rotates through each of the brands over there. ServerMania, CVPS, BlueVM, and now 123S has picked up a couple listings (at least 1 /25 I think). Worst part is spamhaus has been straight up lied to and the same subnets have gone back to the same spammer.
Francisco
DomainBop
Dormant VPSB Pathogen
There are several spammers that continuously rotate through their brands. The most notorious is ROKSO listed Yair (40+ CC ROKSO listings over the past 12 months and 3 current SBLs). Yair was charged with fraud by the FTC in late January and yet despite government action against him and numerous ROKSO SBL's CC continues to provide him with a rotating supply of "clean" IPs to spam from.
FTC press release: http://www.ftc.gov/news-events/press-releases/2014/01/ftc-charges-email-spammer-tricking-consumers-phony-information
FTC blog article on Yair: http://www.consumer.ftc.gov/blog/ending-spam-scam-about-affordable-care-act
copy of Federal court filing: http://www.ftc.gov/sites/default/files/documents/cases/140123kobenicmpt.pdf (10 page .pdf)
Ugh. I keep seeing BlueVM mentioned and would like to point out that we are NOT Spam Friendly. I personally have a vendetta against people who sign up and spam because it means I have to clean up after them. I'll do some digging to see if I find any wonderful citizens of the internet abusing our services.
D. Strout
Resident IPv6 Proponent
Curious - some providers will SWIP the IPs they rent to you to your business/personal info. If this happens, does SpamHaus (or any other spam DB organization) recognize this and block just the IPs that are SWIPed to you that are spamming?
Aldryic C'boas
The Pony
At first, yes. They'll only list the company appearing on the SWIP, and not the actual owner. But when either the owner or the SWIP holder has a history of repeat abuse - then aye, they'll assume the SWIP was done to try and be sneaky, and they'll start issuing larger SBLs.
Gotta feel bad for the legitimate companies stuck at CC, renting IP space from them. Even if they do try to stay on top of things, any listings are going to be brutal just for being associated.
Unless you're name is Colo Crossing or any of their affiliated "brands", Spamhaus typically only blocks Ips/ranges that are sending the spam. You literally have to ignore them with repeated violations for them to start blanket blocking huge ranges.
Only time I've seen a /24 or larger of my own ranges blocked was UCEPROTECT related when a customer had ~6 IPs that hit their filters in a very short period of time. UCEPROTECT in particular will do /24's and even larger allocation/ASN based blocks if the spam hits specific thresholds. You have to get pretty crazy to hit an UCEPROTECT /24 or larger list.
Edit:
ColoCrossing has a bunch on UCEPROTECT as well. A few /24's and /23's. UCEPROTECT is a timed-based delist or you can pay some asinine amount of $$$ to get a block de-listed.
Last edited by a moderator: