amuck-landowner

Spamhaus listing us for being listed and will not remove listings now?

coreyman

Active Member
Verified Provider
Look at the key points on the SBL pages: "Can't trust this IP space at the moment."

At the moment. I would suggest leaving that /24 IP idling for 1 ~ 3 months. Explain to the VPS customer your circumstance and the need for an IP change (I'm aware and admit that this is actually sounds easier than doing it). After that, you can contact them again to remove the listing. State that the IP has been cleaned from the abusers and not being used for some months already (in a non-aggressive way). Then ask them politely if there's any additional steps or information needed in order to remove that listing. They might go on defensive mode again if your tone is deemed a bit aggressive by them.

The goal here is to get the IP delisted. Questioning and making a problem of their decision, even if you're in the right, might not yield a good results.

If you do it right, it should work. Source? I'm not authorized at the moment to disclose the source info :)

Yes this is absolutely ridiculous, they wouldn't even reply to the last response I made to them. Looks like my customers and I will be waiting 3 months to get this listing removed, and we'll see how many customers I lose due to TINBA BOTNET controllers.
 

coreyman

Active Member
Verified Provider
So hosting the tiny banker is ok?

Noone has even remotely hinted at that. What isn't ok is the lack of support from spamhaus and the failure to follow their own removal policy.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
They replied with this. I want to know how in the hell they can legally be judge jury and executioner? Good ole' CC obviously got special treatment, did they pay them off? Is this Spamhaus trying to extort me? Keep in mind I have much more ip space, and they only listed the /24 that my VPS customers are on.
Hi!

While I can't speak for Spamhaus, I will simply point out that it's legal under 47 USC § 230.  They can publish whatever they want, and users can use their lists to block whatever they want.

That said, I am pretty sure I have seen lots of SSH scanning and other activities from Bitaccel hitting my network.  So maybe you should stop selling to trash.
 
  • Like
Reactions: RLT

kaniini

Beware the bunny-rabbit!
Verified Provider
If you do it right, it should work. Source? I'm not authorized at the moment to disclose the source info :)

Because there isn't any.  Spamhaus don't roll like that.  Once they are pissed off at a provider at this level, it will never be delisted until the IP space is returned.  Unless you mean waiting for him to not pay his ARIN fees and have it revoked :)
 

coreyman

Active Member
Verified Provider
I have to say, i find this to be an enjoyable thread.

Yes how amusing since that was an SBL for email spam and this is an SBL for a TINBA botnet controller.

They replied with this. I want to know how in the hell they can legally be judge jury and executioner? Good ole' CC obviously got special treatment, did they pay them off? Is this Spamhaus trying to extort me? Keep in mind I have much more ip space, and they only listed the /24 that my VPS customers are on.
Hi!

While I can't speak for Spamhaus, I will simply point out that it's legal under 47 USC § 230.  They can publish whatever they want, and users can use their lists to block whatever they want.

That said, I am pretty sure I have seen lots of SSH scanning and other activities from Bitaccel hitting my network.  So maybe you should stop selling to trash.

That's awfully funny since we've received no abuse reports for such, and we have a system in place to block excessive connections on any protocol.

As spamhaus said, this is the second escalation for this particular netblock.. If you are making no attempt to clean up your network why should spamhaus delist you?

IIRC you rented IPs a while back and they were too SBL'd which forced the provider to terminate you: https://vpsboard.com/topic/6279-stay-away-from-damien-and-his-company-supremebytes-my-review/

 We've implemented some more fraud checking rules since spamhaus got all iffy and won't delist this current range. I'm not sure what you mean by 'no attempt to clean up your network' as the tinba botnet controller reports have drastically reduced since before this second listing.
 
Last edited by a moderator:

Robert

New Member
Turns out they thought some of our ranges were hijacked... Finally got a response after messaging in for an unrelated SBL. All resolved now. :)
 

LeaseVPS

New Member
Verified Provider
We had heaps of issues with all sorts of abuse from our VPS clients. We started doing some big data (ELK reporting) on our sflow data which would show us abuse before it even got reported

Clients would come up with all sorts of BS excuses but when we showed them the ELK reports they would just cancel

The other option for you is to run a SMTP service / gateway and block all direct SMTP, I've heard of people using things like scrolloutf1 for more of a turn key solution, but with anti-spam you have heaps of options to block spam on gateway / mail forwarder

We watch our ELK reports, if we suspect spam, we can turn on port mirroring based off an ACL, which just gives us the full packets for SMTP traffic, We provide the pcaps to our clients and block outbound smtp

abuse is just one of those things if you let it get out of control it will effect your legit clients and ultimately your reputation
 

coreyman

Active Member
Verified Provider
Well it's been over 30 days now and spamhaus is still not responding to us. I sent a mail from my personal gmail and they sent the following message -

Hello,

Thanks for your email.
You need to contact your Internet Service Provider (ISP).

Requests to remove an IP address from the Spamhaus Block List (SBL) must
be made by the Internet Service Provider who owns the IP address.

Please contact your ISP and inform them of this SBL listing. It is
possible that your ISP does not know about this SBL listing, or does not
realise there is a spam issue with a customer in this IP space, or
possibly your Internet Service Provider has not understood that Spamhaus
is waiting for them to contact us when they have terminated the spam
issue detailed on the SBL record page.

Thanks for your understanding.
--
Best regards
Thomas Morrison

SBL Removals Team
The Spamhaus Project
Geneva, Switzerland
http://www.spamhaus.org
I then responded from my business email and said I am the owner and repeated the steps we had taken to remove the abuse and they aren't responding.
 

Tyler

Active Member
Well it's been over 30 days now and spamhaus is still not responding to us. I sent a mail from my personal gmail and they sent the following message -

Hello,

Thanks for your email.
You need to contact your Internet Service Provider (ISP).

Requests to remove an IP address from the Spamhaus Block List (SBL) must
be made by the Internet Service Provider who owns the IP address.

Please contact your ISP and inform them of this SBL listing. It is
possible that your ISP does not know about this SBL listing, or does not
realise there is a spam issue with a customer in this IP space, or
possibly your Internet Service Provider has not understood that Spamhaus
is waiting for them to contact us when they have terminated the spam
issue detailed on the SBL record page.

Thanks for your understanding.
--
Best regards
Thomas Morrison

SBL Removals Team
The Spamhaus Project
Geneva, Switzerland
http://www.spamhaus.org
I then responded from my business email and said I am the owner and repeated the steps we had taken to remove the abuse and they aren't responding.

SpamHaus wants to talk to the people in charge. They want to talk to the owners of the IPs or ISP. 
 

coreyman

Active Member
Verified Provider
Well it's been over 30 days now and spamhaus is still not responding to us. I sent a mail from my personal gmail and they sent the following message -

Hello,

Thanks for your email.
You need to contact your Internet Service Provider (ISP).

Requests to remove an IP address from the Spamhaus Block List (SBL) must
be made by the Internet Service Provider who owns the IP address.

Please contact your ISP and inform them of this SBL listing. It is
possible that your ISP does not know about this SBL listing, or does not
realise there is a spam issue with a customer in this IP space, or
possibly your Internet Service Provider has not understood that Spamhaus
is waiting for them to contact us when they have terminated the spam
issue detailed on the SBL record page.

Thanks for your understanding.
--
Best regards
Thomas Morrison

SBL Removals Team
The Spamhaus Project
Geneva, Switzerland
http://www.spamhaus.org
I then responded from my business email and said I am the owner and repeated the steps we had taken to remove the abuse and they aren't responding.

SpamHaus wants to talk to the people in charge. They want to talk to the owners of the IPs or ISP. 
well they don't want to talk to me. Still no replies.
 

coreyman

Active Member
Verified Provider
I just kept replying and eventually someone else from spamhaus other than


Thomas Morrison


replied and we got the listing removed, two months later.
 

rmlhhd

Active Member
Verified Provider
I just kept replying and eventually someone else from spamhaus other than



Thomas Morrison


replied and we got the listing removed, two months later.

We've got a subnet listed, emailed them at least 5 times now. Still no reply, even tried tweeting them about response times. 
 

HN-Matt

New Member
Verified Provider
replied and we got the listing removed, two months later.

Took me almost 5 months to get an IP delisted from Barracuda despite it never having sent any spam to begin with. I guess 2 months isn't so bad in the grand scheme of Kafkaesque anti-spam bureaucracies.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Took me almost 5 months to get an IP delisted from Barracuda despite it never having sent any spam to begin with. I guess 2 months isn't so bad in the grand scheme of Kafkaesque anti-spam bureaucracies.

Problem I have with all companies and even the spam police is providing customer support in a timely manner.


People ending up on lists should understand why and be given evidence of it.  Cleanup should need documented for real.  I see providers just say they've handled it, but no proof thereof.  Should require something more.


Delisting should happen, however there should be clear penalty and escalation documented.  For instance, range gets dinged again in 30 days, it remains on list for 30 days.  Subsequent issues elongate the listing time.  I realize it's imperfect process, but more transparent and fair.. plus someone actually home at these places for a change.
 

coreyman

Active Member
Verified Provider
Problem I have with all companies and even the spam police is providing customer support in a timely manner.


People ending up on lists should understand why and be given evidence of it.  Cleanup should need documented for real.  I see providers just say they've handled it, but no proof thereof.  Should require something more.


Delisting should happen, however there should be clear penalty and escalation documented.  For instance, range gets dinged again in 30 days, it remains on list for 30 days.  Subsequent issues elongate the listing time.  I realize it's imperfect process, but more transparent and fair.. plus someone actually home at these places for a change.

I know Spamhaus does keep record of the last times your space was listed with them and it does elongate the listing time if you've been listed before.
 

HN-Matt

New Member
Verified Provider
Problem I have with all companies and even the spam police is providing customer support in a timely manner.


People ending up on lists should understand why and be given evidence of it.

eh, I wouldn't necessarily ask for 'evidence' as that can be easily fabricated on the blacklist's part. Otherwise, I agree that they should convey why the IP was listed in their own words. In the absence of evidence, an explanation—however vague or meaningless—will at least create a context for the circumstances of the listing. False positives become increasingly absurd with each passing day of contextless silence...
 

Delisting should happen, however there should be clear penalty and escalation documented.  For instance, range gets dinged again in 30 days, it remains on list for 30 days.

Broad-brush listing is antiquated to the extent that 'ownership' of a range doesn't necessarily constitute guilt. If the RBL refuses to delist per individual IP, I would wager there's some sort of ridiculous ulterior motive at play. I can see how a blacklist org might want to lean on the owner of a range, but there's no genuine or 'valid' reason to punish the non-spamming IP within it (some of which may have no relation to the owner) other than pigheadedness imo.
 
Last edited by a moderator:
Top
amuck-landowner