Vultr SMTP restriction requirements are unreasonable

[klimenta]

A week ago I bought a FreeBSD VPS and paid with US issued credit card. After I realized that port 25 is blocked I've opened a ticket asking to lift this restriction (I googled the issue before I've opened the ticket so I was kind of aware that they might require a scan of my CC). 30 mins later, they've opened the port 25 and sent me this link.

https://www.vultr.com/legal/antispam_policy.php

Long story short, it's $5 per spam email that you send, but only if you are liable.

"you agree to pay VULTR.com liquidated damages of five-dollars ($5.00) for each piece of spam or unsolicited bulk email transmitted from or otherwise connected with your account,"

"If customers server was compromised (hacked) and then subsequently used for spamming this clause will not apply."

 

[jas88]

"you agree to pay VULTR.com liquidated damages of five-dollars ($5.00) for each piece of spam or unsolicited bulk email transmitted from or otherwise connected with your account,"

"If customers server was compromised (hacked) and then subsequently used for spamming this clause will not apply."

I'm relieved by that last bit! I don't know about others on here, but one of my fears is getting compromised and having some spammer rack up huge bills, or worse. (I've never had my own machines compromised - going back as far as early Apache on Solaris 2.5.1 - but I see enough attempts for it to be a worry.)

I've just signed up for a Vultr VM of my own and set it up running OpenBSD. Spam is actually part of my motivation (filtering it out, I mean, not sending it!) - with a few persistent spammers, I really need either to reject or ideally tarpit their MTA during the attempt. Fastmail (my current provider) are actually pretty good, but rejecting particular envelope-senders during the SMTP session doesn't seem to be an option: I need my own MTA for that.

I was surprised to see Hetzner mentioned as having anti-spam precautions: given the amount of my current spamload which comes from there, and their apparent indifference (or worse!) to Spamcop reports about it, I had concluded they must be some sort of "pink contract" operation! Indeed, tarpitting SMTP from their whole ASN is quite high up my todo list.

 

[Amitz]

We do not necessarily require the information you've mentioned to lift the smtp block.   Our staff is trained to identify accounts that appear suspicious.   You can PM your email address and we'll activate it on your account.   These measures are in place to prevent abuse and compromised instances from being used by spammers.  


In our opinion it makes the service better for everyone in the long run.   Once your account is flagged to allow smtp you will never have an issue again so its really just a one-time nuisance.    This is better than our customers being inconvenienced with fraudulent accounts and spammers getting entire IP blocks blacklisted, etc.  


We will evaluate the documents we require to be sent in tomorrow.  We certainly understand everyones privacy concerns. It should be noted the documents are deleted immediately and not stored on our systems after the verification process is completed.

I can confirm that. It did not take me more than a simple ticket to have to block lifted within 10 mins.