All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Getting spammed with complaints of spam
randvegeta
Member, Host Rep
Interesting stuff happening right now.
A few days ago, I was contacted by a company saying they are receiving spam from us, and from our main mailserver IP no less.
Looking into it further, looks like every single email they are getting is a 'bounce' from our WHMCS automated response. We require support tickets to be opened by registered users, and it seems they are sending us emails to our support addresses, and our system is auto-responding saying they need to be registered or logged in to submit a ticket.
I informed them as much, but they have gone berserk and have now started sending hundreds of complaints.
They have sent 'abuse reports' to more than a dozens email addresses, including to the likes of Hetzner, Cogent, Enom, Scammed.by, and a half dozen hosting companies.
I can only assume that they are trying to 'pressure' us into taking some action. And yet there is a certain irony in that they have resorted to spamming not only us, but a few dozen other addresses at the same time, just to complain about us. They are literally sending out e-mails every minute, and cc'ing dozens of addresses.
Unbelievable.
Comments
Ignore until competent person contact you. Turn off WHMCS auto responder. As a side note - maybe competitors pwning you?
The autoresponder is there to ensure that our legitimate clients know that their ticket was not opened/received. We cannot turn it off. We could block the spammers e-mail address, this would stop our autoresponder from responding to their e-mails, but switching the whole thing off would be unreasonable. Clients get angry when they can't get through to you.
Our phone lines also block calls from unknown numbers. If we don't we just constant calls from telemarketers, fax machines and the occasional 'denial of service'. Some people are apparently upset about not being able to reach us when calling with a withheld number, and think we should just hire more staff to manually screen it
Pwning? Doesnt that mean to defeat?
Assuming that the email is only coming from a few IPs why not block their emails to the auto-responder ?
iptables is my best friend
Move your email over to me and I'll fight them for you. I tend to do this fairly transparently, no ask required. It's easy to see when someone is attacking a customer and needs to be dealt with.
I have actually just blacklisted them entirely since they have decided to spam us. Checking my spam filter, I can see about a 50 emails per minute coming from them.
The point was that they actually have some problem on their side. It should not be up to us to block their spam in order for them not to receive our bounces, but for them to stop sending their spam to us in the first place.
What exactly do you offer? I've got SpamExperts running, but I had to manually block them. I actually think they use Spam-experts too...
I’ve stopped accepting support tickets via email.
Too easy and too much spam for one man to handle.
Too easy and too much spam for one man to handle.
Why not let registered users submit tickets by email?
Basic email hosting at the core, heavy management of the backend, aiming for top deliverability but you can see from a couple threads down there’s a current exception I’m working on.
The backend management is key here. I’d see the email loop to the recipient and block them from being a valid recipient, then I’d see their inbound spam trending and work on filtering it out with IP blocks, sender blocks, whatever is necessary.
Basically email admin as a service
Can I use you to filter outbound spam on a network wide basis?
We are using G-Suite for our mails, as well as support emails which are forwarded and piped to whmcs and we get almost zero spam with it
In the future I hope
Need to perfect a few things and scale out a bit more before I'm ready to take on something that large.
Same reason I don’t give the answer in the reply email. It is for notification only.
It easy to send an email, signing in requires some effort and that is the least I can request from my customers.
Do why not just add a rule in your mail server to dev null their mails and be done with it ? Not worth spending time to write the post IMO
The E-mails do not bother me any more. I blacklisted by the time I opened this post.
I just thought it was interesting. It's just something to add to the long list of bogus abuse reports we receive.
I mean it seems like a potential attack method. You send out bogus abuse reports to people, and basically they kind of HAVE to follow up, or risk being responsible for hosting abusive things. It's a way to waste people's time.
Basically email may potentially be an un-viable method of abuse notification as it itself is open to abuse. There is zero cost to send out an Email, which makes it easy to abuse. This is actually a reasonable justification for having abuse notifications made by post.
bounce the emails to abuse@ with the message that they can send abuse via webform and add a captcha to it to prevent bots from using it.
Pretty much do that already. We request abuse reports to be submitted via ticket system and we also use captchas. The abuse@ address also 'bounces'. But most abuse reports still end up getting sent to other addresses associated with our domains.