Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


ThrustVPS Spamhaus
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

ThrustVPS Spamhaus

epaslvepaslv Member
edited May 2012 in General

Watch out if you want to get a VPS with ThrustVPS, especially if running mail.

We found out that Spamhaus has their the whole 109.169.64.0/21 (RAPIDSWITCH, Iomart Hosting Ltd) subnet listed as per http://www.spamhaus.org/sbl/query/SBL135447. Although our IP is not listed, it looks they they listed the whole subnet as they found 10 hosts from ThrustVPS considered as spammers.

However, we are into the second week of getting ThrusVPS support to do something about it. Today they sent an update to the ticket, asking us what we have done to try and fix the problem. They clearly don't understand what is going on or their obligation to try and get de-listed by Spamhaus.

Ironically, we run a spam filter service which is now pracatically useless since many hosts use Spamhaus and we find our mail server blocked due to being listed.

On the other hand, does having 10 or so IP addresses listed as SPAM warrant Spamhaus to block some 8190 hosts ?

Should 100% of hosts be penalized for the 0.1% of hosts that are spammers?

Comments

  • AldryicAldryic Member

    @epaslv said: On the other hand, does having 10 or so IP addresses listed as SPAM warrant Spamhaus to block some 8190 hosts ?

    Should 100% of hosts be penalized for the 0.1% of hosts that are spammers?

    Considering the history on the Spamhaus report, it doesn't surprise me in the least. I'm willing to bet the primary reason for the /21 being listed would be lack of action from Thrust's admin team; it wouldn't be all that unreasonable for Spamhaus to assume that Thrust was intentionally selling to spammers/phishers if they never responded to the abuse reports.

  • All the spam that pretty much comes out the UK comes from Thrust, so its not surprising since they do nothing about it

  • DamianDamian Member
    edited May 2012

    Spamhaus listed an entire /24 of ours once:

    Ref: SBL130539
    69.53.223.0/24 is listed on the Spamhaus Block List (SBL)
    28-Feb-2012 20:33 GMT | SR01
    
    tollridges.com
    
    Spamming to addresses from cheap "millions" CDROMs containing Spamhaus Spamtraps.
    
    DBL-listed spam domains in this /24:
    
    69.53.223.xxx   xxxxxxxxxxxxx.com
    
    

    Because of spam emitting from a single IP on it. Caused a LOT of issues for other clients on that issue. Apparently Spamhaus enjoys painting with a wide brush. They received an extremely unhappy email from me (that they actually responded to!).

    So regarding:

    @epaslv said: On the other hand, does having 10 or so IP addresses listed as SPAM warrant Spamhaus to block some 8190 hosts ?

    Should 100% of hosts be penalized for the 0.1% of hosts that are spammers?

    Not surprising for Spamhaus.

  • miTgiBmiTgiB Member

    @epaslv said: On the other hand, does having 10 or so IP addresses listed as SPAM warrant Spamhaus to block some 8190 hosts ?

    Should 100% of hosts be penalized for the 0.1% of hosts that are spammers?

    This is what happen when you give idiots too much authority, and when laws greatly conflict from one country to another. Bulk mailing, within the confines of the CAN-SPAM Act is perfectly legal in the US, and totally violates spam laws in the UK. Now we have a UK organization listing mailings that are within the law as hard core spammers in the US. And there are far too many legal maneuvers on both sides to make any harmony a dream even Martin Luther King could not have.

    I recently received an SBL for some known spammer that signed up, and promptly suspended the VPS and replied to the SBL report as such. Because I did not respond terminated and instead suspended, SpamNaziHaus listed all my space as revenge.

    It was simple enough to get that listing removed going over the head and calmly pointing out the front line people need to be better trained if they are going to be given that type of power, but really, I suspend a VPS that gets a listing, it will never get unsuspended, only terminated, but I want that IP to ferment a bit so the next person that does get it is not going to inherit the troubles caused by the 1st idiot.

  • AldryicAldryic Member

    @Damian said: Spamhaus listed an entire /24 of ours once:

    They've done the same for us, as well. I must admit though, that after dealing with the spammer and contacting them, they replied and delisted us rather promptly. All in all, we were on the SBL for maybe six hours and I had plenty of documentation to explain the situation to the few clients that noticed.

  • KuJoeKuJoe Member, Host Rep
    edited May 2012

    Somebody signed up for a forum one of my clients was hosting on a VPS they have with us. They marked the registration e-mail as spam and reported it to SpamCop. I responded that the e-mail was not spam and the person who reported it started contacting me on my unpublished e-mail address from a anonymous e-mail service and harassing me. I contact SpamCop and they said the person didn't do anything wrong and next time I should just ignore the spam reports from them if I don't want to be harassed.

    http://www.webhostingtalk.com/showthread.php?t=1147795

  • marrcomarrco Member

    @epaslv said: On the other hand, does having 10 or so IP addresses listed as SPAM warrant Spamhaus to block some 8190 hosts ?

    Should 100% of hosts be penalized for the 0.1% of hosts that are spammers?

    Their block list, their rules.

    fwiw, i do use spamhaus lists on all servers i admin at $dayjob. Providers could rate-limit at node level connections to port 25. Or just try to respond to spam reports before having their IP reputation trashed.

    @miTgiB i consider all Unsolicited Bulk Email as SPAM, so opt-out is a big NO here. I guess many so-called VPS providers still have to learn being good neighbors. And Spamhaus is doing a great job keeping my inbox clean.

  • DamianDamian Member

    @Aldryic said: All in all, we were on the SBL for maybe six hours and I had plenty of documentation to explain the situation to the few clients that noticed.

    Same here. I just find it exceptionally annoying that so many things take Spamhaus as gospel.

  • miTgiBmiTgiB Member

    @marrco said: so opt-out is a big NO here

    Where did I ever agree opt-out is good? CAN-SPAM is opt-in only, and each mail must have easy opt-out link. I do not like it, but it is the law in the US, and those in the US using SpamNaziHaus should think twice, as they will block networks over emotional feelings, hardly the beacon of good netizenry folks think they are.

  • marrcomarrco Member

    @miTgiB said: Where did I ever agree opt-out is good? CAN-SPAM is opt-in only

    I don't think can-spam always require a verified/closed loop opt-in. But going back on topic Spamhaus are doing a great job in stopping spam. And I'm, sure you know spamhaus are trusted by quite large corporations and their list protects a huge number of mailboxes ie. look for OU-001 here http://mail.live.com/mail/troubleshooting.aspx#errors

    I'm receiving and blocking (and not reporting anymore to the LEB provider) a growing amount of UBE from LEBs. Even some well knows providers here don't seem to care about spam problem and are not able to promptly act.

    what do you think about rate limit outgoing port 25 connections? I think a few iptables rules can do that at node level. And of course users can always open a ticket and ask not to be included in the limit. Or you can proxy all outgoing mail connections and filter those yourself. I'd even suggest listing you IP space in a DUL list, and offer smtp relaying with strict anti spam check.

  • BlueVMBlueVM Member
    edited May 2012

    Typically we treat all of the other spam services as a joke... yes we suspend the service, but it isn't a big threat. Spamhaus on the other hand is a nightmare, they told us we should raise our prices so as to deter spammers. That because we didn't ID verify our clients it's our fault that spam is being sent. Bunch of nut jobs...

    That being said we terminate on contact with Spamhaus and smile away...

  • AldryicAldryic Member

    Amusingly enough, I just received an abuse report from Spamhaus for a malware controller :P Responded to the issue and replied to their report... let's see how long it takes to get a resolution from them.

  • AldryicAldryic Member
    edited May 2012

    Hah, got a reply from them already.

    Hello,
    
    Thanks for your effort.
    We have removed the SBL record.
    
    Our mirrors will update within the hour.
    
    -- Best regards, 
    Thomas Morrison 
    SBL Removals Team 
    The Spamhaus Project 
    Geneva Switzerland 
    http://www.spamhaus.org
    

    I dunno. I hear a lot of bad about them, but I've been dealing with the abuse reports for BuyVM for a couple of years now, and never had a hard time getting things straightened out.

  • epaslvepaslv Member

    Considering the history on the Spamhaus report, it doesn't surprise me in the least.
    I'm willing to bet the primary reason for the /21 being listed would be lack of action
    from Thrust's admin team

    I think you are correct on this. My tickets have now been closed too many times and ThrustVPS keep saying they will update me shortly.

Sign In or Register to comment.