All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Snowshow spammers and "low end" server providers
I've been operating a mailserver for a small tech company since 1999. Naturally we have many email addresses that have become defunct over the years, and both these and most of our current active addresses have been circulating in various spamer's lists for years.
My approach to spam blocking is that upon receipt of a spam from, say, 1.2.3.4, I will search our server's logs for any evidence that a valid or "good" email has ever been received from 1.2.0.0/16. If not, I will add 1.2.0.0/16 to my server's blocking list - regardless of how that /16 is allocated or subdivided. I am blocking about 80 /8 "A-classes", and in total I'm probably blocking 70% of all IPv4 IP space.
Yesterday I noticed in our logs a persistent IP that was attempting SMTP contact, but was being rejected by our server. The IP was 107.182.132.149. The rDNS indicated the domain "queryfoundry.net" - which doesn't seem to operate a website for for which a web search returns nothing useful about that entity. Whois information links that IP to Cloudshards (or Cloud Shards).
A websearch for Cloud Shards / Query Foundary led me to this "low end talk" forum, where (apparently) someone who owns, runs, or works for that entity has posted here.
I just wanted to inform this community, and that person, that according to my own experience (as the repeated, rejected SMTP connection attempts by one of your servers) and Spamhaus entry for 107.182.132.149 confirms that you are indeed hosting a snowshoe spammer, and what-ever claims you are making or have made on this forum that you run a clean operation seems to be false.
Comments
Because no host has ever had a spammer sign up and use their VPS for spam?
Why not just email [email protected]?
Drama fail
Huh? You are free to block the whole internet, but that is your own problem, not ours.
Just report abuse, I get a lot of crap from PSYCHZ-NETWORKS.
This.
@SumGuy - there are plenty of tools for reporting spam:
SpamCop will allow you to copy/paste the mail into their interface and it will fire off emails to the relevant abuse contacts
Spamhaus will list this type of spammer on their various BLs. You can also look up the IP address there to see if its listed.
You want to add some blacklists to your mailserver then you'll be able to drop affected IPs automatically
Why even bother to complain about spam? If it gets through the spammer will just send more from another server. If it doesn't ... well then there is no need to complain..
We actively address spam abuse reports. Please do send it to [email protected] as indicated. Thanks!
I just wish that the spammers that are increasingly using hosted servers (as opposed to botnets) would write their spam-sending code to NOT REPEATEDLY try to perform SMTP connections to destination servers that have rejected their connection attempts. I don't need to see hundreds and thousands of SMTP connect-reject entries in my log files from IP's belonging to rent-a-server outfits like OHV, Rapidswitch, KVC, Query Foundary, etc.
You would not believe the number of rent-a-server operations that ignore spam and abuse reports.
We don't ignore them. They all get sent into a task queue that gets looked at by a dedicated team.
Wow someone is posting on here that is not trying to get a 4GB Ram with 8CPU core and 100GB Drive VPS for only $3 month or a dedicated w/32GB Ram and 2 CPU for 16 core with 4 x 2TB SSD drives for $10 month? how refreshing.
Just because you don't get a reply, doesn't mean your complaint is being ignored. We take action on every complaint we receive but unless the complaint specifically asks for a reply, we generally do not inform those submitting the abuse report of the actions taken as it is too time consuming to reply to every abuse report received. I am sure a lot of other hosts take a similar approach.
Change log policy? Fail2ban? Use grep to find relevant entries?
You would not believe the amount of idiots that don't even use the proper abuse channels and instead build themselves in to a fortress of ignorance so 90% of the good stuff gets excluded as well.
concerto49 said:
You've seen my public report of the dozens of attempted SMTP contacts yesterday by an IP that you operate (107.182.132.149). You've seen how spamhaus is listing that IP as a known snow-shoe operation.
Isin't that enough for you to take action, investigate and stop the activity that machine is performing and shit-can the customer using your server in that way?
You shouldn't need any sort of abuse email from me to take action and shut down that spam operation being performed by your server.
This. People who block entire large ranges like this will exclude my customers, for example, just because I use OVH. That's fine, but I have the best customers around so...their loss. There's a time for blocking ranges and it isn't after receiving 4 spam emails.
A paper trail makes life easier for you and them. Sending them an e-mail with proper logs and details goes a long way and if you're not willing to take the minimal steps required then is it really a big issue? You'd be surprised how many "abuse complaints" we get from kids who don't have valid claims and just want us to kick/term a client that beat them in Call of Duty one time.
A post on a public forum that is not owned by CloudShards holds as much weight as posting your complaint to a tree near your house and hoping they act upon it.
Now if Spamhaus contacted them already (and they don't always contact us providers for some reason), adding another complaint to the pile will probably have their team act upon it faster also.
Do any of you people read / participate in the usenet newsgroup news.admin.net-abuse.email?
If you want to become aware of what the people that operate mail servers think of various hosted-server mail / spam operations (such as ohv), if you want to read about the experiences of actual mail admins who deal with the abuse generated by hosted servers, who report abuse but see these reports go nowhere, then you are well advised to follow some of the conversations that happen in that newsgroup.
For those of you who's interest or use of hosted servers does not extend to using them to perform email campaigns of any sort, then naturally none of this would be of any interest to you.
I deal with more abuse in a day than you do in a year. You run one mail server. I've run thousands, with millions of transactions per hour combined. You do not know how to run a mail server, you communicated that in your first post. It's fine. When you get tired of trying, hit me up and I'll give you a really good deal on hosting your mail services.
I don't mean to sound like a jerk, but people who block entire hosting outfits for a few received spam really bother me, because I'm the one who has to explain to the clients of your clients why you can't run a mail server and why it isn't their fault.
Jar, with such a condescending remark like that, do you honestly think I would ever take you up on such an offer?
What makes you think I need to change anything I've been doing for years? I'm only pointing out bad server behavior and wonder why it happens. There is no need for any spam servers (be they part of a botnet or a so-called "reputable" server farm) to be so stupid as to continuously attempt STMP delivery dozens or hundreds of times a day to destination machines that reject the connections.
I don't really care if you take up the offer. The remark was condescending because I have to deal with the fallout of bad admins who block ranges.
As far as why should you change? Don't bother. Eventually someone at that company will need something to come through that you've blocked and your job will be on the table. That's the reality, and with the growth of the hosting market and email services being so much more spread out than they were a decade ago, your risk to your own job is increasing by your same old tactics.
Eventually you will be forced to change your tactics or they will find a new administrator. I say just let those events play out. No skin off my back. I said what I wanted to say.
You'd be correct to note that I am expressing frustration that extends far beyond yourself. I just don't get to talk to someone of your type very often
Why not use some reliable RBL lists so you avoid these black listed IP than :> @Nekki said:
I happen to be the principle owner of the company, so I have a HUGE interest to make sure that mail from exiting or new sales prospects make it through to our sales people, and I have found over the years that I can shit-can a huge percentage of IP space and experience close to zero false-positive blocking - because based on a huge database of past experience I know where "good" mail comes from, where where spam has (and like will) come from.
The "contact us" page on our website lists a gmail account that people can reach us at if they are brand-new to us and I happen to be blocking their out-bound SMTP server. The products we sell can cost up to $70k and we are the only comany in the world that makes and sells this particular equipment, so anyone who is a serious prospect will find a way to contact us (by phone, fax, or gmail account). That's our reality.
Our server blocks thousands of SMTP connections per day, from hundreds of unique (or closely related) IP addresses. Yes, most of them are direct-to-mx spambots on residential networks. Those don't bother me. The ones that piss me off are the ones coming from hosted servers that try dozens or hundreds of times a day, continuously for a few days or even a few weeks, and are too stupid enough to realize they're never gonna get through but they keep trying - and needlessly fill my log files.
Oh well nevermind. That's a great reason to block most of the Internet over the course of a decade. Can't have those log files growing to 2MB
It sounds to me like you only need to miss ONE sell from someone who decides they don't need you if you want to make anything difficult for them for it to impact your margins heavily. That's on you. Best of luck with growth with the attitude of "they need us so I don't care how many hoops they have to jump through." You're clearly one competitor away from shutting down.
"so anyone who is a serious prospect will find a way to contact us (by phone, fax, or gmail account)"
You're the owner and yet use a Gmail account for your company? what you can't afford an email server so you can look professional?
He must have blocked his own @aol.com account so he had to use gmail.
We list our corporate sales and support emails first, and then give the gmail account as something to try if they find they can't reach us through the corporate accounts. I thought that would have been clear by reading my entire post - that the function of the gmail account was to use it if our own server was blocking them.
Everyone can learn something new, please don't argue too much!!
Since he is the owner he is happy with he company's performance, let the guy do what he want with his gmail contact
given how this is internet most if not all of his claim is more then likely hot air unless proven, and we will never get the truth anyways.
Certainly. I just deal with the fallout of people like this every day and I don't get many opportunities to speak to them, so this one got my rants. He's free to do what he wants. They'll always be a small company with the attitude of "they need me so if they have to jump through hoops it's their problem." None of us will ever need to be concerned by this person's business practices.