Hello,

Scenario:

Your customer's dedicated server box has been used by some unknown SPAMMER in a large attack... After sending thousands of SPAM messages, you get contacted by angry people about possibily being BLOCKED from several lists like SPEWS.org, etc..

What do you do?

1. Take the server off-line first and then tell your client someone on the box is spamming?

2. Take the server off-line and then wait for your client to email you asking why server has been down?

3. .... ??

I would like to know how you dedicated providers handle this situation... ALso, what happens if it happens again?? Do you ban your customers box?

We had such a dealing with Rackspace, and they handled it just the way I expected. They contacted us to tell us that spam was originating from one of our boxes, and simple requested a confirmation that we were aware of the problem.

They made note of it in their database, and moved on.

hhmmm wouldn't it be more appropriate shutting down your server down first?

You'll come to find that some companies deal with it better than others.

If we (my daytime job) get spam complaints with headers and full information etc showing that it was from our client, we suspend them until they provide a valid excuse or feasible resolution to the problem. They're also contacted as soon as being suspended. That's with virtual accounts.

With dedicated, we contact the customer and try to find a resolution, and give them a warning. Everything is noted so that if it happens in the future, we know they've done it before.

I would never shut a customer down just because I got a complaint of spam. It would take a good investigation, and proven facts, for me to suspend a anyone.

Now if we see a spammer in action on one of our servers, then he's history.

Innocent until proven guilty ;)

Spammers constantly find new ways to get into mail servers to send out spam as fast as possible before being detected.

When it happens to one of our shared customers, we notify them and urge them to go over their scripts and make sure anything that uses sendmail is properly secured. Future warnings are only given in rare cases. We're pretty strict on securing your scripts properly.

When it happens to one of our dedicated/colo customers, we notify them of the complaint(s) and ask them to resolve it quickly. Then we log it for future cases.

Legitimate anti-spam organizations like SpamCop are pretty flexible. You can always contact a warm body to plea your case to and if you're innocent and can prove it, they'll lift any blocks they have on your IP(s). However, automated anti-spam organizations like SPEWS.org don't care if you're innocent. They'll block ya even if they *sniff* a spammer coming from your general direction (after all, SPEWS stands for Spam Prevention Early Warning System). Read their FAQs for what I mean. I've had many debates on SPEWS before and I'd rather not debate it again here. Search WHT for that debate and save us all some time and reading. :)