03-01-2012, 01:42 PM
|
|
Web Hosting Evangelist
|
|
Join Date: Dec 2009
Posts: 497
|
|
IPs and the SPAMMERs that want them
Through the years, it has become more and more difficult to weed out the legitimate IP request, versus the ones bound for blacklisting. We have a justification policy, a very strict abuse department, and our IPs are not inexpensive to add. Yet each week it seems we are delisting another /24. This is a HUGE inconvenience not only for us, but for any client unfortunate enough to have IPs within that /24. I would love to hear from the community to hear their experiences. Lord, I HATE SPAM!
__________________
Rob@HIVELOCITY.NET
Award Winning Dedicated Servers
24/7 Impressive Technical Support- Huge Reseller Discounts
Best Dedicated Server Price Every Time- 1 click away
|
03-01-2012, 01:49 PM
|
|
WHT Addict
|
|
Join Date: Sep 2010
Posts: 105
|
|
Why not just advertise the IPs with port 25 blocked on all but 5 IPs or something?
|
03-01-2012, 01:53 PM
|
|
You broke the internet!!
|
|
Join Date: Oct 2005
Location: USA
Posts: 889
|
|
Find very good spam software and force everyone to use it?  Or educate over night web hosts who don't know jack about running a hosting company.
__________________
The web hosting market will never die. Virtual environments are forever the future and easily adapt to change. Welcome to the world wide web!
|
03-01-2012, 02:44 PM
|
|
Community Liaison
|
|
Join Date: May 2004
Location: Toronto, Canada
Posts: 4,705
|
|
Do you find it is direct clients causing the problem or resold servers?
|
03-01-2012, 02:48 PM
|
|
Web Hosting Evangelist
|
|
Join Date: Dec 2009
Posts: 497
|
|
I have found it to be both honestly. Sometimes a direct client, sometimes it is a reseller who has a bad client. But we have also seen the reseller who swears it is not them, yet every IP is a SPAM source. Never wanting to call anyone a liar, although if the shoe fits.........
__________________
Rob@HIVELOCITY.NET
Award Winning Dedicated Servers
24/7 Impressive Technical Support- Huge Reseller Discounts
Best Dedicated Server Price Every Time- 1 click away
|
03-01-2012, 03:01 PM
|
|
Premium Member
|
|
Join Date: Jun 2011
Location: Aberdeen
Posts: 2,130
|
|
Quote:
Originally Posted by Rob Hivelocity
I have found it to be both honestly. Sometimes a direct client, sometimes it is a reseller who has a bad client. But we have also seen the reseller who swears it is not them, yet every IP is a SPAM source. Never wanting to call anyone a liar, although if the shoe fits.........
|
You could take up a 3 strikes policy - 3 incidents and that particular server gets suspended for investigation?
We have recently taken up a much more strict policy on UDP floods - and we've successfully reduced attacks down from several per week to none.
|
03-01-2012, 03:17 PM
|
|
Web Hosting Evangelist
|
|
Join Date: Dec 2009
Posts: 497
|
|
Quote:
Originally Posted by Flapadar
You could take up a 3 strikes policy - 3 incidents and that particular server gets suspended for investigation?
|
We have a strong abuse department that monitors the complaints, and we do understand these things sometimes happen. It is more the flippant client response of, "Oh really? Sorry about that." Then they are gone. One month of service, /24 listed, and they are on to the next host to repeat the process. Just frustrating.
__________________
Rob@HIVELOCITY.NET
Award Winning Dedicated Servers
24/7 Impressive Technical Support- Huge Reseller Discounts
Best Dedicated Server Price Every Time- 1 click away
Last edited by writespeak; 03-06-2012 at 11:47 AM.
Reason: Added missing [/quote]
|
03-01-2012, 03:25 PM
|
|
Premium Member
|
|
Join Date: Jun 2011
Location: Aberdeen
Posts: 2,130
|
|
Quote:
Originally Posted by Rob Hivelocity
We have a strong abuse department that monitors the complaints, and we do understand these things sometimes happen. It is more the flippant client response of, "Oh really? Sorry about that." Then they are gone. One month of service, /24 listed, and they are on to the next host to repeat the process. Just frustrating.
|
Hetzner (from what I've noticed) have internal spam monitoring servers. I'm unsure how feasible that might be of an idea, but it's an idea.
|
03-01-2012, 03:33 PM
|
|
Web Hosting Master
|
|
Join Date: Aug 2007
Location: Alblasserdam
Posts: 2,770
|
|
Those spammers are a serious pain in the ass indeed. We do the necessary checks before even accepting such customers. Mostly the default story like SEO and 'SSL hosting' or 'double opt-in' comes in mind, mostly used by a lot of spammers.
I advice companies who actually get such requests to do some work before even thinking of accepting them. Why would a legit mailing have a private whois? Why would he mail from a gmail address? Why would his name be listed on google as spammer. Why would he need reverse DNS on domains that are registered the same day? Those are things I run into myself when doing the checks so it's easy to filter out the bogus ones 
__________________
█ Instant Dedicated - Europe ( The Netherlands) + Las Vegas ( USA) : Get online, in no time! IPV4 + IPV6 Support!
█ TIER 3 datacenter (Europe) with 100% power uptime in 2012-2013 | TIER 4 datacenter (USA) with 100% Guaranteed Uptime
█ Connectivity: Transit: Level3, Telia, NTT, TInet, ... + Peering: AMS-IX, DE-CIX, LINX, PLIX, ECIX, BNIX, BIX, NYIIX, ...
|
03-01-2012, 03:33 PM
|
|
Web Hosting Master
|
|
Join Date: Jun 2004
Location: Europe
Posts: 2,798
|
|
Quote:
Originally Posted by Flapadar
Hetzner (from what I've noticed) have internal spam monitoring servers
|
We are currently testing a solution like this in one of our datacenters, we have build the solution in house. We had to design it carefully, to not breach any privacy regulation or impact in any way the privacy of clients or emails, it works very well so far. It does not block mail and does not have the capability to block mail, but it works wonders in finding spam originating from our network and report this to our abuse team, well before any blacklists come in action or even notice the spam activity.
We might consider to bring it on the market if we conclude all tests successfully over a longer period of time.
__________________
█ Swiftway.net Your Business deserves our Quality - Experts on Hand since 2005
----------------------------------------------------------------------------------------
█ Premium business provider guaranteed support response time within 15 minutes. >12 500 followers on twitter.com/swiftwaynet Contact Swiftway
|
03-01-2012, 03:39 PM
|
|
Web Hosting Evangelist
|
|
Join Date: Dec 2009
Posts: 497
|
|
I could not agree more, sounds like the same excuses we hear. The SPAMMERs are much more aware of the buzz words used for IP justification. We use SURBL, MXToolbox, DNS STuff, and Google, and they still get through.
__________________
Rob@HIVELOCITY.NET
Award Winning Dedicated Servers
24/7 Impressive Technical Support- Huge Reseller Discounts
Best Dedicated Server Price Every Time- 1 click away
|
03-01-2012, 05:19 PM
|
|
***GE user
|
|
Join Date: May 2009
Location: China / HK / Austria
Posts: 2,261
|
|
Yea... go complain about a few /24...
I have currently more than a /16 (total, not one block) listed at various RBLs because of stupid customers...
|
03-01-2012, 05:35 PM
|
|
Web Hosting Master
|
|
Join Date: May 2005
Posts: 965
|
|
Why not just charge more per IP?
Spammers look for cheapest IPs possible. So just charge more. Then they won't have much of a motive to come and you'll have more resources to fend off these annoyances.
Sounds like a win-win situation to me.
Legitimate users? I can't really think of legitimate users who desperately needs cheap IPs at a mass quantity. Though, I'm sure I could be proved wrong.
__________________
I'm not a hosting company. I have no sig to spam.
|
03-01-2012, 05:50 PM
|
|
Web Hosting Evangelist
|
|
Join Date: Sep 2010
Location: Jacksonville, Florida
Posts: 494
|
|
Rate limiting port 25 per IP works pretty well for stopping or at least slowing down spammers.. Just impose a 600 or 1000 emails per hour limit just as you would in a typical shared hosting environment. We do this on our VPS host nodes via iptables and it allows us to catch the drive by spammers pretty quickly and usually before they hit the black list.
Using this method does not permanently block outgoing mail but it will delay it if to many are sent at one time.
|
03-01-2012, 06:08 PM
|
|
|=|*LL* * *m Chr**
|
|
Join Date: Aug 2007
Location: DOWNTOWN LOS ANGELES
Posts: 2,626
|
|
Monitor your rDNS record changes...
__________________
░ QuadraNet.com™ - Enterprise Dedicated Servers, Cloud Hosting, and Colocation ♫
░ Focused on automation, accessibility, and scalability. Datacenters in ► Los Angeles ► Dallas ► Miami
░ Features Include: Private Network, SSL VPN Passthru, KVM over IP, Remote Reboot, Remote OS Reload ♫
░ Read our BLOG! http://blog.quadranet.com Try our Asian Optimized Network in LA!
|
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
