Results 1 to 16 of 16
  1. #1
    Join Date
    Feb 2008
    Location
    Wilkes-Barre, PA
    Posts
    1,119

    What is your spam policy?

    Recently we've been having a lot of issues with clients sending spam. How do you handle this? Do you shutdown the servers immediately or notify them and wait for a response? Or does it depend on the situation?

    I'm trying to decide what others deem acceptable in terms of giving the client a chance to fix the issue and preventing spam from leaving our network.
    NEPA Fiber
    AS 394868 - Wilkes-Barre, PA
    █ Fiber Internet, Dedicated Servers, Colocation, Cloud
    100% Uptime SLA - 24/7/365 Support

  2. #2
    Notify them and wait for a response. If there isn't a response in 24 hours, IP addresses gets nulled.

    If you find that they get repeated spam complaints you can always block SMTP on the customer's vlan or give them the boot.
    NewYorkCityServers.com - Specializing In Dedicated Servers and Financial Hosting
    True Enterprise Service, Tier 3 Manhattan Datacenter, 100+ Gbps Network, 100% Uptime Guarantee, 24x7 Support - Email, Tickets, Phone and Live Chat
    Bandwidth Graphs, Remote Power Control, Automated OS Re-installs, Secured IPMI+KVM Included With Every Server

  3. #3
    Join Date
    Feb 2008
    Location
    Wilkes-Barre, PA
    Posts
    1,119
    Quote Originally Posted by NYCServers-Nick View Post
    Notify them and wait for a response. If there isn't a response in 24 hours, IP addresses gets nulled.

    If you find that they get repeated spam complaints you can always block SMTP on the customer's vlan or give them the boot.
    This is what we have been doing, but even if we let these go for 24 hours, our entire IP range has been getting hit. Today, for instance, Spamhaus listed a whole /24 on us for an incident that started less than 48 hours ago.
    NEPA Fiber
    AS 394868 - Wilkes-Barre, PA
    █ Fiber Internet, Dedicated Servers, Colocation, Cloud
    100% Uptime SLA - 24/7/365 Support

  4. #4
    How strict is your verification process for new orders and large IPv4 block orders? Tightening down your verification should weed out some of the spammers. From what I've seen spammers communicate with each other. When they're able to find a host with relaxed verification they tell their friends so they can sign up too.
    NewYorkCityServers.com - Specializing In Dedicated Servers and Financial Hosting
    True Enterprise Service, Tier 3 Manhattan Datacenter, 100+ Gbps Network, 100% Uptime Guarantee, 24x7 Support - Email, Tickets, Phone and Live Chat
    Bandwidth Graphs, Remote Power Control, Automated OS Re-installs, Secured IPMI+KVM Included With Every Server

  5. #5
    Join Date
    Jul 2005
    Location
    Australia
    Posts
    117
    Quote Originally Posted by NYCServers-Nick View Post
    How strict is your verification process for new orders and large IPv4 block orders? Tightening down your verification should weed out some of the spammers. From what I've seen spammers communicate with each other. When they're able to find a host with relaxed verification they tell their friends so they can sign up too.
    This was certainly our experience some time back. You'd see a string of bad orders that would be sending spam from day 1, and then they'd charge back the payment as well as soon as they were done.
    IOFLOOD.com -- We Love Servers
    High ram servers with lots of IPs back in stock.
    Email: sales [at] ioflood.com

  6. #6
    Join Date
    Jul 2005
    Location
    Australia
    Posts
    117
    Quote Originally Posted by Encrypted View Post
    This is what we have been doing, but even if we let these go for 24 hours, our entire IP range has been getting hit. Today, for instance, Spamhaus listed a whole /24 on us for an incident that started less than 48 hours ago.
    Our experience with Spamhaus is that the more often you end up on their radar, the more likely they are to just start blocking /24's, or even a /22 or a /21 for similar recurrent issues in the same ARIN allocation.

    You should really give zero tolerance for any Spamhaus listing that looks to be even remotely founded, null route the IP and then tell them immediately that you've got it in hand and for the most part they're not too bad about it as they see you're working to solve the issues.

    Let it linger, or keep repeating, and yes they get cranky at you pretty quickly and when you've got 1 person on your network that has already exploited you to order a server or three with different fraudulent details, and then they tell their friends and they start doing the same, it escalates out of control pretty quickly.
    IOFLOOD.com -- We Love Servers
    High ram servers with lots of IPs back in stock.
    Email: sales [at] ioflood.com

  7. #7
    Join Date
    Oct 2005
    Location
    Internet
    Posts
    1,134
    You spam you die, no exceptions.
    GeekDub Hosting, Reseller, VPS and more! ●

  8. #8
    Join Date
    Aug 2013
    Posts
    494
    Why not block SMTP ports while they're working out the issue. Notify them via appropriate channels and then if they correct it turn the ports back on and see how it goes?

  9. #9
    Join Date
    Feb 2008
    Location
    Wilkes-Barre, PA
    Posts
    1,119
    Quote Originally Posted by critihost View Post
    Why not block SMTP ports while they're working out the issue. Notify them via appropriate channels and then if they correct it turn the ports back on and see how it goes?
    This might actually be the best suggestion thus far. (For 1st time issues anyway.) Keeps the server online but reduces further risk.
    NEPA Fiber
    AS 394868 - Wilkes-Barre, PA
    █ Fiber Internet, Dedicated Servers, Colocation, Cloud
    100% Uptime SLA - 24/7/365 Support

  10. #10
    Join Date
    Jun 2013
    Location
    Los Angeles
    Posts
    327
    Quote Originally Posted by Encrypted View Post
    This might actually be the best suggestion thus far. (For 1st time issues anyway.) Keeps the server online but reduces further risk.
    We don't do any filtering in general, so that option is unfeasible for us for a number of reasons (I can't imagine the headaches that'd ensue attempting to keep track of all those random ACLs, even if we had a system for it).

    It depends on the situation and severity, but our policy is to give them ~24 hours and then blackhole the offending IP(s). Spamhaus listings require termination of the end client (the spammer) in most cases.

    The best way to avoid having massive IP blocks listed on Spamhaus's SBL is probably to keep an open line of communication with them. If they know who you are and know that you're going to take care of the problem expediently, then they're less likely to purposely cause problems for you.

  11. #11
    Join Date
    Oct 2012
    Location
    Canada
    Posts
    1,176
    If we see SPAM, even suspect it we suspend the service immediately. Might be a little harsh but it happens to get their attention. If they chargeback we will fight the chargeback too. If we all unite and keep our spam policies the same they will have to do some real good searches... if we give into them, we will end up with the short stick. Just today we had a client signup and upload a booter... few moments later 2 other people signed up... and uploaded the same thing... cancelled/refund and fraud for all the orders... these abusers have some really great communication but ensure you and your team are on the top of it and have your game face on... GO TEAM!
    TrentaHost INC. | 5 Years Operating | DDOS Protected Network | Multiple Locations | 24/7 Support
    DDOS Protected Web/Reseller/Master - DEDICATED IP | WHMCS | CloudFlare | LiteSpeed | CloudLinux
    DDOS Protected KVM Windows & Linux VPS | 7 Locations | 20GBPS DDOS Protection Windows & Linux VPS
    DDOS Protected Dedicated Servers | 20GBPS DDOS Protection | Control Panel | Price Match Guarantee*

  12. #12
    Join Date
    Feb 2008
    Location
    Wilkes-Barre, PA
    Posts
    1,119
    I used to be rather bitter towards Spamhaus's excessive blacklisting, but based upon on our own internal adjustments recently, I'm actually finding that their methods could lead to more stringent precautions by ISP's overall.

    Quote Originally Posted by TrentaHost View Post
    Just today we had a client signup and upload a booter... few moments later 2 other people signed up... and uploaded the same thing... cancelled/refund and fraud for all the orders...
    I'm actually debating in my head whether or not you should even refund them. We have in our TOS that servers terminated for abuse or not subject to a refund. Sure, it may be the right thing to do, but they're just going to take that money and buy another server elsewhere. Perhaps if they start to feel the financial strain on their operations they'll give up the act and find something else to do. Of course, there's always the chance that they're using stolen funds to pay for the service to begin with, which may lead to a chargeback later on.
    Last edited by Encrypted; 09-26-2013 at 10:37 PM.
    NEPA Fiber
    AS 394868 - Wilkes-Barre, PA
    █ Fiber Internet, Dedicated Servers, Colocation, Cloud
    100% Uptime SLA - 24/7/365 Support

  13. #13
    Join Date
    Oct 2012
    Location
    Canada
    Posts
    1,176
    Quote Originally Posted by Encrypted View Post
    I used to be rather bitter towards Spamhaus's excessive blacklisting, but based upon on our own internal adjustments recently, I'm actually finding that their methods could lead to more stringent precautions by ISP's overall.


    I'm actually debating in my head whether or not you should even refund them. We have in our TOS that servers terminated for abuse or not subject to a refund. Sure, it may be the right thing to do, but they're just going to take that money and buy another server elsewhere. Perhaps if they start to feel the financial strain on their operations they'll give up the act and find something else to do. Of course, there's always the chance that they're using stolen funds to pay for the service to begin with, which may lead to a chargeback later on.
    Oh sorry for misunderstanding, I refunded the 3 guys who ordered today... I refunded moments after they ordered... so that's fine, but users who actually spam and are caught down the line, no way are they getting a refund. If you don't want the trouble.. and chargebacks yeah go right ahead and refund... I'd rather put them through the wait for them to get their money back. I believe if they use your service then the money is rightfully yours.. if they just ordered a few hours ago then refund.
    TrentaHost INC. | 5 Years Operating | DDOS Protected Network | Multiple Locations | 24/7 Support
    DDOS Protected Web/Reseller/Master - DEDICATED IP | WHMCS | CloudFlare | LiteSpeed | CloudLinux
    DDOS Protected KVM Windows & Linux VPS | 7 Locations | 20GBPS DDOS Protection Windows & Linux VPS
    DDOS Protected Dedicated Servers | 20GBPS DDOS Protection | Control Panel | Price Match Guarantee*

  14. #14
    How we react depends on what exactly the abuse report(s) say. If it's a one off and the customer has been with you for years, then it demands a different type of reaction to if a customer has just signed up and then 100s of abuse reports come in.

    Common sense can go a long way - luckily as we're a colo operator we don't get many of the second type of thing.

  15. #15
    Join Date
    Aug 2003
    Location
    /dev/null
    Posts
    2,131
    It might be helpful to say that if you keep your SWIPs and RDNS updated, Spamhaus will only list the smallest blocks it can find (unless you are a repeat offender).

  16. #16
    Join Date
    Dec 2012
    Location
    .ssh
    Posts
    976
    Notify and wait for a response, failing that suspend. However we don't tolerate it, so many problems come with it even if they follow rules it is just not worth it

Similar Threads

  1. FDC spam and can-spam policy?
    By wormy in forum Dedicated Server
    Replies: 44
    Last Post: 08-12-2010, 10:09 PM
  2. Softlayer Spam Policy?
    By ManXP in forum Dedicated Server
    Replies: 9
    Last Post: 01-30-2007, 10:57 AM
  3. help with TOS, AUP and SPAM policy
    By jundat in forum Reseller Hosting
    Replies: 2
    Last Post: 02-14-2005, 09:41 PM
  4. rackshacks spam policy
    By sbhmike in forum Running a Web Hosting Business
    Replies: 1
    Last Post: 09-11-2003, 06:01 PM
  5. What is your policy on spam hosts?
    By Dexter in forum Running a Web Hosting Business
    Replies: 5
    Last Post: 01-08-2003, 12:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •