HELP! My small internet store is a victim of floods of incoming SPAM. Unfortunately, my provider is a medium sized ISP in Canada. A few years ago, it seemed like a good idea to drop our own company intranet in California, in favor of outsourcing our web and email to this low cost ISP.
We began seeing an immediate rise in the number of junk mail messages on all our accounts. We've spent a lot of time trying to filter them using the tools they provided. It's an hour-per-day ritual and has cost us HUNDREDS of person-hours each year. We made the suggestion to ther ISP that they add features to their web-mail like being able to clear the entire contents of a folder. We also submitted a number of tickets on broken filtering tools, etc. In short, over the 3 years we've been with them, we've submitted about a half dozen tickets which amounted to free QA.
This week, we got an email from their VP of development. They decided that they want to shut us down, or force us to buy an expensive dedicated server solution because of "high utilization"!!! When I pinned them down on what that means, it turned out that this was because of INCOMING mail traffic. I argued that over 90% of that traffic is SPAM. If our business was so good from legitimate email, I'd have no problem paying for a dedicated server, but we average only about 5 legitimate incoming email messages per day, and send only responses to those emails. We are VICTIMS of SPAM, and our ISP is adding insult to injury by trying to shut us down or make us pay through the nose. They said we should be prepared to pay the cost of having a "popular" web site.
Is this legal? Have any customers been able to get an injunction against an ISP for such action? I fear we will be put out of business because the ISP doesn't have it's act together. I'm trying to find a Service Level Agreement, but so far, they haven't shown us factual data to prove that the utilization is that high, when, which domains or user accounts. They haven't even come to us in a good faith effort to try to reduce the SPAM. They just said we must buy another service or be shut down in 2 weeks. WHAT CAN WE DO? Any help is really appreciated.
Rather than fight it out with them, why don't you simply move to another provider? If you're simply talking about "a small internet store" I am quite certain an economically feasible plan could be set up in a matter of hours for you.
Sometimes fighting a battle like the one you are describing is hardly worth the time or effort when a solution could be achieved in a fraction of the time at a fraction of the cost...
I agree with Watcher_TVI... Go with a cheap unmanaged dedicated server or an inexpensive reseller plan and be done with these guys.
CybexHost.com - Shared and Reseller Hosting Solutions on cPanel/WHM Linux Servers ModernTweak.com - Discount ModernBill Licenses, Hosted Installations, and Professional Services :: Pay for your discount ModernBill license with PayPal :: admin[at]cybexhost.com :: AIM: CybexH
It's sounds kinda fishy that all of a sudden since you joined this host that you're getting tons of spam. Maybe this host is the one who's allowing the spam to get through so you would upgrade to a dedicated plan.
Move your site before they shut you down, but don't let them know what your intentions are or they will shut you down to prevent you from moving. I just hope you have a back-up of your site just incase.
1) Change providers, don't risk getting shut down.
2) The spam will probably follow you so change your e-mail addresses a bit so that the spam will bounce instead of fill up your e-mails.
3) Also make sure that no text of your e-mail is on your website otherwise it could be spidered. If you insisit on having an e-mail address on your website try making it a graphic so that the spam spiders don't pick it up.
Hopefully this will save you from the negative effects of spam.
THEY have ALREADY been paid (by us), and we've been paying them for 3 years. True, the SPAMMERs should pay, but a responsible ISP would be more understanding and take technical (and perhaps legal) action to PROTECT its customers, not further victimize them... There really are good tools, mail-server security measures and services to drastically reduce this.
I know you may not want to change your email address, but if it's made it onto the mailing lists that get sold all over the place then chances are you're left with little choice. I'm surprised you've made it 10 years without having heavy spam until recently. I can register a new domain and start receiving spam on it by the time it resolves usually, heh
We're looking for other victims to bring pressure to bear for them to change their tactics, or join us to get an injunction or bring a class action lawsuit. At a time when lawmakers are finally taking a stand against those criminals who send SPAM, we'd like make sure every ISP remembers who the real enemy is, and don't try to indirectly PROFIT from the spammers.
Er, how exactly do you think you could legally force them to continue hosting you? Most hosting contracts provide that either side can terminate for any reason whatsoever provided notice is given. Considering you're still there, I imagine they have given you that notice. If your account is causing too many headaches for them, they are fully within their rights to ask you to upgrade or find a new host. It sucks for you, but they're running a business as well, and the "high utilization" is likely causing a number of their other clients to have a lot of problems. If you were in their position, I can't see you putting up with it forever either.
Regarding the money you have prepaid, given that they are terminating the contract, I imagine that they will refund the prepaid funds for the time you won't have service. You should probably contact them about that to make arrangements.
Read your contracts, people! They might actually affect you someday.
Sorry. I haven't followed this thread for a while. Yes, I did end up changing ISPs. I went with Wyith.net. The web tools aren't as good, but they allow telnet and don't care about the mail traffic.
The last few messages were pretty strange. It seems no one is considering the bigger legal and ethical question of whether this is a good policy for ISPs to adopt.
Having formally been in the hosting business, I can understand the providers concerns.
Email can be used to launch a classic DoS attack. The consequences are:
* The sender can consume a lot of the fixed network bandwidth that the ISP must apportion between its customers.
* The mailservers can become overloaded, again, effecting other subscribers, and possibly resulting in lost email. Forwarding all email sent to a targeted domain can help, but a mail-sink is too late, since by the time the message reaches the host running a mailserver, the damage has already been done.
* A layer-4 switch could be used to route/filter the port 25 traffic to a domain, but now you're looking at additional network hardware to insulate the mailservers.
Hence, the answer is, if the ISP does not have the infrastructure to support the traffic, ask the customer to pay to offload the extra infrastructure costs, or move to a provider that already has that infrastructure. We did the latter.
Upon reflection, I suspect their position is fair. Part of the problem may actually have arisen from the fact that we used to be in the hosting business in the early years of commercial Internet, so much of the mail to our domain would have gone to any of the 300 user accounts we once supported. Multiply that by 10 if you assume those former account holders addresses ended up on SPAM lists.
Originally posted by superbvictim I've gotten a lot of suggestions about moving to another provide, etc. That is certainly, an option, but I'm surprised no one thinks it's a good idea to stand on principles, like:
1. We've had the same email addresses for nearly 10 years. These are 100% for business purposes -- we're not fly-by-night or Hotmail users.
2. We've just PREPAID for our domains, email accounts and extra storage for the next 6-months.
3. We have CGIs for customer support, sales inquiry forms and a whole set of forums. Moving this stuff around and making changes will cost time and money.
Why should we have to pay for a new service, development, headaches, and burn our existing investment rather than do ANYTHING to force the ISP to see reason?
THIS COULD HAPPEN TO YOU.
It does not sound like they are giving you a choice, and fighting them on this, may result in your services being totaly shut down.
It may also end up costing you a large sum of money, to fight it, although you may disagree with them, and you may indeed be in the right, is it worth having your services totaly shut down, or maybe spending many thousands of dollars to fight it. I would agree with the others here, your best bet is to move on, check out who you are going to move to, ask them questions about their spam filtering. I can not have any way of knowing what type of filtering thay have in place, but there are many things a provider can do to cut down on spam comeing to their servers, and it is not a difficult task at all. We have reduced the amount of spam to our servers dramaticaly, with tweaks to the mail server software, and any provider can do this.