All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Weird 'abuse' attack
randvegeta
Member, Host Rep
So we have this weird situation where some crazy website (www.gobi.com.sg) is contacting every ISP, spam list, and big hosting providers, and basically complaining about us sending them spam.
So the 'spam' they are receiving are automated responses from our ticketing system. They seem to be emailing our support e-mails, which generally open a ticket, but only if the e-mail is a registered address. So they are sending us thousand of e-mails, which our system promptly deletes and replies with a ticket not opened email.
We are now getting abuse reports every few minutes on several different e-mail address. The number of abuse mail received today is around 600. But the e-mails are coming from the likes of Hetzner, Cogent, Leasweb and other.
This guy has complained to every E-Mail they could associate with our company, including both our service providers and some of our customers.
For some reason, they find blocking our automated response mails to be too difficult or unreasonable, but have found the time to complain about us to dozens of providers/upstreams.
Anyone dealt with something like this before?
Comments
No.
Trying to win another "Useless Comment" award?
No.
Why send a mail for failed opened ticket ? Should solve part of the problem.
I guess you can report them for false report ?
Some customers will send an e-mail to our support address, and if they don't get a response, they may not know the ticket was opened or not. Without some kind of bounce, they may think the e-mail got through fine, and just wait for a response.
Report them where and for what?
Yes, we've had these before. Just block them.
Then the next thought would be that you do not return 1000 mails, but only a certain number per hour / day per recipient. Keyword "rate limit".
Block their mail address on your system so they do not receive your "ticket not opened" mails.
I would propose that you've missed their initial complaint and that they originally tried to reach out to you about it, but then got stuck in an email autoresponder loop. You should fix the loop and reach out to them personally to find the content of their original complaint, as it might lead to a real abuse complaint against a customer that got buried under the pile of autoresponders.
That or someone is abusing your autoresponders to send backscatter attacks, which you should definitely resolve if true. If spoofing From to your system = an email to that person's inbox, the abuse potential is there.
Excellent
Looks like something done by a competitor.
maybe your ticket system has a problem
I found this on Dediserve's ticketing system while searching it up. https://manage.dediserve.com/?cmd=tickets&action=view&num=721213&hash=4x2jve4sxdjfnpx9tlbm4lc1v5o2ncz4
Do you know what this is all about? I don't know why they're trying so hard to report us as spammers.
This may solve their problem, but I am not getting E-Mails from them as much as I am getting them from everyone they CC. Blocking only their E-Mail only helps them, but unless we block everyone they CC to, we still receive new tickets being opened.
I've identified that the e-mails we received were coming from them, and there is no spoofing (unless you can spoof when sending mail... which seems unlikely given it is TCP).
As far as having an 'initial' report.. doesn't seem reasonable. We have a dedicated abuse e-mail and they are sending mails to our support e-mails. Besides, I have been in touch with the guy, who seems pretty damned hostile. Basically not interested in cooperating it seems. Just vindictive.
I don't really know what to make of this guy. Insane with a hyped up victim complex?
fun fact. singapore's language is mainly english for business and education.
why don't you call them? think it's much better than shaming them here where noone cares.
So the determination is that he specifically emailed your support to receive the autoresponder and report it as abuse, without any provocation or direct complaint about you or any of your customers? He woke up one day and said “I’m going to find an autoresponder to complain about” and you were the random victim?
I mean okay if true, but you’d have met the actual worst person in the world at random and, for that, you should be proud. Life can only be uphill from there.
No I'm just not sure what to make of all this. It's totally bizarre! It's interesting that @Ishaq and dediserve both have experience with this guy, but I'm wondering if there is some hidden motive here.
Is this guy genuinely believe he is being spammed or is there some malicious intent? In my mind, if it's the former, he's a moron! If the latter, then what's the motivation? Or is there another option?
Not had that issue, I learned a long time ago that auto responders for business that are triggered by a simple email are a really bad idea, just revisit your thinking on this and the problem will go away.
Is it an actual proper bounce (ie. the SMTP server rejects the email), or do you accept the email and then send an autoreply to it? There's a difference in behaviour between the two - The first approach is better as it will cause their MTA to throw an error about the email being undeliverable, rather than seeing it as an email coming from you.
Yes I may have to get rid of this altogether.
It;s an auto-reply, not an actual SMTP bounce.
The guy's e-mail has already been blocked actually, but he's just insane. I've tried to get in touch and i've shown him that he is sending us emails, but he seems adamant that it is our problem and not his. Hyper aggressive attitude this guy.
I hope you have stopped the auto responder for now.
Log outgoing email. Perhaps headers are being injected and that's changing the recipient(s) and content of the email. Check your SPF record.
An old colleague of mine was moderating a FB group and got into an argument with someone. That person decided to email 50K people forging our email address because our SPF rules were lax (they had to be as some registrars we were reselling would use our address)...
Anyways the main point being, double check you know whether it's definitely coming from your server, what it is they're getting and how often.