All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to deal with Spamrats?
I don't know what other LIRs are doing in other regions like ARIN or APNIC, but here in RIPE we are somekind "strict" on IPs.
So being a RIPE member a few months now I was looking to buy a subnet.
I've talked with a provider who leases and sells subnets and they got me a list to choose from.
I scanned the subnets, because they were also leasing most of them were in multiple RBLs.
But HEY, LOOK AT THAT, I found one clean, except one list, Spamrats. OK, I thought, no problem, I will communicate with them, send an email
to explain the situation that this subnet just changed hands and I bought it for legitimate purposes.
To host our first infrastructure, our router, anyway our first /24 for our ASN.
All good, I've got the subnet, setup our router and our first servers. So I am sending a nice email like:
Hey, that's our new subnet, just bought it from "X" provider, I assume the previous owner was doing some nasty things and it's blacklisted in your
lists RATS-SPAM and RATS-Auth.
We got it now, this is our ASN, this is our invoice that we just bought the subnet, PLEASE remove it so we can continue to add servers..
ha, I thought that this could be easy....
First response it's like a BOT or something:
Greetings,
Only properly configured email servers are removed from this list. Kindly specify which IP addresses in this range are being affected, and we will analyze each case individually.
Thank you.
-- -- -- Pest Control Officer --
OK then, let's try to remove the only IP I use right now, the router one. I know, a bit strange, but still... I am sending our .1 IP
(YES I've sent the x.x.x.1 our router)
Response:
I assume your router is NOT also acting as an email server.
So, there would be no reason to remove it from this reputation list.
Please let us know when a functioning server exists on the network that this is affecting.
It was never removed. There is no logic in "hey start using it and then send me your IPs", our customers will face issues.
Nice attitude. If my router is not acting as a mail server why is there in your blacklist in the first place ? Anyway.
Anyway, we started using it and send another mail.
Hi again. We've started using this subnet,
Can you please remove
x.2
x.3
x 4
x 5
x.6
x10
x11
x200
x201
Reagards,
That was on 20 of January. I never got a response back. Still blacklisted.
We migrated everything from our other servers around the world to our fresh new rack and still we got issues. Only with them. No one else.
And I am impressed that people use this RBL and we got complaints about mails never reaching their destination.
A few days have passed so I was wondering if the "mama" company (LinuxMagic / MagicSpam) can help with that.
So I did another try sending an email to them plus CCing the linuxmagic mails that I found when I whois their subnet:
Dear SpamRats and Support Team,
I hope this email finds you well. I am writing to address an issue
regarding the blacklisting of the IP subnet x.x.x.0/24 in the
SpamRats database.
Recently, our organization became a member of Ripe and acquired the
aforementioned IP subnet through a reputable IP broker. Upon
implementation, we encountered challenges due to the subnet's
unfortunate history of being utilized for malicious activities,
particularly spamming, by its previous owner. Consequently, the IP
subnet was listed on SpamRats.
However, despite our diligent efforts and transparent communication, we
have encountered difficulty in resolving the issue with SpamRats.
Despite providing evidence of our legitimate acquisition and our
commitment to maintaining high standards of email security and
integrity, our requests for delisting have not been successful.
We understand and appreciate the importance of maintaining the integrity
of email communications and combating spamming activities. However, it
is crucial to acknowledge that the actions of the previous owner should
not unfairly implicate the current legitimate owner, especially
considering the significant efforts undertaken to rectify past misuse
and prevent future occurrences.
We respectfully urge the SpamRats team to reconsider their decision and
review our case with impartiality and fairness. Our organization is
committed to upholding the highest standards of email security and
compliance with industry regulations. We are willing to provide any
additional information or evidence necessary to support our request for
delisting.
2 weeks since then, still blacklisted and no response. Not even from LinuxMagic mail that found in the Abuse database in ARIN for their IP.
This is ridiculous.
Why am I paying the price for someone else who abused this subnet 6 or 9 months ago ? (I bought it 3 months ago).
And why this attitude ?
From their site, made me laugh:
Our stance is that being listed on RATS-Spam isn't about being punished for sending unwanted email;
it is about being made aware that there is an issue that needs to be addressed with your mail server.
That is why we've made it extremely simple for the public to remove their IPs from RATS-Spam.
Responsible mail operators should fix the issue before removing their IP. Irresponsible or negligent
mail operators that continue to allow their mail systems to be abused will get relisted.
From my point of view, I didn't even send a SPAM and I am punished.
How to deal with those rats ?
Comments
Do people even use their blacklist? We have IPs that have been listed with them, never had a single customer complain about it.
There are a lot of these unmaintained shitlists that either charge you for removal, or just don't respond. I'm not sure it's worth spending a lot of time having a debate with a blacklist owner who doesn't understand basic internet concepts, especially if the list is not even used anywhere meaningful.
If it was Spamhaus, Barracuda, Microsoft, I could understand. But spamrats? Last time I heard that name was like 2015 on WHT. Not sure anyone gives two shits about them, but I could be wrong.
We've had exactly 1 customer make notice of spamrats. Had to kindly inform them that isn't a blacklist that we will do anything about. I flat out refuse to pay extortion fees to be removed from their "blacklist". If it's too much of an issue, pay someone who specializes in mail delivery.
I always compare it to my first Spamhaus experience where I had a real person respond (and very helpfully) when I contacted them.
I remember one of my first dedicated servers from ReliableSite was on UCEPROTECT and I actually paid to have it removed due to moving everyone.
Real RBLs will not pull extortion tactics or have people who have wetdreams of being BOFH but are really south park memes.
Every time I dealt with Spamhaus it was a quick removal if it was an existing IP issue. I think once to speed things up I sent them an obfuscated invoice showing them it was a new server.
Never have used Spamrats once on my RBLs, and I use a good amount. BarracudaCentral is a favorite, of course for the cost.
Using Abusix with good experience and not too many false positives. Spamcop was getting a little heavy handed with providers I found and had to drop them.
Never heard of them before today... Are you having any real-world issues from their listing?
My only issue with Spamhaus is when they list a /24 and the message, please contact if you are x organizational or one of their upstreams with this subject line..
They do sender filtering on those, so I wasn't able to contact them, it bounced my message back, to have my /24 removed after I revoked it from the organization that had been using it.
Had to go through other channels, one that that said 'do not use this for blacklist removals', but it was resolved eventually.
That has been my only real frustration dealing with Spamhaus, documented procedures not working.
Post your problem to the mailop list. He doesn't like being called out in a space where he considers himself influential. He's been this way as long as we've been acquainted. He's a good guy deep down but he's seen too much shit and he's very jaded, and he's not working on that. Don't address him directly, ask the list if anyone can help. Be polite and use the list sparingly.
Spamrats is a decent list for figuring into a score, but not a good one for blocking. Much like my RBL right now.
I don't think that troublesless and/or quirksless DNSBL exist.
I never care about spamrats,only email newbie will their RBLs.
You only need to care about Spamhaus, Barracuda, Spamcob, UCE-1 and etc.These are worldwide used RBLs.
I have IP check from https://mxtoolbox.com/blacklists.aspx, zero RBLs,but also blacklisted by cloudmark,proofpoint. I contact them for removal,but always none response.
Some organization never care about your tickets,as long as not in well-known RBLs,that is OK.If you want,you can build up you own RBL easily using rbldnsd.
Bruh should not be involved in an RBL if he's a hermit and weirdo.
He is not influential, he hosts an RBL. He's one step above UCEPROTECT, barely.
You sound like you're skating on thin ice trying to stay on his good side...
I'll say it as it is, these fucking basement dwellers who think they hold power hold none. Maybe for a bit in the early 2000's but it's just sad now.
No one in their right mind has used this shit RBL list.
He also runs MIPSPACE and created MagicSpam which is used by enough end users that you do want to stay on his good side, because his software defaults to blocking people he doesn't like and begging stupid people to change their settings is not a good use of time (already tried). So while I appreciate your sentiment, sometimes you have to deal with people you don't like in business. Prod doesn't run on feelings, as much as I may wish otherwise.
But the "Be polite and use the list sparingly" is about the list, not about Michael. A valuable utility, the value of which is wholly dependent on elective participation by influential participants, should be treated as such. Scare off Brandon and Lili, for example, and the value plummets to nearly zero.
Yeap, customers of mine, trying to mail customers of others hosts, B2B mostly and I see multiple exim rejected 550 errors due to this list.
SMTP error from remote mail server after RCPT TO:: 550-"JunkMail rejected - lusine.xxx [84.54.x.x]:37863 is in an RBL:\n550 SPAMRATS IP Addresses See: http://www.spamrats.com/bl?84.54.xx.xx"
multiple times, different hosts. So yes, there are people out there using it.
And not scoring, because I also use multiple RBLs but in a custom .cf file and score them, they use it in exim level and reject everything.
For my server,spamhaus,spamcop,UCEPROTECT-1 are on reject mode.
For other RBLs,even Barracuda are only MARK AS SPAM but accepted mode.Barracuda sometime blocks the whole /24,but that single IP not send any spam at all,if using as reject mode,good email will be rejected.
They are just plain incompetent.
We have a whole /24 blacklisted on their list for maybe 8 spammers that abused our network 8 years ago.
We now have outbound antispam on most servers, our ip's have a very good reputation on the whole range but they won't remove it..
So once in a while we get a customer complaining, we then have to explain and show that it's the only RBL mentionning the ip out of the 100 we can test..
But I don't get how you can blacklist a whole subnet and be serious, the amount of false positive that you generate is crazy and makes you useless.
We also host government agencies that send thousand of mails per day, for some reason these ip are not blocked.. I guess they had so much complaints from their Magispam users that they whitelisted them.
Ive had the exact same experience, same bot responses too. I asked what a ‘properly configured mail server’ meant and didnt really get a response either, and its only recently when a client complained about the IP being listed. Separate story where that same customer actually got the IP listed in the first place! But obviously claimed he’d got it blacklisted already, 4 months ago and he only decided to tell us now.