New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
P.s. spamhaus communication from screenshot was polite and on point. There was no arogancy and disrespect. I thank them, because their work keeps my inbox clean.
Biggest mailbox providers use and even maintain their database. These "robots without souls" just mean that the biggest providers send them new or suspicious domains / IPs. Their work is only list it.
I think, the biggest issue in this case is full reliance on automated tools without will to fix it.
I've encountered a few false-positives for my personal domains from Spamhaus and abusix (both maintain their own RBL):
Spamhaus support didn't actually helped, but gladly their block was temporary and expired automatically itself.
Abusix on the another hand agreed that the listing was a false-positive and removed it fast.
Laziness is not a good trait for blocklist operator definitely.
Suspicious, by definition, shouldn't be blacklisted though, they should be investigated before being blacklisted.
If suspicious would be a crime I would be in jail.
There's still time for that.
Being convicted?
certified spamhaus classic
It is ok, they just put Suspicious domains / ips to their list.
If you read on their site, there is a statement like "could expose harm to our clients".
They just protect their clients against potential threats.
It is a question to the registrar that suspends domains based on the list.
OP did not provide us with a domain to check, but OP confirmed that the domain contained abusive words. Suspension was really deserved.
The chain spamhaus + registrar worked as expected.
Spamhaus has always, in my experience, been easy to deal with if you take abuse seriously. When you start becoming selective or let things linger, they’ll become less willing to work with you i.e. you now have a poor reputation with them.
They’re not going to hand you a “list” of domains/IP’s blacklisted, it’s your responsibility as a network operator to make sure your IP’s and the domains you register on your client’s behalf are clean.
There are tools for monitoring your IP’s and I’m sure tools for monitoring domains, if not, it’s not very complicated to write the scripts needed to do such.
The OP has a few RBL listings to deal with… (active as of last night)
23.137.248.100 - 100.248.137.23.zen.spamhaus.org
23.137.248.100 - 100.248.137.23.xbl.spamhaus.org
23.137.248.139 - 139.248.137.23.zen.spamhaus.org
23.137.248.139 - 139.248.137.23.xbl.spamhaus.org
23.137.248.152 - 152.248.137.23.zen.spamhaus.org
23.137.248.152 - 152.248.137.23.xbl.spamhaus.org
23.137.248.192 - 192.248.137.23.zen.spamhaus.org
23.137.248.192 - 192.248.137.23.sbl.spamhaus.org
23.137.249.8 - 8.249.137.23.zen.spamhaus.org
23.137.249.8 - 8.249.137.23.xbl.spamhaus.org
23.137.249.27 - 27.249.137.23.b.barracudacentral.org
23.137.249.72 - 72.249.137.23.b.barracudacentral.org
23.137.249.143 - 143.249.137.23.zen.spamhaus.org
23.137.249.143 - 143.249.137.23.xbl.spamhaus.org
23.137.249.150 - 150.249.137.23.zen.spamhaus.org
23.137.249.150 - 150.249.137.23.xbl.spamhaus.org
23.137.249.155 - 155.249.137.23.zen.spamhaus.org
23.137.249.155 - 155.249.137.23.sbl.spamhaus.org
23.137.249.185 - 185.249.137.23.zen.spamhaus.org
23.137.249.185 - 185.249.137.23.xbl.spamhaus.org
23.137.249.227 - 227.249.137.23.zen.spamhaus.org
23.137.249.227 - 227.249.137.23.xbl.spamhaus.org
23.137.249.235 - 235.249.137.23.b.barracudacentral.org
23.137.250.16 - 16.250.137.23.b.barracudacentral.org
23.137.250.23 - 23.250.137.23.b.barracudacentral.org
23.137.250.34 - 34.250.137.23.zen.spamhaus.org
23.137.250.34 - 34.250.137.23.xbl.spamhaus.org
23.137.250.83 - 83.250.137.23.zen.spamhaus.org
23.137.250.83 - 83.250.137.23.xbl.spamhaus.org
23.137.250.124 - 124.250.137.23.b.barracudacentral.org
23.137.250.135 - 135.250.137.23.b.barracudacentral.org
23.137.250.139 - 139.250.137.23.b.barracudacentral.org
23.137.250.151 - 151.250.137.23.b.barracudacentral.org
23.137.250.153 - 153.250.137.23.b.barracudacentral.org
23.137.250.154 - 154.250.137.23.b.barracudacentral.org
23.137.250.155 - 155.250.137.23.b.barracudacentral.org
23.137.250.157 - 157.250.137.23.b.barracudacentral.org
23.137.250.159 - 159.250.137.23.b.barracudacentral.org
23.137.250.199 - 199.250.137.23.b.barracudacentral.org
23.137.250.200 - 200.250.137.23.b.barracudacentral.org
23.137.250.201 - 201.250.137.23.b.barracudacentral.org
23.137.250.202 - 202.250.137.23.b.barracudacentral.org
23.137.250.203 - 203.250.137.23.b.barracudacentral.org
23.137.250.204 - 204.250.137.23.b.barracudacentral.org
23.137.250.205 - 205.250.137.23.b.barracudacentral.org
23.137.250.206 - 206.250.137.23.b.barracudacentral.org
23.137.250.207 - 207.250.137.23.b.barracudacentral.org
23.137.250.208 - 208.250.137.23.b.barracudacentral.org
23.137.250.216 - 216.250.137.23.b.barracudacentral.org
23.137.250.217 - 217.250.137.23.b.barracudacentral.org
23.137.250.218 - 218.250.137.23.b.barracudacentral.org
23.137.250.222 - 222.250.137.23.b.barracudacentral.org
23.137.250.223 - 223.250.137.23.b.barracudacentral.org
23.137.250.224 - 224.250.137.23.b.barracudacentral.org
23.137.250.225 - 225.250.137.23.b.barracudacentral.org
23.137.250.226 - 226.250.137.23.b.barracudacentral.org
23.137.250.227 - 227.250.137.23.b.barracudacentral.org
23.137.250.229 - 229.250.137.23.b.barracudacentral.org
23.137.250.231 - 231.250.137.23.b.barracudacentral.org
23.137.250.232 - 232.250.137.23.b.barracudacentral.org
23.137.250.234 - 234.250.137.23.b.barracudacentral.org
23.137.253.9 - 9.253.137.23.zen.spamhaus.org
23.137.253.9 - 9.253.137.23.xbl.spamhaus.org
23.137.253.25 - 25.253.137.23.web.dnsbl.sorbs.net
It is irrelevant, false positives and does not serve the main goal - freedom of speech. /s
The IPs listed account for less than 2% of our total IP space, so once again, not running a free for all. Of the dozen or so ones I checked at random, over half I see nothing in our abuse inbox for them nor do they have listings on abuseipdb. Those that did, a couple were Tor exits. Additionally, a couple were IDed for needing more review from our end for lower priority abuse items like port scanning. (Lower priority compared to high priority abuse like phishing, spam, csam, ddos, etc)
I monitor our abuse inbox. If we're not getting complaints about a specific IP I'm not going diving in head first looking for problems. As soon as some asshole tries to run a phishing site or some legitimate item of concern, we get several emails and it's promptly handled.
The complaint and issue I raised with Spamhaus was related to our Shared Hosting servers and shared hosting customer. Those domains and IPs are fine, they are checked against blacklists. Spamhaus was complaining about 'crypto scam' domains on the network when in fact the ones we found that would be possible 'crytpo scams' were just random domains with crypto related keywords and phrases.
It's easy to get frustrated when they make claims of lists, but their own website doesn't show these items. Then again, I learned later in this thread that their toolbox on their site sucks and how to better search it.
Yeah I honestly don't get people having problems with them. But I also consider my goals to be fairly well aligned with theirs (read: I will find the abuse before any complaint because FUCK anyone who tries). So I could see why that makes us feel more like peers than competing forces
It is indeed strange that massive IP list listed under barracuda is not so important in compare to spamhaus. I’am sure that many email server admins runs barracuda RBL.
We can understand your situation
We were in the same phase as you a few months ago
But we knew it was a mistake from their side.
In this case, the best solution is to clean up any issues you may have and reapply after a few weeks or months.
I think the best way to get rid of them is to clean up the IPs from their database. It is really important to provide them with a good reason to delist your IP addresses.
But one can't clean the domains pointed at your IPs. A bad domain name, pointed at one of your IPs, isn't something you can change unless you are hosting the DNS.
Otherwise,
I've come across multiple complaints online regarding these false positives and it's the sort of situation that's unfavorable for any hosting provider. However, they seemed to have been able to resolve the issues. It might be worth reaching out to them again in a few days and perhaps you'll get a response from someone other than the person shown in your screenshots
Not really…
https://bgp.he.net/net/23.137.249.0/24#_dnsrecords
https://bgp.he.net/net/23.137.250.0/24#_dnsrecords
That speaks for itself.
What is your issue with the data on those pages, that a network operator can control?
Spamhaus says crypto scam.
OP says no crypto scam.
HE's data shows says "wwwmymonero.com", " myetherqallet.com" etc.
Hmmmmm. Sure as hell looks fuckin legit to me!
So they blacklist a domain he resold because someone registered
wwwmymonero.comat a different provider and points it to his IP? brb, going to register wwwwmymonero.com and point it to your IPs, oh nvm you don't have anything anymoreWhat's worse, exit scamming LET users after a pump and dump or someone registering typo crypto domains and squatting on them?
I could register hundreds of typo domain names and point them at your IPs, you as a network operator can do zero about it.
That somebody is going to be an active client of his. I still have lots of IP's! Have fun!!
Gonna have a to try a little harder than that! lol Don't get mad bro. What's worse is a provider who sees that kinda behavior from a client and deems it squatting. Truly fucking pathetic.
Feel free, however I figured you'd have more things to waste your time and money on.
Here is an example of how people can't understand how Spamhaus decided what they did. It really doesn't look good from a third party POV.
/irony on
Ingocnet The cybercrime hub!!!!
/irony off
Its spamhaus, what do you except? Their research is not very good. Not for all cases. But in some..
One of my downstreams got a /24 listed. For phising he removed even before the listing when he caught a dumbster. They where still like "NO THE PHISHING IS STILL ONLINE"
Just because the domain still was pointing to the IP via external DNS. While there was NOT EVEN A ACTIVE SERVER!!!! The IPs simply un-used and/or some where re-assigned.
Says who? I can point my domains to any IP that I want and not host anything on it. nothing illegal or criminal about that.
He’s not disputing it’s an ex-client or a random doing dumb shit like that, rather squatting, which would imply an active customer. No?
It's Spamhaus, same shit 20+ fucking years later. lol
Does that matter? Are the domains used for anything?