All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Spamhaus listed an entire /16
We rent a few IPs from a various companies. We have a few ranges from Host1Plus.
Several days ago, an entire /16 under H1P was blacklisted by spamhaus.
https://www.spamhaus.org/sbl/query/SBL369111
Now I understand the desire to put pressure on a host to take action, but this is ridiculous. a /16 = 65,536 IP addresses.
From what I can see in the SBL report, there are some 30-40 cases on the whole /16. Most of the IPs I believe are leased by other companies using their own AS, and so are not under direct control of H1P.
Even if H1P wanted to take back an entire subnet, it is not always so easy as removing a route object from RADB or other DBs does not guarantee that the IPs will stop being routed.
This action by Spamhaus seems rather excessive.
Comments
Yeah, H1P's main business is leasing ranges so this is super excessive. An entire /16 because of 40 listings?
Mental.
Agreed.
Classic Spamhaus bullshit.
bullshit ! every day spamhouse is getting more ridiculos really ...
Suggestion: why don't some providers here, preferably incl. some bigger ones, build - and then use - an alternative "spamhaus" but done the right way?
Complaining about spamhaus won't change things. So much we know since years. From what I see there are 3 options:
I don't think Spamhaus' power or influence will diminish even if a better competing service could be built. Spamhaus needs to become completely ineffective or obsolete for them to lose what power they currently have.
If people cease using them, and they're no longer
bribedsponsored, they'll eventually go away.Quick, someone try to get 24.0.0.0/8 blocked, maybe they'd become irrelevant then
--
side note, is this the first time they blocked a /16?
It won't be easy and it won't be fast, so far I agree.
However: If someone does it free and right, if someone creates the right blend, it will take off and spamhaus will become less powerful.
Things start small. But they should start.
As an experienced IT guy, let me offer 2 thoughts:
one needs a good input filter so as to avoid false listings (due to malevolence, pranks, etc)
one needs a good reputation mechanism linked to both IP ranges and companies.
And obviously one needs a good interface and delisting procedure.
It could be done, it won't be very expensive, and it will be relatively cheap to run. And hey, you hosters are at the source, you are at an excellent position.
I suggest we just get the CEO's home address and start sending him packets of peanuts in the mail on mass, he may not like peanuts, but we will have him covered just in case because someone on his street probably does.
dealing with hundreds of packets of peanuts every day will become annoying enough to force action.
Are you seriously suggesting a legume DDoS?
yes, yes I am.
we-dont-give-a-fuck-haus
To be perfectly honest, I think the only way to really solve the mail problem is to make mail actually cost something. And that is not to say there would be some service provider getting rich off legitimate e-mail, but if you could imagine the following.
A token with real value (and can be exchanged for cash) can be attached to an E-mail. The value can be small. Say $0.10. The value is is received by the recipient of the E-mail and so there is a financial reward for receiving an e-mail. On the other hand it would cost the same amount to send out email. In normal cases, where people send/receive roughly equal amounts email, overall, it would effectively be free.
By requiring this token, it would be prohibitively expensive to use as a means of sending spam. Initial 'deposit' would be small and ongoing, actual use would effectively be free.
In the case where you start receiving payment for every mail, you may then actually WELCOME and WANT SPAM.
Would we call it Distributed Denial of Peanuts
That seems a bad idea. Usually sending SMS also costs money (to most people) but that doesn't means you don't receive spam
But you dont recieve the value either.
If you start getting paid $0.10 for every e-mail, you may not care so much. If I disabled my spam filter, I would get hundreds of spams per day. That could be 10s of dollars :-)
The oldest listing on that /16 is over a year old. I really can't see any reason why this wouldn't be legitimate. The provider obviously doesn't care.
Just because a listing is old does not mean the problem is current.
We occasionally get IPs listed and normally we take action right away but the listing remains in place until we specifically request a delisting. And we don't request delisting until we need it (waste of time otherwise).
I believe it'd be a Distributed Overabundance of Peanuts.
the reason for blocking botnet, botnet controller, Hosting botnet spammers and illegal activity on their servers like carders forum, I do believe Spamhaus did right step to block such activity!
@randvegeta You should. Spamhaus removes them in a couple of hours.
Maybe it could work if we can add some senders to exempt list otherwise pricing of many services would go unpredictable. Is it even possible to do so? It would be 100x harder to get this into action than creating spamhaus's alternative
I have mixed feelings about Spamhaus, the internet is a shitty place in general and Spamhaus is the only real organization that has the power and ability to "police" the internet. Yes, blacklisting an entire /16 is a heavy move... but looking at the stuff that's hosted on that IP space some of it just can't be allowed to live on the internet. I understand some providers don't want to invest any time or money to keep their IP space clean (it's more profitable for them not to), but when you lease IP space this is one of your primary jobs.
Hopefully Host1Plus can get things under control and clean up their IP space.
Hopefully Spamhaus can figure out a better system to offer better transparency and to better punish the people who deserve it while limiting the impact to legitimate clients.
Hopefully a competing service appears that rivals Spamhaus to reduce the power they have over companies (and to better punish hosts who don't care).
But in the end, we're stuck with what we have so hosts need to be diligent. After all, it is our responsibility to help keep the internet clean.
This is just my opinion. I personally go above and beyond to run a legal and ethical company so I know the kind of work required for it and I also know how rich I could be right now if I didn't care (no seriously, I've had outrageous offers to compromise my ethics and I completely understand that some people cannot afford to pass up those offers).
Do host1plus own the entire /16 do you know?
Sounds like it's not a waste of time if a range listing bothers you. Remember this is just SBL, if it doesn't bother your customers then it's fine. But if it does, then you should probably be talking to spamhaus.
Well, if Providers do not clear out the IP space, I would even backlist an /8.
As soon you go deep enough, they will care.
@AnthonySmith said:
The limited research I've done points to yes and for Spamhaus' sake I really hope so. If Spamhaus blacklisted IPs not belonging to Host1Plus because of Host1Plus' actions then there should be large scale riots.
I have to agree here here.. Spamhaus has contacted me (or I contacted them too) because some, very few IPs a long time ago clients used were listed for botnet controllers, I replied within a few hours confirming the problem and dealing with it, they replied and delisted the same day. Maybe spam or other reasons for blacklisting are handled differently, but they've always been respectful and quick for me so I've done the same for them.
This is the same for every company I deal with, I suspect they ignored them or were a dick, in return they got ignored or dick responses.
If I receive a report I respond immediately, normally informing them that the account was suspended. But suspension isn't technically resolving the problem and I don't always follow up after termination or other notification. But in Suh cases it is normally a /32 at play and not if great concern. This /16 blacklisting is way over the top and I have no recourse.