All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Spamhaus Delisting
So a few months ago Spamhaus listed some subnets of mine and ive never had received an abuse report by them at that time. I only then realized that i had to actually check for IPs that het listed via their lists without any reports. So i quickly asked for all the IPs which i received and suspended. After my response they said issue was not resolved and that I was lying. I tried my best to cooperate and received no further IPs by them. They just said that I was lying and no further IPs were given. So I stopped trying for some time. I started blocking Mail Ports by default because I had no way anymore to check if the IPs got listed newly again since well they werenall listed and I couldnt check if they were listed newly. At some point even AFTER i had enabled the blocking of all mail ports by default they then listed my whole ASN is ASNDrop. I tried to contact regarding this and got no response anymore. After a few months I now requested it again and received no response after a few days. They were quite fast with responses before.
Now my question is: Has anyone experienced this before? And what can I even do now?
I am at a loss, im trying to cooperate and get nothing in return anymore.
Comments
@Mynymbox might have experienced similar
@balramm and @DigiRDP been there before
Spamhaus is very effective and good at spam prevention. If they saw that you don’t care - than it is what it is. Try to scan your subnets at uceprotect. They are not so naive or communicative as spamhaus is.
Good luck.
The problem is the uceprotect has not reported the IPs that Spamhaus did. It was ONLY spamhaus and the one ip currently listed on uceprotect is a tor exit node which also has mail ports disabled. i am just confused
Change ASN, probably it's the easiest
that would be even worse look to spamhaus and does not resolve the subnet delisting. i will also not change subnets as id rather resolve the issue instead of going around them.
Good luck then, I heard it’s easier to win with tax office than with Spamhaus. Once they don’t like you, it’s over.
once they've decided you're not serious i'm not sure there is anything you can do except try again someday.
Tbf, Spamhaus has no power other than causing you some troubles with mailing or slight reputational damage.
which is horrendous for any actual legitimate mail service that would want to host with us. many services use spamhaus and emails dont even go to spam. the asndrop is even worse
i checked and luckily two subnets of us arent listed and have tried one subnet listing instead of the whole asn to get delisted now. i really hope theyll overthink it again
And convincing your upstreams to drop you. And adding your ASN to some stupid list
called DROP (Don't route or peer) that many IXPs use.
Slight troubles with mailing? I wish, who tf cares about mailing, but they are like cancer,
they start slow and try to kill you in the end. Won't publicly tell my exact case.
Mind name ones who are known to care?
Most won't want to do business with you. Even shady Romanian ones.
Only the russian terrorists still happily peer with networks no matter how dirty the IPs are.
I have not had any providers have any issues with that other mailing ones
Register your ASN as something as much benign as possible. I put my /24 as a construction company. Some Romanian guy a few years back register it on some ladies
perfume selling (cociu - perfumeri femei)
i will not try to bypass spamhaus listings. it wont make it any better
I know of one company that received a Spamhaus listing and an extended 6-month drop for ASN and all IP ranges, with absolute disregard for emails. After 6 months, they responded and delisted IP address ranges. If the information is correct, it was a lot of badware, botnets, malware and no spam at all. They cleaned all the shit off the network, but were still ignored for 6 months.
This is how Spamhaus works, so you need to be careful of them. You should check your network carefully. It may not be spam at all, but Spamhaus interpreted its long stay on the Spamhaus listing as a refusal to clean up the network.
I'm sure you didn't get a Spamhaus listing for any specific IP addresses, but for the specific "clients" you host.
Yeah thats aluys issue, his network and 2 shell corps are full of malware and botnet activity. Whack a mole is not the same as actually suspending and cleaning up the network. I suspect thats why spamhaus listed his ranges and ASN, because aluy isn't doing enough to keep his network clean and at some point you have to think to yourself, is this guy in the malware hosting business?
This is not a bypass in any way. A manual review will always show what is there.
Just makes your ASN fall among thousands of other ones.
What looks better? "Anonymous crypto IP transit services, LIR registration, no-KYC" -
or : Lucky cement industries LTD, Floor 13, Street 37. Think which is going to blacklist.
Knowing Spamhaus, both lol
@aluy Have a look at https://nerd.cesnet.cz/nerd/ips/?subnet=&hostname=&asn=211507&source_op=or&cat_op=or&bl_op=or&tag_op=or&tc_category_op=or&tc_subcategory_key=&tc_subcategory_value=&tc_confidence=0.25&sortby=rep&limit=20
I love the honest spirit.
these are tor exits and mail ports are still blocked. spamhaus is also still sending reports for botnets and c2s which are usually suspended within 2-12h at most.
is there anything i should tell tor operators to do?
i have made the wording of my site much better since then, i hope this will be seen with my latest email
i have no shell companies active as im aware 🤔 at least not used or such.
and the ripe asns i sponsored have since also been deregistered as ripe reported it to m
an important fact is 2 subnets were not listed even when the asn was. and the subnets clearly state snowshoe which is correct, these were then suspended because i never got any email before tha
botnets or malware is usually suspended within 12 hours and with the new abuse system should even be instant. theres a few reports that give clients 24h to make a statement and some are suspended instantly until statement has been checked
You should not mix Tor Exits and ASN used for "clean" traffic to not cause problems for mail even without ASNDROP listing. A lot of RBLs hate portscan which is inevitable for Tor Exit. This is why e.g. Cloudflare has separate BYOIP ASN.
Also, if you have a lot of recurring cases of C2, Spamhaus will assume the worst especially if you market as No-KYC. No way around that.
Yeah I know, if you keep enough deniability its all Gucci he. I know what your doing and there is nothing you can say to make me believe otherwise. But that's beside the point, as long as you keep enough deniability you can keep your operation going without public scrutiny.
luckily for me those 6 months are also almost over, ill have to see
i have edited my comment and im not sure what "i know what you do" is. i know what i DID and pretty much everyone does. i will not repeat it
while a nice idea i dont see this as a reason for such a listing. many asns do not have this issue