New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
You should completely clean your network until the Spamhaus 0 complaints to get unblocked.
I know thats what you would say, but who cares. No one is going to change anyone's mind here and you will get fucked by spamhaus for what you're doing.
I am talking from my own experience and observation of other networks. It is up to you to accept my free advice or not.
i have done exactly that. no mail ports unless checked. uceprotect checks and automatic abude handling. and no active "bad things" on my host
Hi,
I had the exact same issue over the last 4 months, and yes, it took me a solid 4 months to get my ASN removed from the Spamhaus droplist.
I wasn’t receiving any abuse reports, except back in 2025 due to two malicious clients that I promptly suspended.
To fix this, I implemented an outbound email limit across all IPv4 blocks on my ASN, capped at a maximum of 100 emails per hour. Clients can only get unlimited SMTP access if they verify their identity and provide a valid justification. I also set up an automated system that instantly blocks outbound portscan attempts.
Anyway, I spent a good 3-4 months fighting with Spamhaus while my ticket just sat there with no replies.
Feel free to ping me on Telegram if you want to chat about it colleague to colleague.
@aluy spamhaus won't blacklist your ASN for no reason, they may blacklist some shady IPs but not ASn until there is really a reason to!
well that sounds pretty good in the end especially since mail ports are fully blocked currently
i dont see a reason even if i tried. i just dont know what to do anymore
@aluy have a look at these too https://urlscan.io/search/#page.asn: AS211507
the majority shows a 404 page? the rest is suspended. urlhaus would get suspended automatically which the malware urls/ips there are, but no urlhaus entry for them
Wait, @aluy host fileditchfiles.me ?
And https://urlscan.io/result/019bd582-85fd-71b5-84f3-1da3e963d8b0/ . Very good
As I said, Spamhaus always assumes the worst, so as long as you have recurring cases of phishing, malware, spam, botnets etc they won't delist you.
i dont know fileditchfiles really and archive.ph .is whatever all the tlds are doesnt host with me anymore im pretty sure
Okay.
barely any reports, 14 urlhaus ips since january, all suspended within hours
regarding botnet/c2 reports from spamhaus it was even less and all suspended in same time range
No need to convince me or anyone else here, you need to communicate with Spamhaus and ensure they believe that you genuinely care about abuse and have some measures to prevent it or detect early. Otherwise, they will keep you listed.
i am trying exactly that right now and i hope they will rethink their decision. i am really trying
The wording you used previously won't convince them. They might consider 14 cases as a lot for your network. You need better strategy.
Mail, mailing is nothing, tip of the iceberg, nothing more. You can even be listed on Spamhaus for hosting spamvertised websites. Look at other activities, what are your clients doing. Here are activities, which can cause a listing in Spamhaus:
Phishing URLs, malware URLs, scam domains, botnet command-and-control hosting, hijacked servers, compromised servers, bulletproof hosting, ignored abuse reports, malware distribution, trojan downloaders, ransomware-related infrastructure, DDoS activity, data harvesting, exploit attempts, authentication attacks, spam-support infrastructure, malicious redirects, fake login pages, credential theft, command-and-control infrastructure and etc.
you are right and thats why the email is not phrased as here, here i post more casual
you are right at the time there was probably a lot more since wording on my site was different and the hosting was new and i was known as a bad guy. people thought it would be the same so they tried. in the past months this has improved a lot and im sure now that spamhaus will take this into account in the future even if not now. i have tried with one subnet and will see what they if anything. otherwise ill try in a few months again. this thread has helped me though to understand it more.
and with improved i dont mean the abuse handling (even if that aswell, but it was never horrible) i mean the people trying got considerably less
sorry if i am again explaining my situation, i just feel its informative
@aluy On the other side of things, if people want a no-BS hoster, they will find this thread and get services from you. On some forums, an ASN listen on spamhaus and still operating is a sign of quality. Means even with sanctions and pressure, you keep hosting customers. I'm not talking full malware or illegal stuff, but "questionable" content.
Tor/VPN exists fall in that category I guess.
well, i am not against tor or vpns and this is not something ill ever be against.
either way im thankful for all the info in this post and it can be closed ig
Yes. Other hosts are sensitive about tor and afraid of getting
TORtag on bgp.tools and suchWell, it's sadly not just a tag. I'm a big fan of TOR and similar tools but having neighbors running exits comes with a penalty that might or might not matter depending on what you are using your server for.
If you are planning on running VPN for example having exits (or public TOR activity in general) inside the same ASN is probably a no go as just having exits on the same ASN (doesn't even have to be the same subnet) will automatically downgrade your IP's reputation, which in turn increases your risk of captchas, fraudchecks, getting your accounts blocked and so on, so it's not so much about a tag but more about if you are OK with likely scaring a bunch of non problematic clients away.