On 07/28/2015 08:06 PM, Bryan Tong wrote:
Hello All,
SpamHaus has done us the favor of blacklisting all of our prefixes due to
the issues with handful of IPs from customers we have removed from our
network.
They are now being unresponsive on helping us get these listings removed
and we have a lot of legitimate customers who are no longer able to send
email.
If anyone has any advice on how to deal with these people. Please let me
know here or off list.
Thanks!
When I started work for a Web hosting company as a mail admin, the
company had a number or entries in the various blocking lists, including
the infamous SPEWS list. Job one was finding out just which customers
were causing the listings -- make a list, and check it against
terminated accounts. A surprising number of those "dead" accounts were
still active in one way or another, so I cleaned them up. (Web hosting
clients with removed content, but still-active mail accounts.) I then
notified each block list know about the terminated accounts, and the
associated IP address.
Once I finished that task, I started in on the rest of the accounts.
One account I terminated because they were selling spammer DNA -- I
personally pulled the plugs on that co-located server. Quite a number
of Web sites had exploitable mail-out scripts, so I cleaned them up so
outsiders couldn't use those sign-up forms to send arbitrary mail. As I
worked through the list, I let the block-list owners know what I was
doing. I did *not* request de-listing, by the way. My goal in this
phase was to show that I was really doing something. As a consequence,
several of the BL operators removed the /21 and /19 level blocks.
Oh, did I mention that I got my upstreams to do proper SWIP of the
address space, and published an abuse@ address for the address ranges?
Some customers were doing bulk mail-outs. I worked with those customers
to clean up their mailing lists, to throttle their mails to avoid
tripping spam alarms, and to properly set up their programs to react
properly to DNR and spam-reject. Those that didn't like my clean-up
campaign were referred to management for further action.
As part of my work, I became active on NANAE, taking advice from many
people as to how to clean up my space.
One key factor was that I answered every single abuse mail that came in.
Every. single. one. The responses were short, describing the
corrective action I took. Most of the time, it was yet another open
mail-out script that needed to be fixed. But sometimes I got to write
back "the abuser has been terminiated."
It took about nine months to clean up all the block-list entries. I was
also diligent when new entries would pop up -- get the info as to who,
and take care of the problem.
Management saw the fruit of my labor in the number and quality of new
accounts. Big positive.
Notice the parallel between mail operations and network operations.
Things go MUCH better when we work with each other. All the DNSBL
operators want is to know that spam reports will be handled.
