Spamhaus flags any IP announced by our ASN as a criminal network
Collider
large.hadron.collider at gmx.com
Mon Mar 20 19:32:04 UTC 2023
Why do two different companies with what should be independent networks share an AS number?
On 20 March 2023 18:20:08 UTC, Aaron Wendel <aaron at wholesaleinternet.net> wrote:
>The solution to your problem is to terminate the customer causing the abuse, in this case 62yun.com. Once you do that I'm sure Spamhaus will stop listing all your IPs.
>
>Aaron
>
>
>On 3/20/2023 6:54 AM, Brandon Zhi wrote:
>>
>>
>> It seems you've reached the point that they ignore specific
>> prefixes and set every prefix you are advertising as criminal.
>>
>> *
>> *
>> Our sponsor (LIR) 62yun.com <http://62yun.com>, they have 2 prefixes for VPS/Dedicated Server using our ASN.*
>> *
>> 62yun did receive a lot of complaints, but as far as I know they have been handling them (their head said their team is not good at English and so they did not reply emails)
>> For me, I cannot reply to all emails for them, since I don't have that much time. I also need to work for my company.
>>
>>
>> As I understand it, most things at Spamhaus are manual determinations.
>> You click on "show details" and they give you a list of timestamped
>> report IDs, each with a 1-line description of the reviewer's
>> assessment of the fault.
>>
>>
>> I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0 and the reason they gave us was simple, saying our not willing to handle abuse. but we stressed with them many times that we are 2 different companies. We also do not have the authority to handle these complaints, but we will alert 62yun.com <http://62yun.com>.
>>
>> But they still intend to blacklist all the prefixes under our ORG ID, even if the user is not us.
>>
>>
>> Based on my past experiences, Spamhaus is rather gracious at
>> first, but if you ignore them, they will start blocking you en
>> masse. About 10 years ago, I worked for a datacenter/NSP and
>> personally handled all Spamhaus complaints, and as soon as I left
>> to go to another company (and the company stopped taking care of
>> the complaints), Spamhaus blocked every single one of their IPs
>> until they committed to actually handling the complaints again.
>>
>>
>>
>> This has little impact on 62yun.com <http://62yun.com>'s VPS business, and my feeling is that if someone uses their VPS to build a mail server those emails that are sent from this server may be rejected.
>>
>> However, we are recently building a CDN for one of our partners (a social media company), and we need to use a provider like vultr, which is not really an IP Transit provider, to announce prefixes, however, they reject prefixes on the Spamhaus list.
>>
>> I don't think any ISP would reject an IP that is on the Spamhaus list.
>>
>>
>> *Brandon Zhi*
>> HUIZE LTD
>>
>> www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
>>
>>
>> This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
>>
>>
>>
>> On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim at mid.net> wrote:
>>
>> Have you received complaints from Spamhaus in the past? If so,
>> have you acted on them in a timely manner?
>>
>> Based on my past experiences, Spamhaus is rather gracious at
>> first, but if you ignore them, they will start blocking you en
>> masse. About 10 years ago, I worked for a datacenter/NSP and
>> personally handled all Spamhaus complaints, and as soon as I left
>> to go to another company (and the company stopped taking care of
>> the complaints), Spamhaus blocked every single one of their IPs
>> until they committed to actually handling the complaints again.
>>
>> V/r
>> Tim
>>
>>
>>> On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon at huize.asia> wrote:
>>>
>>> Hello guy,
>>>
>>> We recently discovered that any IP address announced by our ASN
>>> is blacklisted by Spamhaus, even if we only announced it but not
>>> use it.
>>>
>>> I would like to ask if this is manually set by Spamhaus or is the
>>> system misjudgment? Has anyone encountered the same situation as us?
>>>
>>>
>>> Best,
>>>
>>> *Brandon Zhi*
>>> HUIZE LTD
>>>
>>> www.huize.asia <https://huize.asia/>| www.ixp.su
>>> <https://www.ixp.su/> | Twitter
>>>
>>>
>>> This e-mail and any attachments or any reproduction of this
>>> e-mail in whatever manner are confidential and for the use of the
>>> addressee(s) only. HUIZE LTD can’t take any liability and
>>> guarantee of the text of the email message and virus.
>>>
>>
>
>--
>================================================================
>Aaron Wendel
>Chief Technical Officer
>Wholesale Internet, Inc. (AS 32097)
>(816)550-9030
>http://www.wholesaleinternet.com
>================================================================
>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230320/a6b46d3e/attachment.html>
More information about the NANOG
mailing list