Spamhaus flags any IP announced by our ASN as a criminal network

Collider large.hadron.collider at gmx.com
Mon Mar 20 20:36:35 UTC 2023


well that explains a lot.

For their own sake I hope they shape up - but I doubt they will.

On 20 March 2023 20:24:09 UTC, ayang at august.tw wrote:
>Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR policy violations, which include prohibited sharing of ASNs with third parties, IP hijacking, and malicious path prepending.
>
>Given this history, it is not surprising that Spamhaus would blacklist IP addresses associated with their ASN. In my opinion, such action is well-justified.
>
>Best regards,
>August Yang
>
>On 2023-03-20 15:32, Collider wrote:
>> Why do two different companies with what should be independent
>> networks share an AS number?
>> 
>> On 20 March 2023 18:20:08 UTC, Aaron Wendel
>> <aaron at wholesaleinternet.net> wrote:
>> 
>>> The solution to your problem is to terminate the customer causing
>>> the abuse, in this case 62yun.com.  Once you do that I'm sure
>>> Spamhaus will stop listing all your IPs.
>>> 
>>> Aaron
>>> 
>>> On 3/20/2023 6:54 AM, Brandon Zhi wrote:
>>> 
>>> It seems you've reached the point that they ignore specific
>>> prefixes and set every prefix you are advertising as criminal.
>>> 
>>> *
>>> *
>>> Our sponsor (LIR) 62yun.com <http://62yun.com>, they have 2 prefixes
>>> for VPS/Dedicated Server using our ASN.*
>>> *
>>> 62yun did receive a lot of complaints, but as far as I know they
>>> have been handling them (their head said their team is not good at
>>> English and so they did not reply emails)
>>> For me, I cannot reply to all emails for them, since I don't have
>>> that much time. I also need to work for my company.
>>> 
>>> As I understand it, most things at Spamhaus are manual
>>> determinations.
>>> You click on "show details" and they give you a list of timestamped
>>> report IDs, each with a 1-line description of the reviewer's
>>> assessment of the fault.
>>> 
>>> I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0
>>> and the reason they gave us was simple, saying our not willing to
>>> handle abuse. but we stressed with them many times that we are 2
>>> different companies. We also do not have the authority to handle
>>> these complaints, but we will alert 62yun.com <http://62yun.com>.
>>> 
>>> But they still intend to blacklist all the prefixes under our ORG
>>> ID, even if the user is not us.
>>> 
>>> Based on my past experiences, Spamhaus is rather gracious at
>>> first, but if you ignore them, they will start blocking you en
>>> masse. About 10 years ago, I worked for a datacenter/NSP and
>>> personally handled all Spamhaus complaints, and as soon as I left
>>> to go to another company (and the company stopped taking care of
>>> the complaints), Spamhaus blocked every single one of their IPs
>>> until they committed to actually handling the complaints again.
>>> 
>>> This has little impact on 62yun.com <http://62yun.com>'s VPS
>>> business, and my feeling is that if someone uses their VPS to build
>>> a mail server those emails that are sent from this server may be
>>> rejected.
>>> 
>>> However, we are recently building a CDN for one of our partners (a
>>> social media company), and we need to use a provider like vultr,
>>> which is not really an IP Transit provider, to announce prefixes,
>>> however, they reject prefixes on the Spamhaus list.
>>> 
>>> I don't think any ISP would reject an IP that is on the Spamhaus
>>> list.
>>> 
>>> *Brandon Zhi*
>>> HUIZE LTD
>>> 
>>> www.huize.asia <https://huize.asia/>| www.ixp.su
>>> <https://www.ixp.su/> | Twitter
>>> 
>>> This e-mail and any attachments or any reproduction of this e-mail
>>> in whatever manner are confidential and for the use of the
>>> addressee(s) only. HUIZE LTD can’t take any liability and
>>> guarantee of the text of the email message and virus.
>>> 
>>> On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim at mid.net> wrote:
>>> 
>>> Have you received complaints from Spamhaus in the past? If so,
>>> have you acted on them in a timely manner?
>>> 
>>> Based on my past experiences, Spamhaus is rather gracious at
>>> first, but if you ignore them, they will start blocking you en
>>> masse. About 10 years ago, I worked for a datacenter/NSP and
>>> personally handled all Spamhaus complaints, and as soon as I left
>>> to go to another company (and the company stopped taking care of
>>> the complaints), Spamhaus blocked every single one of their IPs
>>> until they committed to actually handling the complaints again.
>>> 
>>> V/r
>>> Tim
>>> 
>>> On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon at huize.asia>
>>> wrote:
>>> 
>>> Hello guy,
>>> 
>>> We recently discovered that any IP address announced by our ASN
>>> is blacklisted by Spamhaus, even if we only announced it but not
>>> use it.
>>> 
>>> I would like to ask if this is manually set by Spamhaus or is the
>>> system misjudgment? Has anyone encountered the same situation as us?
>>> 
>>> Best,
>>> 
>>> *Brandon Zhi*
>>> HUIZE LTD
>>> 
>>> www.huize.asia <https://huize.asia/>| www.ixp.su
>>> <https://www.ixp.su/> | Twitter
>>> 
>>> This e-mail and any attachments or any reproduction of this
>>> e-mail in whatever manner are confidential and for the use of the
>>> addressee(s) only. HUIZE LTD can’t take any liability and
>>> guarantee of the text of the email message and virus.
>> 
>> --
>> Sent from my Android device with K-9 Mail. Please excuse my brevity.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230320/4ef27ad1/attachment.html>


More information about the NANOG mailing list