Spamhaus flags any IP announced by our ASN as a criminal network
Hello guy, We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it. I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us? Best, *Brandon Zhi* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
Given the list of things on these two prefixes alone, I would venture to guess it's not a misjudgement. https://check.spamhaus.org/listed/?searchterm=5.178.2.1 https://check.spamhaus.org/listed/?searchterm=80.66.64.1 On Sat, Mar 18, 2023 at 3:47 PM Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
However, for those prefixes https://www.spamhaus.org/sbl/listings/azeronline.net We even haven't started to use, we just announced that... They marked it's a criminal network On 2023年3月19日周日 上午4:26 Tom Beecher <beecher@beecher.cc> wrote:
Given the list of things on these two prefixes alone, I would venture to guess it's not a misjudgement.
https://check.spamhaus.org/listed/?searchterm=5.178.2.1 https://check.spamhaus.org/listed/?searchterm=80.66.64.1
On Sat, Mar 18, 2023 at 3:47 PM Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
afaik, spamhaus starts to mark a whole AS as criminal, if there is to much abuse. It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal. Am 19.03.2023 um 06:35 schrieb Brandon Zhi:
However, for those prefixes
https://www.spamhaus.org/sbl/listings/azeronline.net
We even haven't started to use, we just announced that... They marked it's a criminal network
On 2023年3月19日周日 上午4:26 Tom Beecher <beecher@beecher.cc> wrote:
Given the list of things on these two prefixes alone, I would venture to guess it's not a misjudgement.
https://check.spamhaus.org/listed/?searchterm=5.178.2.1 https://check.spamhaus.org/listed/?searchterm=80.66.64.1
On Sat, Mar 18, 2023 at 3:47 PM Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
On Sat, Mar 18, 2023 at 10:35 PM Brandon Zhi <Brandon@huize.asia> wrote:
We even haven't started to use, we just announced that... They marked it's a criminal network
They do that once they decide you've been broadly inattentive to abuse reports. It stops folks from shuffling IP addresses to evade filtering.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
As I understand it, most things at Spamhaus are manual determinations. You click on "show details" and they give you a list of timestamped report IDs, each with a 1-line description of the reviewer's assessment of the fault.
Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner? Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again. V/r Tim On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon@huize.asia> wrote: Hello guy, We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it. I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us? Best, Brandon Zhi HUIZE LTD www.huize.asia <https://huize.asia/> | www.ixp.su<https://www.ixp.su/> | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal.
Our sponsor (LIR) 62yun.com, they have 2 prefixes for VPS/Dedicated Server using our ASN. 62yun did receive a lot of complaints, but as far as I know they have been handling them (their head said their team is not good at English and so they did not reply emails) For me, I cannot reply to all emails for them, since I don't have that much time. I also need to work for my company.
As I understand it, most things at Spamhaus are manual determinations. You click on "show details" and they give you a list of timestamped report IDs, each with a 1-line description of the reviewer's assessment of the fault.
I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0 and the reason they gave us was simple, saying our not willing to handle abuse. but we stressed with them many times that we are 2 different companies. We also do not have the authority to handle these complaints, but we will alert 62yun.com. But they still intend to blacklist all the prefixes under our ORG ID, even if the user is not us. Based on my past experiences, Spamhaus is rather gracious at first, but if
you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
This has little impact on 62yun.com's VPS business, and my feeling is that if someone uses their VPS to build a mail server those emails that are sent from this server may be rejected. However, we are recently building a CDN for one of our partners (a social media company), and we need to use a provider like vultr, which is not really an IP Transit provider, to announce prefixes, however, they reject prefixes on the Spamhaus list. I don't think any ISP would reject an IP that is on the Spamhaus list. *Brandon Zhi* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus. On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim@mid.net> wrote:
Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner?
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
V/r Tim
On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
Ignoring abuse complaints doesn't shield one from the responsibility of acting upon those complaints. If someone under your control isn't doing their job, you need to cut them off. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Brandon Zhi" <Brandon@huize.asia> To: "Tim Burke" <tim@mid.net> Cc: nanog@nanog.org Sent: Monday, March 20, 2023 6:54:41 AM Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal network It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal. Our sponsor (LIR) 62yun.com , they have 2 prefixes for VPS/Dedicated Server using our ASN. 62yun did receive a lot of complaints, but as far as I know they have been handling them (their head said their team is not good at English and so they did not reply emails) For me, I cannot reply to all emails for them, since I don't have that much time. I also need to work for my company. <blockquote> As I understand it, most things at Spamhaus are manual determinations. You click on "show details" and they give you a list of timestamped report IDs, each with a 1-line description of the reviewer's assessment of the fault. </blockquote> I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0 and the reason they gave us was simple, saying our not willing to handle abuse. but we stressed with them many times that we are 2 different companies. We also do not have the authority to handle these complaints, but we will alert 62yun.com . But they still intend to blacklist all the prefixes under our ORG ID, even if the user is not us. <blockquote> Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again. </blockquote> This has little impact on 62yun.com 's VPS business, and my feeling is that if someone uses their VPS to build a mail server those emails that are sent from this server may be rejected. However, we are recently building a CDN for one of our partners (a social media company), and we need to use a provider like vultr, which is not really an IP Transit provider, to announce prefixes, however, they reject prefixes on the Spamhaus list. I don't think any ISP would reject an IP that is on the Spamhaus list. Brandon Zhi HUIZE LTD www.huize.asia | www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus. On Mon, 20 Mar 2023 at 02:29, Tim Burke < tim@mid.net > wrote: <blockquote> Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner? Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again. V/r Tim <blockquote> On Mar 18, 2023, at 8:57 AM, Brandon Zhi < Brandon@huize.asia > wrote: Hello guy, We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it. I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us? Best, Brandon Zhi HUIZE LTD www.huize.asia | www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus. </blockquote> </blockquote>
Yes, for those prefixes are used to hosting service have been listed for a long time. However, for those new prefixes that we rented...... We just announced it.. even though it's unreachable... They just listed to this list. On 2023年3月20日周一 下午10:34 Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Mon, Mar 20, 2023 at 9:51 AM Brandon Zhi <Brandon@huize.asia> wrote:
I don't think any ISP would reject an IP that is on the Spamhaus list.
you, clearly, have been living under several rocks for a very long time.
If someone tries to break into my house over and over, I won't act any different if they show up wearing different clothes. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP ----- Original Message ----- From: "Brandon Zhi" <Brandon@huize.asia> To: "Christopher Morrow" <morrowc.lists@gmail.com> Cc: nanog@nanog.org Sent: Monday, March 20, 2023 9:43:19 AM Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal network Yes, for those prefixes are used to hosting service have been listed for a long time. However, for those new prefixes that we rented...... We just announced it.. even though it's unreachable... They just listed to this list. On 2023年3月20日周一 下午10:34 Christopher Morrow < morrowc.lists@gmail.com > wrote: On Mon, Mar 20, 2023 at 9:51 AM Brandon Zhi < Brandon@huize.asia > wrote:
I don't think any ISP would reject an IP that is on the Spamhaus list.
you, clearly, have been living under several rocks for a very long time.
Well, those prefixes are not for their VPS hosting service (which cause a lot of complaint). Just like there are many IP addresses under the telecommunication company, the entire ASN cannot be "blocked" just because there is a complaint on one IP address On 2023年3月20日周一 下午10:50 Mike Hammett <nanog@ics-il.net> wrote:
If someone tries to break into my house over and over, I won't act any different if they show up wearing different clothes.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------ *From: *"Brandon Zhi" <Brandon@huize.asia> *To: *"Christopher Morrow" <morrowc.lists@gmail.com> *Cc: *nanog@nanog.org *Sent: *Monday, March 20, 2023 9:43:19 AM *Subject: *Re: Spamhaus flags any IP announced by our ASN as a criminal network
Yes, for those prefixes are used to hosting service have been listed for a long time. However, for those new prefixes that we rented...... We just announced it.. even though it's unreachable... They just listed to this list.
On 2023年3月20日周一 下午10:34 Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Mon, Mar 20, 2023 at 9:51 AM Brandon Zhi <Brandon@huize.asia> wrote:
I don't think any ISP would reject an IP that is on the Spamhaus list.
you, clearly, have been living under several rocks for a very long time.
Hi Brandon “ the entire ASN cannot be "blocked" just because there is a complaint on one IP address” Why not? They are being advertised by the same ASN so at least nominally they are under common administrative control. Therefore if that administrative control is not taking responsibility for complaints they may be treated as a bad actor on the internet. Also people chose to block / rate limit / etc things on their networks for whatever reason makes sense to them. I think if you have a customer or partner who doesn’t look after scams or worse coming from their network you may need to consider disconnecting them if you are not willing to be marked as the same bad actor for at least passively enabling them. This could still happen if they had their own ASN with their own netblocks because if you are still providing transit to them and take no action you may again be flagged as a bad actor. We all have a role to play keeping our networks clean and positive members of the internet community. Might be time to have your customer / partner clean up their actions in response to complaints or ensure that you don’t need a good reputation with spamhaus to operate. Regards Alexander On Tue, 21 Mar 2023 at 04:00, Brandon Zhi <Brandon@huize.asia> wrote:
Well, those prefixes are not for their VPS hosting service (which cause a lot of complaint). Just like there are many IP addresses under the telecommunication company, the entire ASN cannot be "blocked" just because there is a complaint on one IP address
On 2023年3月20日周一 下午10:50 Mike Hammett <nanog@ics-il.net> wrote:
If someone tries to break into my house over and over, I won't act any different if they show up wearing different clothes.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------ *From: *"Brandon Zhi" <Brandon@huize.asia> *To: *"Christopher Morrow" <morrowc.lists@gmail.com> *Cc: *nanog@nanog.org *Sent: *Monday, March 20, 2023 9:43:19 AM *Subject: *Re: Spamhaus flags any IP announced by our ASN as a criminal network
Yes, for those prefixes are used to hosting service have been listed for a long time. However, for those new prefixes that we rented...... We just announced it.. even though it's unreachable... They just listed to this list.
On 2023年3月20日周一 下午10:34 Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Mon, Mar 20, 2023 at 9:51 AM Brandon Zhi <Brandon@huize.asia> wrote:
I don't think any ISP would reject an IP that is on the Spamhaus list.
you, clearly, have been living under several rocks for a very long time.
-- Regards Alexander
Alexander Neilson Neilson Productions Limited alexander@neilson.net.nz 021 329 681 022 456 2326
Well, those prefixes are not for their VPS hosting service (which cause a lot of complaint). Just like there are many IP addresses under the telecommunication company, the entire ASN cannot be "blocked" just because there is a complaint on one IP address
I can drop all prefixes from any ASN at any time and for any reason. Maybe I don't like the color scheme of their logo, or how the CEO spells their first name. That may or may not be a smart business decision for me, but I could do it. For most of the internet , it DOES make good business sense to restrict access to ASNs that are known to harbor bad actors , either directly, or by providing connectivity. It sounds like your organization has made a business choice that the revenue from such customers is more important than shutting them off, and learning about the consequences of that decision. It sounds like an unfortunate situation for you who may just trying to do your job, but that's the reality it seems you are facing right now. On Mon, Mar 20, 2023 at 10:58 AM Brandon Zhi <Brandon@huize.asia> wrote:
Well, those prefixes are not for their VPS hosting service (which cause a lot of complaint). Just like there are many IP addresses under the telecommunication company, the entire ASN cannot be "blocked" just because there is a complaint on one IP address
On 2023年3月20日周一 下午10:50 Mike Hammett <nanog@ics-il.net> wrote:
If someone tries to break into my house over and over, I won't act any different if they show up wearing different clothes.
----- Mike Hammett Intelligent Computing Solutions <http://www.ics-il.com/> <https://www.facebook.com/ICSIL> <https://plus.google.com/+IntelligentComputingSolutionsDeKalb> <https://www.linkedin.com/company/intelligent-computing-solutions> <https://twitter.com/ICSIL> Midwest Internet Exchange <http://www.midwest-ix.com/> <https://www.facebook.com/mdwestix> <https://www.linkedin.com/company/midwest-internet-exchange> <https://twitter.com/mdwestix> The Brothers WISP <http://www.thebrotherswisp.com/> <https://www.facebook.com/thebrotherswisp> <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> ------------------------------ *From: *"Brandon Zhi" <Brandon@huize.asia> *To: *"Christopher Morrow" <morrowc.lists@gmail.com> *Cc: *nanog@nanog.org *Sent: *Monday, March 20, 2023 9:43:19 AM *Subject: *Re: Spamhaus flags any IP announced by our ASN as a criminal network
Yes, for those prefixes are used to hosting service have been listed for a long time. However, for those new prefixes that we rented...... We just announced it.. even though it's unreachable... They just listed to this list.
On 2023年3月20日周一 下午10:34 Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Mon, Mar 20, 2023 at 9:51 AM Brandon Zhi <Brandon@huize.asia> wrote:
I don't think any ISP would reject an IP that is on the Spamhaus list.
you, clearly, have been living under several rocks for a very long time.
On Mon, Mar 20, 2023 at 7:56 AM Brandon Zhi <Brandon@huize.asia> wrote:
Well, those prefixes are not for their VPS hosting service (which cause a lot of complaint). Just like there are many IP addresses under the telecommunication company, the entire ASN cannot be "blocked" just because there is a complaint on one IP address
And yet they have. And it was due to complaints with more than one IP addresses. Bottom line: your service provider is a bad network citizen with a reputation deep in the toilet. Find another service provider. And this time, do the research before you spend the money. Regards, Bill Herrin -- For hire. https://bill.herrin.us/resume/
Brandon Zhi <Brandon@huize.asia> writes:
Well, those prefixes are not for their VPS hosting service (which cause a lot of complaint). Just like there are many IP addresses under the telecommunication company, the entire ASN cannot be "blocked" just because there is a complaint on one IP address
April came early this year. Bjørn
Our person in charge has consulted with their previous person in charge, and their response is this. "problem began long before February 18th. The problem was that in 2022 they added our prefix 87.251.79.0/24 to the black list, and said that if there were no complaints for 30-60 days, the record would be deleted. we agreed, almost a year has passed, the record has remained. They tried several times to put pressure on our providers, but we always record any termination of the contract with large fines, not a single provider has done this, we pay a lot of money for the Internet, and no one wants to take risks, now spamhouse pressure on" Actually, I didn’t know what a spamhouse was before this month, until we announced the IP in vultr They claim they've been working on the issue, but I've found that they don't respond to emails very well (I can only judge from this). Usually though, I tell them to take down the content, and then the content gets a different provider. Also, it's not clear to me whether we need to reply to emails sent from the spamhouse system. They claim that they took care of the content, but I personally think it's because they didn't respond to the email that spamhouse thinks they're not doing it On 2023年3月21日周二 上午5:15 Randy Bush <randy@psg.com> wrote:
I don't think any ISP would reject an IP that is on the Spamhaus list. you, clearly, have been living under several rocks for a very long time.
we reject automagically on spamhaus, mail-abuse.org, and sorbs. really appreciate their services.
randy
On Mon, Mar 20, 2023 at 7:08 PM Brandon Zhi <Brandon@huize.asia> wrote:
Our person in charge has consulted with their previous person in charge, and their response is this.
<snip> you are talking up the discussion with the wrong folks, really. Please go see the spamhaus folk directly.
this company(s) is in the business of spam. they're just trying to game nanog. discussing further a waste of pixels. ranady
Hello Barry, Thanks for your blog. I plan to block some ports on our router, which are shown in your blog.
Step 1 on the list …. Deploy Exploitable Port Filtering on the edge of your network ….
Some of our routers use Linux as the operating system, so I plan to use nftables to make some filtering rules. Best, *Brandon Zhi* HUIZE LTD www.huize.asia <https://huize.asia/>| www.ixp.su | Twitter This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus. On Tue, 21 Mar 2023 at 00:11, Randy Bush <randy@psg.com> wrote:
this company(s) is in the business of spam. they're just trying to game nanog. discussing further a waste of pixels.
ranady
The solution to your problem is to terminate the customer causing the abuse, in this case 62yun.com. Once you do that I'm sure Spamhaus will stop listing all your IPs. Aaron On 3/20/2023 6:54 AM, Brandon Zhi wrote:
It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal.
* * Our sponsor (LIR) 62yun.com <http://62yun.com>, they have 2 prefixes for VPS/Dedicated Server using our ASN.* * 62yun did receive a lot of complaints, but as far as I know they have been handling them (their head said their team is not good at English and so they did not reply emails) For me, I cannot reply to all emails for them, since I don't have that much time. I also need to work for my company.
As I understand it, most things at Spamhaus are manual determinations. You click on "show details" and they give you a list of timestamped report IDs, each with a 1-line description of the reviewer's assessment of the fault.
I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0 and the reason they gave us was simple, saying our not willing to handle abuse. but we stressed with them many times that we are 2 different companies. We also do not have the authority to handle these complaints, but we will alert 62yun.com <http://62yun.com>.
But they still intend to blacklist all the prefixes under our ORG ID, even if the user is not us.
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
This has little impact on 62yun.com <http://62yun.com>'s VPS business, and my feeling is that if someone uses their VPS to build a mail server those emails that are sent from this server may be rejected.
However, we are recently building a CDN for one of our partners (a social media company), and we need to use a provider like vultr, which is not really an IP Transit provider, to announce prefixes, however, they reject prefixes on the Spamhaus list.
I don't think any ISP would reject an IP that is on the Spamhaus list.
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim@mid.net> wrote:
Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner?
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
V/r Tim
On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
-- ================================================================ Aaron Wendel Chief Technical Officer Wholesale Internet, Inc. (AS 32097) (816)550-9030 http://www.wholesaleinternet.com ================================================================
Why do two different companies with what should be independent networks share an AS number? On 20 March 2023 18:20:08 UTC, Aaron Wendel <aaron@wholesaleinternet.net> wrote:
The solution to your problem is to terminate the customer causing the abuse, in this case 62yun.com. Once you do that I'm sure Spamhaus will stop listing all your IPs.
Aaron
On 3/20/2023 6:54 AM, Brandon Zhi wrote:
It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal.
* * Our sponsor (LIR) 62yun.com <http://62yun.com>, they have 2 prefixes for VPS/Dedicated Server using our ASN.* * 62yun did receive a lot of complaints, but as far as I know they have been handling them (their head said their team is not good at English and so they did not reply emails) For me, I cannot reply to all emails for them, since I don't have that much time. I also need to work for my company.
As I understand it, most things at Spamhaus are manual determinations. You click on "show details" and they give you a list of timestamped report IDs, each with a 1-line description of the reviewer's assessment of the fault.
I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0 and the reason they gave us was simple, saying our not willing to handle abuse. but we stressed with them many times that we are 2 different companies. We also do not have the authority to handle these complaints, but we will alert 62yun.com <http://62yun.com>.
But they still intend to blacklist all the prefixes under our ORG ID, even if the user is not us.
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
This has little impact on 62yun.com <http://62yun.com>'s VPS business, and my feeling is that if someone uses their VPS to build a mail server those emails that are sent from this server may be rejected.
However, we are recently building a CDN for one of our partners (a social media company), and we need to use a provider like vultr, which is not really an IP Transit provider, to announce prefixes, however, they reject prefixes on the Spamhaus list.
I don't think any ISP would reject an IP that is on the Spamhaus list.
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim@mid.net> wrote:
Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner?
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
V/r Tim
On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
-- ================================================================ Aaron Wendel Chief Technical Officer Wholesale Internet, Inc. (AS 32097) (816)550-9030 http://www.wholesaleinternet.com ================================================================
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR policy violations, which include prohibited sharing of ASNs with third parties, IP hijacking, and malicious path prepending. Given this history, it is not surprising that Spamhaus would blacklist IP addresses associated with their ASN. In my opinion, such action is well-justified. Best regards, August Yang On 2023-03-20 15:32, Collider wrote:
Why do two different companies with what should be independent networks share an AS number?
On 20 March 2023 18:20:08 UTC, Aaron Wendel <aaron@wholesaleinternet.net> wrote:
The solution to your problem is to terminate the customer causing the abuse, in this case 62yun.com. Once you do that I'm sure Spamhaus will stop listing all your IPs.
Aaron
On 3/20/2023 6:54 AM, Brandon Zhi wrote:
It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal.
* * Our sponsor (LIR) 62yun.com <http://62yun.com>, they have 2 prefixes for VPS/Dedicated Server using our ASN.* * 62yun did receive a lot of complaints, but as far as I know they have been handling them (their head said their team is not good at English and so they did not reply emails) For me, I cannot reply to all emails for them, since I don't have that much time. I also need to work for my company.
As I understand it, most things at Spamhaus are manual determinations. You click on "show details" and they give you a list of timestamped report IDs, each with a 1-line description of the reviewer's assessment of the fault.
I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0 and the reason they gave us was simple, saying our not willing to handle abuse. but we stressed with them many times that we are 2 different companies. We also do not have the authority to handle these complaints, but we will alert 62yun.com <http://62yun.com>.
But they still intend to blacklist all the prefixes under our ORG ID, even if the user is not us.
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
This has little impact on 62yun.com <http://62yun.com>'s VPS business, and my feeling is that if someone uses their VPS to build a mail server those emails that are sent from this server may be rejected.
However, we are recently building a CDN for one of our partners (a social media company), and we need to use a provider like vultr, which is not really an IP Transit provider, to announce prefixes, however, they reject prefixes on the Spamhaus list.
I don't think any ISP would reject an IP that is on the Spamhaus list.
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim@mid.net> wrote:
Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner?
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
V/r Tim
On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
well that explains a lot. For their own sake I hope they shape up - but I doubt they will. On 20 March 2023 20:24:09 UTC, ayang@august.tw wrote:
Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR policy violations, which include prohibited sharing of ASNs with third parties, IP hijacking, and malicious path prepending.
Given this history, it is not surprising that Spamhaus would blacklist IP addresses associated with their ASN. In my opinion, such action is well-justified.
Best regards, August Yang
On 2023-03-20 15:32, Collider wrote:
Why do two different companies with what should be independent networks share an AS number?
On 20 March 2023 18:20:08 UTC, Aaron Wendel <aaron@wholesaleinternet.net> wrote:
The solution to your problem is to terminate the customer causing the abuse, in this case 62yun.com. Once you do that I'm sure Spamhaus will stop listing all your IPs.
Aaron
On 3/20/2023 6:54 AM, Brandon Zhi wrote:
It seems you've reached the point that they ignore specific prefixes and set every prefix you are advertising as criminal.
* * Our sponsor (LIR) 62yun.com <http://62yun.com>, they have 2 prefixes for VPS/Dedicated Server using our ASN.* * 62yun did receive a lot of complaints, but as far as I know they have been handling them (their head said their team is not good at English and so they did not reply emails) For me, I cannot reply to all emails for them, since I don't have that much time. I also need to work for my company.
As I understand it, most things at Spamhaus are manual determinations. You click on "show details" and they give you a list of timestamped report IDs, each with a 1-line description of the reviewer's assessment of the fault.
I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0 and the reason they gave us was simple, saying our not willing to handle abuse. but we stressed with them many times that we are 2 different companies. We also do not have the authority to handle these complaints, but we will alert 62yun.com <http://62yun.com>.
But they still intend to blacklist all the prefixes under our ORG ID, even if the user is not us.
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
This has little impact on 62yun.com <http://62yun.com>'s VPS business, and my feeling is that if someone uses their VPS to build a mail server those emails that are sent from this server may be rejected.
However, we are recently building a CDN for one of our partners (a social media company), and we need to use a provider like vultr, which is not really an IP Transit provider, to announce prefixes, however, they reject prefixes on the Spamhaus list.
I don't think any ISP would reject an IP that is on the Spamhaus list.
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim@mid.net> wrote:
Have you received complaints from Spamhaus in the past? If so, have you acted on them in a timely manner?
Based on my past experiences, Spamhaus is rather gracious at first, but if you ignore them, they will start blocking you en masse. About 10 years ago, I worked for a datacenter/NSP and personally handled all Spamhaus complaints, and as soon as I left to go to another company (and the company stopped taking care of the complaints), Spamhaus blocked every single one of their IPs until they committed to actually handling the complaints again.
V/r Tim
On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon@huize.asia> wrote:
Hello guy,
We recently discovered that any IP address announced by our ASN is blacklisted by Spamhaus, even if we only announced it but not use it.
I would like to ask if this is manually set by Spamhaus or is the system misjudgment? Has anyone encountered the same situation as us?
Best,
*Brandon Zhi* HUIZE LTD
www.huize.asia <https://huize.asia/>| www.ixp.su <https://www.ixp.su/> | Twitter
This e-mail and any attachments or any reproduction of this e-mail in whatever manner are confidential and for the use of the addressee(s) only. HUIZE LTD can’t take any liability and guarantee of the text of the email message and virus.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
participants (14)
-
Aaron Wendel -
Alexander Neilson -
ayang@august.tw -
Barry Raveendran Greene -
Bjørn Mork -
Brandon Zhi -
Christopher Morrow -
Collider -
Karsten Thomann -
Mike Hammett -
Randy Bush -
Tim Burke -
Tom Beecher -
William Herrin