Spamhaus vs Agava: black and white conflict

I want to share this post with the habrasoobshchestvu official data about the incident with the blocking of one of our subnets, the policy of the company Spamhaus and talk a little about the work of our abuse-team. To begin, I will introduce myself - Dmitry Filatov, head of the virtual hosting service of the Agave company.

On December 9, in the aggregate of no more than a dozen complaints, one of our subnets got into the blacklists of Spamhaus. It would be wrong to say that customers have lost all letters. Firstly, we promptly sent all the mail of the virtual hosting clients through a different subnet, and secondly, fortunately, not all mail servers use Spamhaus blacklists. In addition, with all major companies, for example, Mail.Ru, we have an agreement and we are in their whitelists.

Now a little about the non-profit British organization Spamhaus. Their original goals are exceptionally good - to blacklist the ip-addresses of spammers, as well as companies providing "bullet-proof" hosting for intruders. Unfortunately, the ways of achieving these goals sometimes cause bewilderment and are not approved by everyone. For example, in 2006, as a result of a trial to block the e360insight service, Spamhaus was ordered to pay $ 11.7 million in compensation and delete the corresponding ip addresses from its blacklists. Spamhaus refused to comply with the court order (information on webplanet materials), according to their official website , the e360insight service still has some problems with mail delivery.

The Spamhaus website has its own board of honor for “worst” countries, providers and specific spammers. Russia, by the way, is in third place with a strong backlog from America, in second place is China. There are more than 20 complaints about Google. For the "worst" spammers a list of violations is presented, and even some photos have been found. Perhaps not enough signature with the size of the reward for the capture. Among such spammers, though not in the top 10, was one of our clients, countryman Yevgeny Medvednikov. He ordered a server from us and, despite the large number of atrocities attributed to Spamhaus, he did not receive any complaints about him, he did not spam and did nothing bad. The client paid the bill, the client received their services. It is the same as if a criminal went into a shop and, without robbing anyone, bought himself home products.
')
Spamhaus checked all domains belonging to this client, noted that one of them is looking at ip from our subnet, and posted a complaint against us. In reality, we had nothing to show the client, no complaints were received, he paid regularly. It would be illegal to refuse service to a client who has not committed anything illegal.

To this complaint, they added another one - to our service of English-language Zinester mailings. In a nutshell, the essence of the service: anyone can create a free newsletter on a specific topic, and interested users subscribe to it and receive mailings as they are released. Customer registration must be confirmed, i.e., everything happens solely with the consent of the subscriber. You can unsubscribe in a few clicks, both from any newsletter and from the service as a whole.

Were on the list of complaints and small, for which specific customers have already been closed, there were absolutely absurd. All of you, I think, remember the story of the company registrar EstDomains. They took away the accreditation for the fact that one of the owners of the company caught in fraud. According to ICANN rules, such is not acceptable for an accredited registrar. EstDomains sent a letter to ICANN informing them that the person was no longer working for their company, but ICANN needed a more formal letter, and the accreditation was taken away from the registrar. A small prehistory ends with one of the service domains of EstDomains looking at the ip from our subnet, and Spamhaus decided that we were somehow connected with them. At the same time, no content was given for this domain, the server with this ip was not activated, and why is EstDomains hosting something here?

In the aggregate of these complaints, we banned one of our subnets. During the two-day correspondence with Spamhaus, we were able to agree on unlocking the subnet, although we did not receive answers to many questions that concern us. Why, for example, they banned the whole subnet, and not a dozen ip, which particular complaints came from the servers that concern their clients, which, in their view, is illegal in the legal mailing service - all this, unfortunately, was left overs.

As a result, Spamhaus can quite strongly influence the work of hosters, select clients from them, cause direct damage to the image of companies and impede postal services. Instead of blocking specific ip, they block the entire subnet, thereby depriving tens of thousands of clients of normal operation. Someone may not have received a letter from the employer on time and missed a good job, someone could have failed the important deal, but who knows what. We had the opportunity to quickly correct the situation, and the novice hoster may not have it.

Now a little about the complaints in general and how we handle them in our company. No major hoster can say that among his clients there are no scammers, because no one will control what happens on each particular account if you have tens of thousands of them. In addition, it violates the Federal Law "On Communications", Article 63 "The Secret of Communications," paragraph 3.
We regularly receive complaints about specific sites for various violations. To handle claims, we have a dedicated team of employees. I myself personally participate in many discussions, for the situations are very diverse. Sometimes even FedEx packages come from the States with complaints from foreign companies that some client illegally distributes their software on our hosting. After receiving the complaint, we contact the client, give him the essence of the matter, and he either understands the situation and stops illegal activities, or ignores everything. In non-obvious cases, we always try to work in dialogue with the client, avoiding sudden movements, to the extent possible, especially those that may harm our clients. We always try to protect our customers, because they are the most valuable thing we have. In this case, of course, there are obvious violators. Child porn, for example, closes without question, a clear fraud against the laws of the Russian Federation, too.

But there are more difficult situations, for example, a client can be hacked and malicious content placed on its website. We begin to receive complaints, while the client naturally does not know that something illegal is happening, because he himself does nothing. In such cases, we analyze exactly how the client was hacked, contact him, and he either fixes the vulnerability himself, for example by updating the popular engine or using his own experts to patch holes in the samopisny functionality, or we offer him our help free of charge within reasonable limits.

I hope I clarified the situation from the inside, and this post was interesting to you. Ready to answer questions in the virtual hosting department.