More info please. Is this a business or residential customer? Do they run their own mailserver? And is the static IP at their request or your convenience? (I’m assuming they are not using your mailserver to send their spam.)
If it’s a business with their own mailserver, they may unknowingly have an open mail relay or something. Or sending bulk mail may be central to their business. Or they may be sending legit or borderline legit mail that others flag as spam (back when I did more hosting, I found it odd that most of my spam problems were from churches or companies marketing to churches). On the one hand, many spam blacklists will automatically remove the IP address after a month or so if nefarious activity ceases. Some you will have to request removal. On the other hand, there is some risk of having your entire IP block blacklisted if they decide you are a spam-friendly ISP. https://en.wikipedia.org/wiki/Pink_contract If it’s a business, I would work with them to see if they maybe just need to close off an open relay or something. Or if they send bulk mail, inform them of the CAN SPAM Act. I usually push those customers toward a bulk mail service, which can do a much better job of handing bounces and removal requests. Some people don’t realize that a high percentage of bounces will get you blacklisted by large domains like yahoo, gmail, aol, etc., on the assumption if you have that many bad addresses on your list, you must be a spammer. And of course honoring removal requests is a requirement of the CAN SPAM Act. If it’s a residence, or a business not operating their own mailserver, block traffic from their IP address to destination port 25. The only reason they would need that is (1) they are operating a mailserver, or (2) they are hosting a spambot. If they are violating your TOS, and especially if they are doing things even worse then sending spam, and they refuse to work with you and make a good faith effort to solve the problems, then you should dump them as a customer. Yes, the next step might be a warrant, but the LEA serving the warrant might bust down the door of your NOC and seize all your equipment, depending on what this customer is doing or suspected of doing. That would be a very bad day. From: mailto:p...@believewireless.net Sent: Wednesday, April 27, 2016 9:16 AM To: af@afmug.com Subject: Re: [AFMUG] abuse reports on customer IPs Reach out and let them know. Tell them you have been informed that someone is trying to steal their identity, looking to use their debit cards, rapists are viewing pics of the lady of the house online and pedophiles have been interested in molesting their kids. But, hey, you are just letting them know and not tell them how to protect their kids or family. On Wed, Apr 27, 2016 at 10:09 AM, That One Guy /sarcasm <thatoneguyst...@gmail.com> wrote: We have a particular customer, We have been getting tons of abuse reports on their static IP, I assume we will never be able to wash this sullied IP clean. Theyre not really doing any harm to our network, or impacting others on the network, they are in full breach of our TOS, thats for sure. suprisingly, its primarily spam and botnet activity, but no DMCA. Is there any liability on us as an ISP to not address this affirmatively with the customer. Im going to contact them, may offer a leased fortigate UTM option. But if there isnt a resolution, other than their static IP residing on every blacklist can we get nailed? Its a good customer, pays their bill on time, worked with us through a service issue without the usual "gimme discounts and free shit or im going elsewhere" I dont want to HAVE to disconnect them if im not required to and theyre not impacting others if they cant or wont resolve the issues -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.