On 2017-04-13 09:26:19 (+0100), Paul Smith <p...@pscs.co.uk> wrote:
We received spam from a leased/hosted server (195.154.62.181) to an
email address which has never been used legitimately (ie it was a
scraped email address)
We reported it to abuse@ the hosting company with headers, message,
etc.
The response we got back was essentially "We're sorry about that - our
customer has removed you from their mailing list - case closed"
Personally, I think that's a rubbish response. The hosting company was
essentially helping the spammer clean their spam target lists. There
was nothing about the fact that it was blatant spam which was being
sent.
I agree. Sadly such responses from hosting companies are all too
common. I always try to educate such companies but usually to no avail.
Unless I blacklist their address space, I'll just get spam a couple of
days later. Often to the same spamtrap their customer "removed from
their mailing list".
We've had lots of other spam from servers run by the same hosting
company. It looks like the same spammer just gets different IP
addresses every few days (probably after someone has reported them via
abuse@)
I'm extremely tempted to just block the entire ranges of this hosting
company based on the large amount of spam we've got from their hosted
services, and their useless response to the abuse@ email from us. The
problem is they're apparently a big ISP in France so while it's very
tempting, there's also the risk of collateral damage.
Opinions?
I blacklist them. But before blocking a range, I check senderbase.org
if there are any obviously legitimate senders likely to be affected by
collateral damage and whitelist those. It's not perfect but it avoids
dealing with too many "but I could receive email from them fine before!"
nastygrams.
Philip
--
Philip Paeps
Senior Reality Engineer
Ministry of Information
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
