alon.wrk
By:
alon.wrk

Spamhause has marked all digitalocean ip range

September 3, 2017 325 views
Email Arch Linux

Spamhaus has marked all Digitalocean IP range as spam, which causes my emails to bounce.

https://www.spamhaus.org/sbl/query/SBL368922

so if your email server is in the range:
CIDR 192.81.208.0/20 (192.81.208.0-192.81.223.255)

you are marked as spammer.

in order to whitelist any IP in this range, they want digital ocean representative to talk with them, but DigitalOcean support is doing nothing about it.

D.O.
your support timing is intolerable, more than 5 hrs since I'd sent you a request about it, and no answer, this problem affects THOUSANDS of your customers!!

3 Answers

Why are you sending emails from shared IP space if you care about deliverability?

  • Are serious?
    What is shared about DigitalOcean IP?

    I am having a dedicated email VPS with dedicated IP.
    everything works fine in the last 3 years, this is not a shared hosting.

    Are you suggesting that in order to have a mail server I can't have a VPS?

    • You're in shared IP space. If you care about deliverability, use something like Sendgrid.

And if I want to have my own server?

Any IP space is by definition shared, it just makes no sense to block an entire space!

Digital Ocean has a hacker that they refuse to drop as a customer. I have complained about "stretchoid" for months. Unfortunately the abusedb.com is down, but here is a typical complaint about "stretchoid" using Google archive:
https://webcache.googleusercontent.com/search?q=cache:t8U31PZvMlIJ:https://www.abuseipdb.com/check/45.55.21.98+&cd=1&hl=en&ct=clnk&gl=us

Can Spamhaus block an entire IP space. Yes they can. If they feel the vendor is doing nothing to control spam and hacking, they block the entire range with the assumption that the hacker will just get a new IP in that range.

I posted a rant on this very topic a few days ago with little response.

I use FreeBSD, otherwise I would have left Digital Ocean a few months ago.

  • I am fighting with DigitalOcean support team for just send an email to Spamhause and ask them to whitelist the domain.

    DigitalOcean is having very bad service regarding this issue.
    Three days had passed and they haven't take care of this problem, I had emailed Spamhause several times and Spamhause claim that DO never tried to reach them in order to fix this problem.

    • Well it is a holiday weekend in the US.

      I can tell you that DO support will do their best not to contact Spamhaus. When I had trouble with SpamRL, DO supported suggesting I move my Droplet to a range that SpamRL didn't consider toxic. That really doesn't solve the problem.

      They probably need a directive from the top. I see abusedb.com is working again. I plan on sending the CEO a packet of documented spam coming from his company. I suggest you snail mail the CEO with the Spamhaus report.

      This is the only "192" from DO that has hacked me. Most of mine start with 45.
      https://www.abuseipdb.com/check/192.241.234.13

      Now that I have read the Spamhaus link, I see it is a freakin' botnet controller. I should think shutting down a botnet controller would be job number one. This falls under being a good "netizen".

      For the most part, I just block hackers where appropriate. The only circumstance where I bother to waste my time ridding the world of a compromised server is when it comes from critical infrastructure or a financial server. It takes considerable work to find a person in charge that actually believes you, some random person on the internet, that their server is compromised. I will spare you the stories, interesting that they are.

      In the meantime, I'm adding all those IPs to my blocked addresses once I can figure out how to scrape them.

Have another answer? Share your knowledge.