Question

When will Digital Ocean actually prevent abuse via spam email?

I have been inundated with spam emails coming from Digital Ocean owned IP’s over the last few months. At first, it was very minimal, so I never bothered reporting it, but I am now receiving 15+ spam emails per day just from DO alone, not to mention other servers.

First and foremost, DO is in violation of the CANSPAM act, as they are allowing the sending of unsolicited emails to addresses without consent. In Canada, it’s a federal law to REQUIRE proof of consent for ANY electronic email to a Canadian citizen that isn’t a direct reply to an inquiry made by the resident of Canada.

I have been forwarding emails to abuse@digitalocean.com for the last week or so, but so far haven’t stopped receiving emails from DO’s servers. I understand the premise of renting a cloud server, as well as the difficulty of balancing fraud & abuse with real users, but the current system is not working. While we’ll never eliminate ALL spam advertising or phishing, DO needs to explain what is being done now to combat this so users have full transparency.

Digital Ocean has until the end of 2018 to publish a fully written report or whitepaper on the spam their servers have been sending over the last few years, stating what they intend to do differently to combat this growing problem. If a report is not published by then, a spreadsheet containing all IP’s, domains pointing to those IP’s, email headers, and the content of those emails will be sent to the Canadian Goverment for investigation.

178.128.52.145 142.93.97.215 46.101.76.161 128.199.127.14 46.101.76.137 178.62.124.112 128.199.93.246

🌟🌟 Home Warranty | The Perfect Family Holiday Gift ✅ 100% FREE price quotes on home warranty - Respond! Click on view blocked content to see this image

🌸🌸 Search home warranty in your area, say bye to unplanned home expenses. ✅ Say bye to unplanned home expenses with all the available plans on home warranty Click on view blocked content to see this image

🙏🙏 Special Risk Free Discount Promotion! ✅ YOUR Special weight loss offer today only! Click on view blocked content to see this image

🌟🌟 Special Risk Free Discount Promotion! ✅ YOUR Special weight loss offer today only! Click on view blocked content to see this image

💪💪 100% FREE price quotes on home warranty - Respond! ✅ Home Warranty | The Perfect Family Holiday Gift Click on view blocked content to see this image

💝💝 Get your MIRACLE DROP PURE CBD E-LIQUID TODAY ✅ Miracle Drop CBD- Relieve Anxiety, Reduce Blood Sugar Levels Click on view blocked content to see this image

👍👍 The biggest investors love this company which helps you sell your home ✅ Selling your home? This Silicon Valley company helps you do it Click on view blocked content to see this image


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hey friend,

I work hard on this every single day. The reality is that spammers are not unintelligent people who can be easily stopped before they accomplish their mission, at least not without reducing service functionality for all of our customers. We take your reports very seriously, and I understand that it can seem like we do not, but that is because the matter is simply more complex than it appears from the outside.

Your reports are very important. Today alone I shut down more than 25 accounts that could only have been identified by reports like yours. That was just before breakfast. If you would ever like to talk about it, feel free to reach out to me at jdonnell @ digitalocean .com.

Jarland

Heya,

I am sorry to hear about your bad experience but you have to understand that DigitalOcean serves countless clients and some of those clients don’t really know how to properly secure a VM. Because of this the VMs are ealily hacked and either sold or used for spam/ddos/bruteforce etc. All you can do is report these incidents and i am 100% confident that the abuse team will review each and every report they receive and take necessary action. These things take time of course because the abuse team is comprised of merely humans that are working as fast as humanly possible.

One way to deal with this would be to block the smtp port by default with an option to enable it from the control panel but it might confuse the customers and the customer service will probably have to deal with thousands of tickets asking why the email isn’t getting trough and such.

Another way is for you and others like you to use a spam filtering application or an email hosting service that has better spam filters.

Regards, Alex

Affirming what @jarland said, we’re doing a ton of work on this right now. It really pains us when we see this type of behavior coming from our platform and we’ve been staffing up to aggressively tackle it. Admittedly, it does take some time for new resources to come up to speed on the problem set and figure out how to solve for it at scale.

We’re trying to find a way to do it without outright blocking outbound SMTP (which many IaaS providers have had to resort to). If we don’t get the balance right, you start seeing this: https://twitter.com/tjosm/status/1060881346002862081?s=21.

We are getting close on a bunch of different initiatives on top of the ones we’ve deployed over the past several months. Hopefully it’ll get better.

-Josh