Why does Digital Ocean allow spammers to use their service without even paying?

August 17, 2019 322 views
DigitalOcean Cloud Firewalls

Why is it only DO that sends me spam emails? Why don’t I get the same emails from AWS or Azure?
I’ve reported it, not that I ever got a response outside your automated emails.

Here’s an idea - why not block outgoing port 25 until you have validated a credit card. At least that way you’d be making money from all the spammers that you host.

You do realise that you are actually responsible for the customers that you choose for your services, right? You can’t just say “oh bad people signed up, what a surprise”.

3 Answers

I am just trying to add my 2 cents, maybe DigitalOcean can also gain some help from this post.

Why is it only DO that sends me spam emails?

Do you mean the DigitalOcean marketing emails? Or customers using the platforms of DigitalOcean and sending emails? In the later case, DigitalOcean can do very little to control this behavior.

The identity check performed by DigitalOcean is strict, in fact very strict. Any user attempting to create an account (and services) has to provide a good amount of detail before they can create their account, and start using the services.

why not block outgoing port 25 until you have validated a credit card.

Not saying anything on behalf of DigitalOcean, but I am an Alibaba Cloud MVP, and at Alibaba Cloud we regularly face such issues of customers requesting port 25 access—since Alibaba Cloud has blocked port 25 access—and having to go through several applications to check whether a user is intending to perform a spam or not. So, in my personal opinion, this is not a good approach to tackle spam.

Rest of all, I agree with your point, there has to be a system that controls the sudden and unusual peak in activities in the user accounts and check if they match any spam/illegal activity. Like you have already mentioned, this would be a great experience for users if such a system were in place.

It has been almost a few days of mine here, and the only filter I have faced was the payment fraud capture system—oh, and my credit card was charged, and even then system caught me! :laugh:

“Do you mean the DigitalOcean marketing emails? Or customers using the platforms of DigitalOcean and sending emails? In the later case, DigitalOcean can do very little to control this behavior.”

It’s the basic, common cloud-hosted spam bot. It is not true that DO can’t do something about it. AWS and Azure have simple and effective systems to check customers before they allow their systems to be used as mail spam bots.

All you need - and I’m sure a reputable company like Alibaba will have - is a system that verifies your customers’ ID (basically the credit card) before opening port 25. DO isn’t doing these basic customer checks.

I am certain you that DO isn’t receiving payment from these customers, because then it would be traceable…

I’ve tested that and in order for anyone to sign up for DO they need to supply a Credit card and DO test the card with a transaction of $5. Or if they decide to use PayPal they have to deposit $5. Also recently a lot of my customers have been telling me that DO is doing a identity check so things in terms of security are improving.

I would also disagree with you I mean I’m receiving spam from anywhere, mainly from yahoo, hotmail, godaddy, OVH, you name it..

Spammers are everywhere and I can see that DO are doing a good job at stopping the spam.

Have another answer? Share your knowledge.