Jag's datacenter is listed as a spamer

[thisisit3]

One of Jags datacenters, the GNAX datacenter to be specific, is marked as a network that harbors spammers.

After doing some tests, for example the Spam Listing test from http://www.dnsstuff.org, my IP address is marked as a spammer by the "UCEPROTECTL3" test, which reports:

Your Provider GNAXNET-AS - Global Net Access, LLC/AS3595 is UCEPROTECT-Level3 listed because he is responsible for a total of 322 Spammers on the net. For details see: http://www.uceprotect.net

Next is the APEWS test, which reports the following:

CASE: C-1159
AS3595 US, ISP permits abuse and/or ignores criminal activity
Special Reason: ISP permits abuse and/or ignores criminal activity
History: Entry created 2007-08-30

Both of the above are pretty serious accusations and are directed towards Jag's datacenter (GNAX).

Anyone would like to comment? Anything that i can do about this issue (other than moving to another datacenter or hosting provider).

[JPC-Masood]

All web hosting data centers host spammers. The question is were they terminated when found or were they left as it is? I highly doubt this report.

[thisisit3]

Its not just one report, but two reports (uceprotect and apews). I haven't found any evidence that these listings actually affect our emails but i want to plan ahead in case this comes back and bites us in the a**.

Would you be willing to open up a ticket with GNAX support? maybe they can offer some insight?

[Vin DSL]

All web hosting data centers host spammers...

Exactly!

These mail-nazis like to use a shotgun approach - ban everyone hosted @ ISP/ASP X...

They think, by putting everyone on ban list[s], the clients will strong-arm the provider[s] into submitting to their demands... often involving fee$ to get removed these lists...

Of course, they only attack 'small' places, like JagPC. These tactics don't work at 'big-box' ISPs like Yahoo!, Lycos, et cetera. They don't have the balls to ban them!

So, my recommendation - for important mail - is to use multiple accounts. I have NEVER depended on mail service at ANY web hosts that I've used. They ALL have the same problem...

If you'll notice, in your JagPC Client CP (ticket system), they make provisions for an alternate email address. There IS a reason for this - and I use Gmail as an alternate. Gmail is HUGE and nobody (that matters) is going to stick Gmail in their RBLs, even if they have a million spammers.

Anyway, those are my comments and recommendations...

[Frank Broughton]

Good comments Vin - yes gmail for tickets!

This is listed on the sight for GNAX:

This AS is blacklisted at UCEPROTECT Level 3
Level 3 is an escalation based on the number of systems listed in Level 1. It seems you have chosen the wrong provider.

Your IP was not part of a spamrun, but you are not innocent.
By using providers wich don't care about spammers you are supporting the global spam.
Please send a compliant to your provider and request him to fix this problem immediatly.
Think about this: You pay him for, that you can use the internet without problems.

If he ignores your complaint or claims he can't do anything, you should consider to change your provider.

We never make exceptions. Requests are futile. Only your provider can fix this problem.

There is Paypal Link to pay them some money! ha ha €250.00EUR
What a joke - it seems like a scam to me!

Nazi - it is German company but Nazi Vin? hmmmmm

[Frank Broughton]

JaguarPC.com is listed on three lists:

http://www.dnsstuff.com/tools/ip4r.ch?ip=jaguarpc.com

my vps is only list on one - the German one.

lenon.com is listed on 27 of them:
http://www.dnsstuff.com/tools/ip4r.ch?ip=lenon.com

j/k only listed on uceprotectl3

[Frank Broughton]

Can get off their list for free:

They have to learn the hard and painful way, if necessary.

Some people tell lies and myths about us. Most of them run into trouble with us, because they were, or still are, learning resistant.

The most frequently told lie is that a listee will not be removed until they make a payment.

The truth is: Every IP listed will expire 7 days after the LAST abuse is detected, and FREE of charge.

There is a payment option available for any listee that does not want to wait 7 days but needs to be de-listed immediately.

Their 4 point policy to not get on the list:

YOU ARE ISP AND YOUR NET RANGE GOT BLACKLISTED ?

We really feel sorry for you because this should not happen to respectable professional ISPs, and we do our best to prevent this.

Here are 4 things that we recommend in order to stay off the UCEPROTECT-Blacklists and the Backscatterer List:

1. Do not use abusive techniques on your systems, and also tell your customers with their own servers not to do so.

The following techniques are considered abusive, even though some seem to have become very popular.
Sender callouts (also known as Sender Verify or SAV) or any other kind of Backscatter.

Simply use common sense before turning on any new technique. If a technique or procedure makes your system capable of being a part of a DDOS against others, then you should not use it.

2. Ensure that large amounts of garbage cannot be sent through your smarthosts.

Spammers always try to send millions of emails for it to be worthwhile, it is a numbers game for them. On the other hand, you will not find many end users having a genuine need to send more than a few hundred, or at most a few thousand, emails per day per account.
Therefore it is advisable to establish appropriate transmission limits on all smarthosts. Users who have demonstrated that they do not abuse your infrastructure, and who claim to have a higher need, can easily be given higher limits or even no limits. It is also very unlikely that regular users will send email to more than 10 undeliverable recipients per hour.
Users sending email to multiple undeliverable addresses within a short time frame are almost always spammers, therefore you should shutdown those accounts automatically and promptly.
Furthermore it should be no problem to filter all outgoing emails for viruses etc on each smarthost.

3. Ensure that your dynamic / dialups cannot be abused as spam zombies.

Block all outgoing connections from client dynamic / dialups to Port 25 and force them to connect to your smarthosts instead [Port 587 is in common use].
Then, if a user's computer becomes infected by malware, propagation will be impossible or at least contained very quickly.
This way, any damage stays within limits and it will be unlikely that blacklists become aware of your system.

4. Prevent open relays and open proxies at your dedicated line customers and at customers with static IP addresses.

Examine the IP addresses of customers with ‘statics’ regularly (e.g. weekly) with automated scripts for such weaknesses. Temporarily shut down those IP addresses that you find to have exploitable security holes that can lead to email abuse.

You will immediately have less work in your abuse department and less problems with blacklists.
On a long-term basis this will also maximize your profits...
We all know that you do not earn money with a flat-rate customer if his/her computer is busy 24/7 dispatching spam, viruses and worms to the world...
If you are actively preventing his/her computer from sending the crap, it is very unlikely that this customer will be able to send the traffic in other ways :-)

Note that, if every service provider worked in this way, there couldn’t be a spam nor a virus problem on this planet.

If you need technical assistance on making your network unattractive for spammers, or if you still search for a really efficient spam protective system for your infrastructure, do not hesitate to contact us.

[Frank Broughton]

The truth is: Every IP listed will expire 7 days after the LAST abuse is detected, and FREE of charge.

So if as Masood says the spammers are stopped then in 7 days we are in the clear!

[EuroNut]

One of Jags datacenters, the GNAX datacenter to be specific, is marked as a network that harbors spammers.

Both of the above are pretty serious accusations and are directed towards Jag's datacenter (GNAX).

Anyone would like to comment?

To make a good argument you have to start out by making the right assumptions, and I think you're making the wrong ones.

GNAX is not the same as Jag.

A datacenter typically houses anything from 3000 to 8000 servers (or more even).

As a wild guess, Jag has maybe 200 servers housed within GNAX Atlanta?

Now re-work your maths on those 322 spammers within the ENTIRE datacenter, and figure how many, pro-rata, Jag might be temporarily hosting.

I say temporarily, because I've seen (twice) how JAG jump all over anyone who's got a spammer lurking, and it's NOT a pretty sight (but damn effective!).

[Vin DSL]

Whatever...

I gave up reading the above responses after a few sentences... been there, done it!

Don't trust important mails to a webhost account - any webhost account!

Webhosts are subject to predators, just like the rest of us (clients)... except these extortionists claim to be the (spam) cops...

[arianetwork]

both of my VPS are in spams list too . i have check this problem with yahoo customer care and they told me just your provider can fix this problem .

[EuroNut]

Whatever...

LOL! My sentiments exactly!

[JPC-Masood]

Would you be willing to open up a ticket with GNAX support? maybe they can offer some insight?

Of course. Complaints like this should be filed in support ticket immediately. Please do so if not done yet.

Just fyi, we spend a lot of time on abuse reports on daily basis, the cost of which is pretty high.

[Claus von Wolfhausen]

All web hosting data centers host spammers. The question is were they terminated when found or were they left as it is? I highly doubt this report.

For UCEPROTECT-Level 3 the only question is your abuser/user ratio:

http://www.uceprotect.net/en/index.php?m=3&s=5

See here for all abusers under the responsibility of AS 3595:

http://www.uceprotect.net/en/rblcheck.php?asn=3595

If abusers seen within 7 days are going below 184 IP's listed in UCEPROTECT-Level 1, your ASN will be removed from Level 3.

At this time you have a total of 92160 IP's under your control.
UCEPROTECT-Level 1 listed abusers: 361 (within the last 7 days)

That makes an abuser / user ratio of about 0.39% for your ASN, which is very bad.

Compare that to Verizon AS 19262 (One of the worst spamsupporters on the net):
They have 11316480 IP's under their control and 31789 Level 1 listed abusers.

Their abuser / user ratio is about 0.28%

I hope you now have an idea what it means to to have over 0.2% abusers per week.

Yours
Claus von Wolfhausen
UCEPROTECT-Network

[JPC-Masood]

For UCEPROTECT-Level 3 the only question is your abuser/user ratio:

http://www.uceprotect.net/en/index.php?m=3&s=5

See here for all abusers under the responsibility of AS 3595:

http://www.uceprotect.net/en/rblcheck.php?asn=3595

If abusers seen within 7 days are going below 184 IP's listed in UCEPROTECT-Level 1, your ASN will be removed from Level 3.

At this time you have a total of 92160 IP's under your control.
UCEPROTECT-Level 1 listed abusers: 361 (within the last 7 days)

That makes an abuser / user ratio of about 0.39% for your ASN, which is very bad.

Compare that to Verizon AS 19262 (One of the worst spamsupporters on the net):
They have 11316480 IP's under their control and 31789 Level 1 listed abusers.

Their abuser / user ratio is about 0.28%

I hope you now have an idea what it means to to have over 0.2% abusers per week.

Yours
Claus von Wolfhausen
UCEPROTECT-Network

Yes, because in virtual hosting # of accounts/ip is very large, sometimes hundreds of accounts are operating behind one IP. So that ratio does not make much sense.