Re: [anti-abuse-wg] ORG-OG2-RIPE -- plusserver.com / plusserver.de
Hi All, you are completely right. This is not acceptable and I escalate this to my collegues who are in charge of this problem. Kind Regards Christian I just wanted to make you all aware that whereas most networks require any spam report to include the entire spam message, attempting to include an actual spam sample in an abuse report sent to ORG-OG2-RIPE aka plusserver.com<http://plusserver.com> results in an an undeliverable (5xx) bounce message contain text like the following: <abuse at plusserver.com<https://lists.ripe.net/mailman/listinfo/anti-abuse-wg>>: host mx01.hornetsecurity.com<http://mx01.hornetsecurity.com>[94.100.132.8] said: 554 5.6.3 Your mail contains SPAM. To unblock visit http://cloud-security.net/unblock?REDACTED (in reply to end of DATA command) Is is of course admirable that this network is able to accurately recognize -inbound- spam messages so accurately. It is rather a shame however that this network is apparently incapable of doing likewise when it comes to spam flowing outwards from their network. For reference, the fully aggregated set of IPv4 CIDRs currently assigned to this network within the RIPE region is as follows: 46.22.32.0/20 46.23.208.0/20 46.163.80.0/22 46.163.88.0/21 46.163.100.0/22 46.163.120.0/21 46.231.88.0/21 62.75.128.0/23 62.75.131.0/24 62.75.132.0/23 62.75.135.0/24 62.75.140.0/24 62.75.153.0/24 62.75.154.0/24 62.75.172.0/24 62.75.174.0/24 62.75.176.0/24 62.75.180.0/24 62.75.205.0/24 62.75.206.0/24 62.75.212.0/24 62.75.226.0/23 62.75.231.0/24 62.75.239.0/24 62.138.64.0/18 62.138.192.0/18 78.138.64.0/19 78.138.108.0/22 78.138.112.0/22 78.138.116.0/23 78.138.119.0/24 78.138.120.0/22 78.138.124.0/23 80.86.80.0/24 80.86.88.0/23 80.237.131.0/24 80.237.134.0/24 80.237.140.0/23 80.237.152.0/21 80.237.176.0/20 80.237.192.0/23 80.237.196.0/22 80.237.200.0/21 80.237.208.0/22 80.237.213.0/24 80.237.216.0/21 80.237.224.0/20 80.237.240.0/21 80.237.250.0/24 80.242.128.0/19 83.169.48.0/22 83.169.56.0/21 83.220.128.0/19 85.25.18.0/23 85.25.21.0/24 85.25.22.0/23 85.25.24.0/23 85.25.28.0/22 85.25.65.0/24 85.25.69.0/24 85.25.70.0/24 85.25.80.0/21 85.25.88.0/22 85.25.96.0/23 85.25.101.0/24 85.25.111.0/24 85.25.121.0/24 85.25.158.0/24 85.25.175.0/24 85.25.212.0/24 85.25.221.0/24 85.25.234.0/24 85.25.240.0/23 85.25.245.0/24 85.25.247.0/24 85.119.200.0/21 87.119.192.0/23 87.119.194.0/24 87.119.196.0/22 87.119.200.0/21 87.119.208.0/21 87.119.216.0/22 87.230.36.0/22 87.230.50.0/23 87.230.52.0/22 87.230.56.0/22 87.230.65.0/24 87.230.72.0/22 87.230.82.0/23 87.230.96.0/21 87.230.108.0/23 87.230.120.0/22 87.230.124.0/23 87.230.127.0/24 89.19.224.0/19 91.209.52.0/24 91.250.72.0/21 91.250.92.0/22 91.250.104.0/22 92.51.152.0/21 92.51.168.0/23 92.51.171.0/24 92.51.172.0/22 92.51.176.0/22 92.51.184.0/21 93.187.112.0/21 151.106.64.0/19 176.28.24.0/21 176.28.60.0/23 176.28.63.0/24 178.77.88.0/21 178.77.120.0/22 178.77.125.0/24 178.77.126.0/23 185.55.68.0/22 185.209.64.0/22 188.64.192.0/21 188.138.64.0/22 188.138.80.0/24 193.33.20.0/23 193.34.200.0/25 194.15.144.0/24 194.24.192.0/19 194.64.0.0/16 194.163.16.0/20 194.163.64.0/18 194.163.192.0/18 194.195.0.0/18 194.195.64.0/20 194.195.96.0/20 194.195.128.0/18 194.195.192.0/20 194.195.224.0/20 194.233.0.0/18 194.233.112.0/20 194.233.128.0/19 194.233.192.0/18 195.177.0.0/18 195.179.0.0/17 195.179.128.0/18 195.179.208.0/20 195.179.240.0/20 195.180.0.0/16 195.191.26.0/23 195.206.128.0/19 195.244.96.0/19 195.252.128.0/18 212.1.32.0/19 212.40.160.0/24 212.40.166.0/24 212.40.168.0/24 212.40.174.0/23 212.40.176.0/24 212.40.181.0/24 212.40.182.0/23 212.40.186.0/24 212.116.0.0/19 212.224.0.0/18 213.131.224.0/19 213.174.32.0/19 213.203.192.0/18 217.69.64.0/19 217.115.136.0/22 217.115.140.0/24 217.115.144.0/24 217.115.148.0/22 217.119.48.0/24 217.119.51.0/24 217.119.52.0/23 217.119.55.0/24 217.119.57.0/24 217.119.58.0/23 217.119.60.0/22 217.172.163.0/24 217.172.165.0/24 217.172.166.0/23 217.172.168.0/23 217.172.173.0/24 217.172.174.0/23 217.172.191.0/24 Christian Adler Senior Network Engineer PlusNetwork Squad [cid:C81E12D7-E9A9-4037-8236-00A6D211C61E] +49 40 77175-763 Christian.Adler@plusserver.com<mailto:Christian.Adler@plusserver.com> PlusServer GmbH Nagelsweg 33-35 20097 Hamburg HRB 84977 / Amtsgericht Köln Geschäftsführer: Alexander Wallner (CEO), Dr. Frank Nellissen
In message <746A4EF3-204F-4F3F-913F-22544EEAF768@plusserver.com>, Christian Adler <christian.adler@plusserver.com> wrote:
you are completely right. This is not acceptable and I escalate this to my collegues who are in charge of this problem.
Thank you Christian for proactively addressing this issue. It will certainly be helpful if it becomes possible to email a proper sort of spam report to Plusserver. Separately and additionally however, I hope that you and your collegues will invest some brain cycles also to consider the other part of the critique that I posted here the other day. It is apparent that Plusserver does have the technical ability in place to detect and block spam, at least when it is incoming to your network and to your company mail server. Thus it seems apparent that if that same technology were applied equally and also to all email flowing -out- from the Plusserver network, this would have an undeniably salutary effect. It may be technically difficult to set that all up, but as you may be aware, many larger networks across the globe do already block direct outbound port 25 TCP connects from their network customers, asking them all instead to utilize the company's own outbound "smart host" mail server for all outbound email. The technology to do this is relatively easy to put in place, and is quite mature. If Plusserver were to do this, possibly with the exception of its large and well-trusted customers, tnen EVEN IF Plusserver did not also implement any sort of filtering or spam detection on that one outbound "smart host" mail server, the company would at least still have some very helpful realtime logs that would clearly show when some individual customer had been sending a large and atypical amount of outbound emails. And that alone might be just enough to disuade spammers from trying to use the Plusserver network for their disruptive and abusive activities. Regards, rfg
participants (2)
-
Christian Adler -
Ronald F. Guilmette