Spammers Beware: We're on Guard

June 27, 2007

Something happened today that we feel everyone should be aware of: We currently have no SBL listings for our IP space and we were recognized by the Spamhaus Team as a proactive no-spam-tolerance network.

Our hard work here at keeping spammers off of the network, and our reaction when they do make it on has been recognized. If you visit the Spamhaus ISP page, type in softlayer.com. You will find something that is very rare and something we are very proud of. To be recognized in this manner means a great deal to us.

Abuse is something that happens, there is no way around it. What does matter is how we are perceived to handle the situation, and working day in and day out with other abuse desks and networks does indeed pay off.

-Jacob

Comments

June 27th, 2007 at 2:50pm

If you're wondering why the spamhaus site isn't loading, it's likely they're currently being attacked (DoS) by spammers. I hear this is frequently the case.

June 27th, 2007 at 7:08pm

For all resellers and web hosting companies using SL as your datacenter, this should be part of your benefits list on your marketing collateral!

As for spamhaus not working, after the first click of "I agree", you get an error message. Just "Back" and try again. It will work after that :)

Thanks for the link. Did some checking around and found many other datacenters with listed IP's on that list! Nicely done SL.

June 28th, 2007 at 3:02am

Great work! It is cause to pround. But you should know that sometimes abuses make slight inconvenience to legal clients.

June 28th, 2007 at 3:53am

Great job!

Old hosts I've had been with have had many spam issues. I always loved having to answer help requests with bounced e-mail vertification mails.

Now we only have to worry about people not being able to read the capcatchas!

November 16th, 2008 at 11:28am

Hi

According to the hostexploit.com document that was responsible for the effective closure of McColo... one of the 'Toxic Network' of ISP's defined as being responsible for hosting spammers and scammers is Softlayer.

Overview of current badness instances (bad data history 05/2006 – 10/2008):
- Pharm & spam = 12,420
- Rogues & Malware = 167
- Infected / badware sites = 1,538 (from 276,480 IP addresses – exploit ratio 0.56%)

My worry is that if McColo can be taken off the web by its connectivity providers, then so can Softlayer!

What are you doing to take active measures against spammers and scammers?

January 6th, 2009 at 9:49pm

This is interesting. Because just today I've received a half-dozen or so spam messages in the comments section of my blog. The IP of each of them resolves to Softlayer Technologies. I've deleted all the comments as spam in my Wordpress dashboard, but I left this one to show others.

The comment is always a similar combination of English letters variously represented in upper and lower case. Always just 13 or so characters long and always an email with a first name like Jessie, Alvin or Arthur at a gmail.com domain.

Feel free to contact me at my blog or the email attached to this comment regarding this spam. I very curious as to why such a series of characters would be useful.

November 5th, 2009 at 11:05pm

I am tired of getting fake profiles from:

75.126.17.10

IP address [?]: 75.126.17.10 [Copy][Whois] [Reverse IP]
IP country code: US
IP address country: United States
IP address state: Texas
IP address city: Dallas
IP postcode: 75207
IP address latitude: 32.7825
IP address longitude: -96.8207
ISP of this IP [?]: SoftLayer Technologies
Organization: INH Media
Host of this IP: [?]: muckmakers.com [Whois] [Trace]
Local time in United States: 2009-11-05 21:37

May 27th, 2011 at 8:53am

We receive no less than 3000 spamvertisements per day.. all resolving to 184.172.128.0/18 Interestingly enough.. Softlayer. All this crap is from junk domains living at softlayer.

May 27th, 2011 at 3:19pm

You're taking an interesting approach to resolving your issue, "SoftLayer lies." If you hadn't left a spam email address, we could follow up with you to get details about the spam you're receiving.

While we monitor and respond to abusive behavior as quickly as possible, with more than ten million domains on 81,000+ servers, proactively keeping an eye on every site's activity is not possible. If you reference the link from the blog you posted this comment on, none of the reported spam activity resolves to an IP in that block, so it hasn't been reported to Spamhaus, and if you haven't sent detail to abuse@softlayer.com, it hasn't been reported to us either.

The most effective way to combat spam is to provide as much information as possible to eradicate it from our network.

June 8th, 2011 at 8:13am

GreenRoomShackSeason.com, there's a nice follow up for ya. How about elmhybrid.info, detasequoiaglypto.info, nosavilwoodosman.info, thusadogwoodalte.info, ulmusumila.info, kingtickaraliaspi.info, I can provide hundreds a day. all spam crap domains.. all in your network... all created by the same individuals sending the same junk. GreenRoomShackSeason alone has been spamvertising for a ridiculous amount of time with no action from you what so ever. If you are having trouble monitoring your many domains on your many servers perhaps your support team needs some help... A better explanation is that you are a spam friendly host. Own up to what you are.

June 8th, 2011 at 12:29pm

Thanks for repatriating to the SoftLayer Blog, SoftLayer lies! Understanding that "nointerestinyourlies@dontcontactme.com" probably isn't your email address, I'm sorry again that I can't follow up with you directly. The abuse department hasn't received any messages from you about the IP on which those servers are hosted, but they have received an anonymous SpamCop complaint and have contacted our direct customer to address those reported concerns as quickly as possible. Whenever you come across any content that violates our terms of service and/or AUP, the best way to stop it from happening quickly is to send details to abuse@softlayer.com.

If you'd like to follow up with me off of the quasi-anonymous blog comment medium (Wordpress logs origin IP addresses, so it's not completely anonymous), let me know: khazard@softlayer.com.

August 15th, 2011 at 6:43am

I'd take posts like this far more seriously if:

A) I didn't receive a ton of spam to my inbox from Softlayer hosted systems on a daily basis

B) You guys didn't reject spamcop reports

Yes I'm sure with the volume of systems you guys have to manage it would be an absurd number of reports... Crazy, I wonder if thats part of the overhead of running a datacenter...

August 15th, 2011 at 10:58am

Thanks for letting us know, Nick.

We receive spamcop reports regularly, so your reference to the rejection of spamcop reports is troubling. If you have details of bounces or examples of errors, please send them to me (khazard@softlayer.com) and I'll make sure they get addressed immediately.

With regard to the spam you get on a daily basis, what avenues have you pursued to get those addressed? If you can also forward me an example of a report you've submitted to abuse@softlayer.com, I'll follow up directly to get a better understanding of what's happened with them.

October 5th, 2011 at 11:34am

softlayer.com is most definitly a spammers dream for not only launching spam and USE but hosting the target URL of the SPAM/UCE messages. Block and black list softlayer.com IP's and you will stop a ton of SPAM/UCE...

October 5th, 2011 at 12:17pm

Thank you for your feedback, Jim. If you've contacted our abuse department (via abuse@softlayer.com) and haven't seen the problem resolved, please send me details so I can follow up: khazard@softlayer.com

Abusive behavior and any actions that violate our terms of service are not tolerated. With tens of thousands of direct customers and millions of indirect customers (via direct customers like resellers), we have our work cut out for us to keep our network clean, and that's why our abuse reps are on the clock 24x7 to review and follow up with reports that are submitted to the abuse contact list.

October 25th, 2011 at 4:20pm

I find the responses funny from Kevin. Kevin it is you responsibility to police your networks. Just because you have not seen abuse messages doesn't mean it is not happening. We are tracking 312,493 IP addresses or 571 different networks direct from SOFTLAYER. This is a fact. If I was to send to abuse each time I would be doing nothing but emailing your abuse department. You obviously have no idea how to manage what you have, I'm a bit embarrassed for you with that scripted canned response. You probably think I'm making this up, uh? here are a few networks from your our list. I guess I just plucked those out of the sky. Don't worry soon SOFTLAYER won't be able to hide.

October 25th, 2011 at 7:32pm

Thanks for indirectly updating the abuse team with those IP addresses, Frank. I've removed them for the sake of real estate in this comment section, but don't worry, they have been documented. I also appreciate your support in my efforts to springboard my standup comedy routine with responses to abuse-related questions ... I also find them humorous.

All kidding aside, from whom do you believe SoftLayer is trying to hide? Jacob's post here from 2007 references Spamhaus as an authority when it comes to tracking reported spam and malicious activity, and if you search that index for softlayer.com, you get 14 results (most of them /32s) ... That's more than zero, but it's considerably lower than the number you report, so we need to better understand the abusive behavior you're referencing that aren't being reported elsewhere.

As far as having an idea of how to "manage what we have," your feedback here would be very welcome. Let's say you're the security manager for a huge mall. This mall has 86,000 stores with people walking in and out 24x7x365. In this scenario, there are "good guys" and "bad guys" who walk into and out of the mall, and every person looks exactly the same. Some of those people are store owners while others are customers of those stores. As the security manager for the mall, you want to maintain the safest, most well-maintained mall in the world, so when you find out about bad guys, coming in and out of your mall, you do everything you can to kick them out and keep them out. Sometimes those bad guys are store owners who attract and send the wrong crowd, sometimes they are bad guy customers of a good guy store owner.

What would be the best idea about how to manage your mall? It's not possible to differentiate whether a store owner will be a good guy or a bad guy when they're applying to rent a store in your mall, so you can't "keep the bad guys out" in that regard. You can't have a security team of 86,000 people monitoring what's happening in those 86,000 stores, much less have someone individually check the millions of visitors streaming in and out of the stores. What's a security manager to do?

If Las Vegas casinos are any indication, the best bet is to install security cameras and have a team monitoring them all the time. You might not be able to watch everything at the same time, but you can document what's happening around your mall and respond if you notice something unusual (or if someone calls in to report that they've seen bad guys coming from a store in your mall).

That's the position we're in. SoftLayer's network is the mall, the stores are servers, the store owners are our customers, and the bad guys and good guys are traffic into and out of the network. We can do everything we can to profile good guys and bad guys, but even if we know that all good guys have purple eyes and all bad guys have neon green eyes, it's still difficult to try and look every person in the eye as they're walking into and out of the mall. We staff a team of people intent on clearing the bad guys from our mall, and we know that even though good guy store owners may come to host their own bad guy customers, they might end up having bad guy customers every now and then, and they'll want to remove those customers from their store as well, so they appreciate us letting them know.

We're going to keep an eye on our security cameras, and we'll get our security guards to the stores where bad guys are reported as quickly as possible. If no one reports that the people coming out of store 73,403 are all bad guys, what would tell us they aren't good guys? As Edmund Burke once said, "When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle." Or more colloquially, "All that is necessary for the triumph of evil is that good men do nothing."

Phew ... I'm glad I had that as a canned response as well. :-)

October 28th, 2011 at 4:46pm

Out of frustration with the dozens of SPAM emails received weekly originating from SoftLayer.com IPs, I sent the most recent two (of the five received so far today) to khazard@softlayer.com, as well as to abuse@SoftLayer.com. So, why is it that about 4 out of every 10 SPAMs received are from SoftLayer.com? Also, what's with the SPAMs from Turkish SPAMVERTISERS using SoftLayer.com to deliver their trash? I'm receiving these Turkish/SofLayer SPAMs on both my email addresses now.
Why?

October 31st, 2011 at 12:26pm

If Softlayer.com is calling themselves a no-spam network, then why am I still receiving spams which advertise websites hosted on theplanet aka softlayer?

I have a pile of those dang SEO "website ranking" spams here... many with bogus WHOIS data and all are being sent to email addresses obtained by spidering webpages. I keep sending the spams to SpamCop as well as the abuse department at your company and your client keeps opening new domains and still sends them to me.

Please practice what you preach with worldtopseo.com - which is today's spam from a site on your server. It's the same spammer who owns Serpsynergy.com, Topreferencements.com, Strategiesreferencement.com,
SEOlinkmasters.com along with others and yet every time a spam is received and I submit it to SpamCop it always comes up with theplanet.com as the hosting provider.

October 31st, 2011 at 2:14pm

Thanks for letting us know and for copying me on the email you sent to our team, Andy. I sent it straight to an abuse manager to address with our customer as quickly as possible.

October 31st, 2011 at 2:17pm

Thanks for updating again here, Mike. Given the way your forwarded messages of spam were sent, it was filtered into my junk mail box, so had you not updated here, I wouldn't have seen it. I sent your reports to the abuse department manager for direct attention as well. Since you have my contact information, please feel free to let me know if there's anything else I can do for you moving forward.

December 3rd, 2011 at 11:38pm

You are a bunch of liars people send you spam complaints to your abuse@softlayer.com
mailbox and you do nothing about it. And people send you DMCA
notifications to abuse@softlayer.com and legal@softlayer.com and copyright@softlayer.com
and you ignore them and do nothing about it.

Softlayer is pure scum you support spammers and other criminals on your network
so long as they pay you scumbags allow them on your network.

 

December 6th, 2011 at 11:53am

Welcome to the SoftLayer Blog, "The Truth"! As you've seen from the previous interactions in this comment thread, I'm happy to help if you feel like your issues aren't being addressed. The email addresses you include in your first comment are designed as notification systems for their respective internal teams, and while you won't get direct responses to reports you send there, the team will work to investigate and resolve the complaint with the customer(s) you reference.

Unfortunately when you say, "you ignore them and do nothing about it," the validity of your display name in your comment can be called into question. You reference seeing 16 listings on Spamhaus (on December 3), and right now there are 12 listings (on December 6). 5 of the current listings were added after you posted your comment, so those wouldn't have been on your list, so 9 of the listings you read would have been resolved and removed in the past three days. Further to that, 8 of the 12 current listings were reported less than a week ago. In some cases, resolutions take time to verify and remove (which is why you see the older listings going back to November 15), but it's clear that we're neither "ignoring them" nor "doing nothing about it."

December 19th, 2011 at 11:39am

Congratulations! Softlayer tops my firewall logs for most blocks! Top address is: 67.228.190.149-static.reverse.softlayer.com . Coming in a close second is: 174.36.239.82-static.reverse.softlayer.com

Seems to be a ton of spam coming from Softlayer still. A quick google search will back this up. Get to work guys...

 

January 19th, 2012 at 9:36pm

I've blocked every single ip range for softlayer after months of deleting spammers and hackers running automated scripts such a x-rumer and those using RFI attacks etc.

Softlayer is a spammer and hacker haven. Why bother wasting your time writing abuse@spamlayer.com? Just block all their ip ranges and be done with it.

It's about time the US government takes a closer look at your outfit.

January 20th, 2012 at 9:23am

Hi strikeout! Did you send in reports of SPAM to abuse@softlayer.com and not see any results? Your approach works well until you have a legitimate customer/partner trying to make a legitimate connection. I don't know what business you're in, but chances are with around 25,000 customers around the globe (or their millions of customers), at least a few of them might be appealing to you as a customer/partner.

If you've sent in abuse complaints and haven't seen results, I'd love to get details from you to investigate internally (khazard@softlayer.com). If your response is simply because you've seen multiple attacks from the same IPs over a period of time and you believe SoftLayer is complicit in those attacks simply because they haven't been resolved without your input, you might be in the same boat as any other users being targeted by the abuse: "Someone else can do it, so I assume someone else has, and SoftLayer hasn't done anything about it." That mentality falls apart when everyone who sees the abuse thinks that.

January 21st, 2012 at 1:49pm

@kevin

Yes about 30 times and there is only so much time a guy can waste. I understand that your network is huge but unfortunately so is the volume of spam and nefarious activity coming from the softlayer network.

There must be ways for your network to detect this type of activity and nip in the bud before the recipients bear the brunt of it. For example xrumer - i've reported at least a dozen users using that software to hammer our servers with spam. It cannot be that hard to find who is installing that on your servers and immediately close them down - there is NO legitimate use for that type of software.

In the end blocking huge blocks of webservers is not our first choice but considering time wasted vs potentially cutting of a few real users is a chance we are willing to take.

BTW - I administer a website run on a phpwebhosting vps which appears to also be on your network - and there are no problems there.

January 23rd, 2012 at 10:22am

Thanks for the additional context, strikeout. Can you forward me an example of one of the reports that didn't get addressed (khazard@softlayer.com)? With a definite example, I can look in deeper to get an understanding of why the reports you've submitted haven't been resolved.

When you suggest having our network "detect" certain kinds of activity, we start to open up a can of worms. We don't actively monitor or censor any content on any of the 100,000+ servers in our data centers simply because that would introduce a lot of privacy/security concerns. Similar to the potential power of the government in the SOPA legislation that we've publicly opposed, if SoftLayer starts looking for and acting on specific file types or software, that could be a slippery slope into censorship, and the manpower required to do so would not scale.

Another similarity between the concern you have and what we've said about SOPA is that the existing system of letting abuse know when you see any problems (like the current DMCA process) allows us to focus our attention on the fraction of a percentage of our infrastructure/client base that needs that attention rather than an approach that tries to keep up with everyone all at once.

If you can send me some of those reports that you feel weren't worked properly, I can follow up with the abuse team to better understand what's happening. Especially if you administer a site on our network, I don't want you to feel it necessary to prevent that VPS/IP address from connecting to the infrastructure you manage outside our network if you're blocking all SoftLayer IP addresses.

February 4th, 2012 at 2:34am

Sir,

you and ThePlanet have several professional spam operationsin your nest and you are covering for all of them - the abuse reports are never replied to and seldomly handled.

So with all due respect, No-Spam claims are nothing but false advertising.

February 6th, 2012 at 10:36am

Please read the responses above and the more recent follow-up blog post: Fighting SPAM and Abuse on a Global Network. If you have any problems getting an issue resolved when it is submitted to abuse@softlayer.com, please email khazard@softlayer.com with details, and I'll investigate.

You will not receive any responses from the abuse team. The abuse@softlayer.com email alias functions only as a notification system. Every valid abuse report is handled quickly.

This post's intention was not advertising anything. It was purely meant to celebrate a pretty impressive milestone given our size and how much work goes into the process of resolving abuse complaints.

February 18th, 2012 at 7:05am

I am currently sending 2 claims about spamvertising to abuse@softlayer.com
I will tell you my experiences.

April 3rd, 2012 at 11:01am

Let me look in my iptables:

Chain fail2ban-apache-noscript (1 references)
target prot opt source destination
DROP 0 -- free.rimed.cu anywhere
DROP 0 -- mx.rimed.cu anywhere
RETURN 0 -- anywhere anywhere

reverse lookup:
=> 184.173.20.17-static.reverse.softlayer.com
=> 159.253.145.50-static.reverse.softlayer.com

So, instead of sending spam, it's better having hacking customers...

well, after your abuse team didn't react in ages, i do now the only thing, which works:
IPTABLES -I INPUT -s *.softlayer.com -j DROP

April 6th, 2012 at 10:38am

Thanks for commenting, LSW.

While the route you took is certainly an effective option when screening out abusive behavior, it might be heavy handed and limiting when you consider the thousands of legitimate customers and millions of legitimate websites that will also resolve to a softlayer.com reverse lookup. As you probably noticed when you read all of the comments in this blog thread, we would love to follow up with your specific issue to understand why the abuse department did not respond in the way you expected. If you can forward me the report you felt was ignored, I'll look into it immediately: khazard@softlayer.com

Thanks!

April 10th, 2012 at 6:38pm

Check it now to see (http://www.spamhaus.org/sbl/listings/softlayer.com).

I'm a network admin and have blocked 208.43.63.220 and others ips used by a brazilian SPAM group ("Kirzner do Brasil") in my company network. They are using a wide range of IPs. For now this appear to be the only one of Softlayer, but it is being used for some weeks now without any worries.

I requested brazilian internet authorities to block the domains of this company (all ccTLD .com.br). Unfortunatelly, in Brazil there isn't any law about SPAM and this is a looooooong path.

April 11th, 2012 at 5:35pm

Thanks for the comment, Tiago. Can you forward me the messages you've sent to abuse@softlayer.com about the group in question? My email address is khazard@softlayer.com

With that information, I get get a better understanding of what's going on.

April 27th, 2012 at 5:19pm

Hi All,

Just wanted to say that Softlayer.com was hosting SPAM from TUMBLR.COM but of course they really do fight SPAM at Softlayer if they know about it. I contacted Kevin Hazard at Softlayer VIA his email and he helped me stop 25-50 SPAM emails per day from TUMBLR.COM, he is a man of his word!

Thank you Kevin,

Steve

June 19th, 2012 at 7:42am

Thanks for the advice. Do you have a recommendation for what to do when it simply doesn’t work? I’ve been getting lots of “Agile and Scrum training” spam from Softlayer for a few months now. I sent complaints, complete with headers and a very polite note so as not to offend anyone, on April 26, June 7th, June 12, June 14th, and June 19 (today).

I even started cc’ing khazard@softlayer.com as per your request.

Any thought when it might actually stop the spam?

June 19th, 2012 at 12:23pm

David,

Softlayer can only take abuse requests and contact Tumblr.com since the blogs. I've been contacting Support@Tumblr.com with the offending blog and they are pretty quick to delete the offending spam blogs BUT I think it like shoveling SH*T against the tide, new Tumblr blogs seem to be created with ease. I do keep sending the blog like this one deleted http://wiwonepa.tumblr.com/?Easffht. Tumblr support is usually pretty quick to suspend the offending blog which softlayer unfortunately hosts. Again softlayer can only go to Tumblr so it better to cut out the middle man & contact tumblr support at the email above.

Steve

June 19th, 2012 at 3:03pm

Steve,

The mail I'm getting is regular old email spam coming from Softlayer IPs, not related to Tumblr.

On the brighter side, it looks like posting here has gotten some attention, so perhaps the spam will finally stop.

David

June 19th, 2012 at 5:54pm

David,

All my SPAM on Softlayer is a result of Tumblr.com spam Blogs, it makes me think SOMEHOW softlayer could BLOCK all of them but they don't seem to be able to!!!

October 28th, 2012 at 6:24am

Do you respond to SpamCop reports? I have been reporting spam from the domain 'cheekymailvouchers.co.uk', three times a day to my main address and to a mailing list I run, which they seem to have harvested from somewhere. It has been coming in for over a week now, on Saturdays and Sundays too. I've had no response to any of my reports.

March 6th, 2013 at 7:09pm

No, they do not respond to spamcop reports. I have submitted many, and to date no response has been had. I will, however, point out that softlayer do continue to send out spam after they finish ignoring the reports.

March 7th, 2013 at 9:21am

In most cases, the SoftLayer abuse team does not *reply* to reports sent to abuse@softlayer.com or reports provided by SpamCop ... That does not mean that the abuse team does not *respond* to those reports, but if you're waiting to get a personal email response to a spam message you forwarded to our abuse team, it's important that your expectations be reset.

Understanding that one of our representatives will not be sending you an email reply, you should still see action taken on your complaint. I've shared my email address ten times in this comment thread with the promise that I'll help in any way that I can, but it would appear that each new comment effectively disregards the previous comments that have been posted. Again, if you've submitted abuse complaints to SpamCop or the SoftLayer abuse team directly and you haven't seen results, please forward the report you submitted to those authorities to khazard@softlayer.com.

March 7th, 2013 at 5:57pm

So what's the problem with responding directly to spam reports once resolved?

It doesn't take a second and it's a common courtesy to reply to someone who has reported an issue to you. Normal, civilised people would expect a reply. What makes you think we should reset *our* expectations?!

The attitude that the general public that should adapt their to SoftLayer rather than the other way around, plus the fact that I see more than just a handful of spamcop reports heading to SoftLayer, only perpetuates the impression that SoftLayer really don't give an abuse team at all and don't give a ***t about preventing spam.

If we send a report to your official abuse reporting address and don't get a response, why would we waste further time looking through forums trying to get another e-mail address to report it to? Sharing your personal address in a forum for such a purpose is admirable, but doesn't address the problem - that your company doesn't *appear* to be taking the original reports seriously.

I think it's SoftLayer's expectations that need to be 'reset'!

--
Ross

March 8th, 2013 at 11:55am

That's a great question, Ross. The crux of your point seems to rest on assumption that replying to each spam complaint would require marginal effort, but that's not true in this case.

Scenario: A user has a shared hosting plan through a hosting reseller. That hosting reseller rents the server housing that shared hosting plan from a SoftLayer customer who provides server management. The shared hosting user's account is compromised, and a spammer uses it to send one spam email message to 10,000 people. If 1% of those 10,000 people sends an abuse report to abuse@softlayer.com, the abuse queue grows by 100 emails for one issue.

When the abuse team gets those emails, they contact our customer about the abusive behavior. Our customer contacts their customer, and their customer contacts the user whose account was used to send the spam message. Action is taken to make sure the account is secured, so the user tells their hosting reseller who tells our customer who tells us that the problem has been resolved. In the span of time for all of that to happen, the abuse team has been notifying other customers about similar reports, and when a report isn't resolved in the window the abuse team provides, our representatives have to take action to disable the offending server (which in a hosting reseller's case could affect hundreds or thousands of innocent clients).

To respond to each of the 100 abuse reports we received about the one message from one domain on our network, the abuse representative would need to find our customer's response, find all abuse reports related to that resolved issue and respond to each. The marginal time that it takes to do all of that adds up quickly at scale, and that activity would eat into the time our team could devote to processing new abuse complaints and following up with customer responses to abuse reports we've filed on their account.

In reality, the compromised account in this scenario would probably have sent more than one spam message before it was found and investigated, and each message would have its own abuse complaints, so the challenge snowballs.

I agree that it would be courteous to reply to each report when the issue is resolved, but doing so would affect the abuse team's ability to operate efficiently. I don't process hundreds of abuse reports about the same issue, so when one is forwarded to me, I'm able to get an update internally that I can share in a reply. As a department, the abuse department has to set expectations based on the service they can provide consistently and efficiently, and the process of determining what those expectations can be is far from arbitrary.

Is that context helpful?

March 8th, 2013 at 12:10pm

The problem with responding to spam reports is that most people reporting them are not going to be ticked to receive the reply: we got your report but the spammer is a good customer, and he blames his customer, so nothing will be done.

The alternative, an untruthful reply, might work for a while. But eventually people are going to realize that the replies are not reflective of reality. That would not be good, either.

All in all, I think their policy of ignoring reports is probably the best consistent with their business model of hosting spammers and blaming someone else.

April 17th, 2013 at 2:24pm

This is NOT about a spam email. However, it appears that your IP is infecting
with a rootkit, as both Chrome and ie10 are constantly being blocked by MBAM for an outgoing
.exe. So, not only do you have spammers, you have malware.

April 17th, 2013 at 3:30pm

Thanks for letting us know, Dan. If you can send an email to abuse@softlayer.com with "malware" and "rootkit" in the subject line and the details of what you're seeing, our team will investigate and take action to remove the violating content.

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.
Categories: 

Comments

June 27th, 2007 at 2:50pm

If you're wondering why the spamhaus site isn't loading, it's likely they're currently being attacked (DoS) by spammers. I hear this is frequently the case.

June 27th, 2007 at 7:08pm

For all resellers and web hosting companies using SL as your datacenter, this should be part of your benefits list on your marketing collateral!

As for spamhaus not working, after the first click of "I agree", you get an error message. Just "Back" and try again. It will work after that :)

Thanks for the link. Did some checking around and found many other datacenters with listed IP's on that list! Nicely done SL.

June 28th, 2007 at 3:02am

Great work! It is cause to pround. But you should know that sometimes abuses make slight inconvenience to legal clients.

June 28th, 2007 at 3:53am

Great job!

Old hosts I've had been with have had many spam issues. I always loved having to answer help requests with bounced e-mail vertification mails.

Now we only have to worry about people not being able to read the capcatchas!

November 16th, 2008 at 11:28am

Hi

According to the hostexploit.com document that was responsible for the effective closure of McColo... one of the 'Toxic Network' of ISP's defined as being responsible for hosting spammers and scammers is Softlayer.

Overview of current badness instances (bad data history 05/2006 – 10/2008):
- Pharm & spam = 12,420
- Rogues & Malware = 167
- Infected / badware sites = 1,538 (from 276,480 IP addresses – exploit ratio 0.56%)

My worry is that if McColo can be taken off the web by its connectivity providers, then so can Softlayer!

What are you doing to take active measures against spammers and scammers?

January 6th, 2009 at 9:49pm

This is interesting. Because just today I've received a half-dozen or so spam messages in the comments section of my blog. The IP of each of them resolves to Softlayer Technologies. I've deleted all the comments as spam in my Wordpress dashboard, but I left this one to show others.

The comment is always a similar combination of English letters variously represented in upper and lower case. Always just 13 or so characters long and always an email with a first name like Jessie, Alvin or Arthur at a gmail.com domain.

Feel free to contact me at my blog or the email attached to this comment regarding this spam. I very curious as to why such a series of characters would be useful.

November 5th, 2009 at 11:05pm

I am tired of getting fake profiles from:

75.126.17.10

IP address [?]: 75.126.17.10 [Copy][Whois] [Reverse IP]
IP country code: US
IP address country: United States
IP address state: Texas
IP address city: Dallas
IP postcode: 75207
IP address latitude: 32.7825
IP address longitude: -96.8207
ISP of this IP [?]: SoftLayer Technologies
Organization: INH Media
Host of this IP: [?]: muckmakers.com [Whois] [Trace]
Local time in United States: 2009-11-05 21:37

May 27th, 2011 at 8:53am

We receive no less than 3000 spamvertisements per day.. all resolving to 184.172.128.0/18 Interestingly enough.. Softlayer. All this crap is from junk domains living at softlayer.

May 27th, 2011 at 3:19pm

You're taking an interesting approach to resolving your issue, "SoftLayer lies." If you hadn't left a spam email address, we could follow up with you to get details about the spam you're receiving.

While we monitor and respond to abusive behavior as quickly as possible, with more than ten million domains on 81,000+ servers, proactively keeping an eye on every site's activity is not possible. If you reference the link from the blog you posted this comment on, none of the reported spam activity resolves to an IP in that block, so it hasn't been reported to Spamhaus, and if you haven't sent detail to abuse@softlayer.com, it hasn't been reported to us either.

The most effective way to combat spam is to provide as much information as possible to eradicate it from our network.

June 8th, 2011 at 8:13am

GreenRoomShackSeason.com, there's a nice follow up for ya. How about elmhybrid.info, detasequoiaglypto.info, nosavilwoodosman.info, thusadogwoodalte.info, ulmusumila.info, kingtickaraliaspi.info, I can provide hundreds a day. all spam crap domains.. all in your network... all created by the same individuals sending the same junk. GreenRoomShackSeason alone has been spamvertising for a ridiculous amount of time with no action from you what so ever. If you are having trouble monitoring your many domains on your many servers perhaps your support team needs some help... A better explanation is that you are a spam friendly host. Own up to what you are.

June 8th, 2011 at 12:29pm

Thanks for repatriating to the SoftLayer Blog, SoftLayer lies! Understanding that "nointerestinyourlies@dontcontactme.com" probably isn't your email address, I'm sorry again that I can't follow up with you directly. The abuse department hasn't received any messages from you about the IP on which those servers are hosted, but they have received an anonymous SpamCop complaint and have contacted our direct customer to address those reported concerns as quickly as possible. Whenever you come across any content that violates our terms of service and/or AUP, the best way to stop it from happening quickly is to send details to abuse@softlayer.com.

If you'd like to follow up with me off of the quasi-anonymous blog comment medium (Wordpress logs origin IP addresses, so it's not completely anonymous), let me know: khazard@softlayer.com.

August 15th, 2011 at 6:43am

I'd take posts like this far more seriously if:

A) I didn't receive a ton of spam to my inbox from Softlayer hosted systems on a daily basis

B) You guys didn't reject spamcop reports

Yes I'm sure with the volume of systems you guys have to manage it would be an absurd number of reports... Crazy, I wonder if thats part of the overhead of running a datacenter...

August 15th, 2011 at 10:58am

Thanks for letting us know, Nick.

We receive spamcop reports regularly, so your reference to the rejection of spamcop reports is troubling. If you have details of bounces or examples of errors, please send them to me (khazard@softlayer.com) and I'll make sure they get addressed immediately.

With regard to the spam you get on a daily basis, what avenues have you pursued to get those addressed? If you can also forward me an example of a report you've submitted to abuse@softlayer.com, I'll follow up directly to get a better understanding of what's happened with them.

October 5th, 2011 at 11:34am

softlayer.com is most definitly a spammers dream for not only launching spam and USE but hosting the target URL of the SPAM/UCE messages. Block and black list softlayer.com IP's and you will stop a ton of SPAM/UCE...

October 5th, 2011 at 12:17pm

Thank you for your feedback, Jim. If you've contacted our abuse department (via abuse@softlayer.com) and haven't seen the problem resolved, please send me details so I can follow up: khazard@softlayer.com

Abusive behavior and any actions that violate our terms of service are not tolerated. With tens of thousands of direct customers and millions of indirect customers (via direct customers like resellers), we have our work cut out for us to keep our network clean, and that's why our abuse reps are on the clock 24x7 to review and follow up with reports that are submitted to the abuse contact list.

October 25th, 2011 at 4:20pm

I find the responses funny from Kevin. Kevin it is you responsibility to police your networks. Just because you have not seen abuse messages doesn't mean it is not happening. We are tracking 312,493 IP addresses or 571 different networks direct from SOFTLAYER. This is a fact. If I was to send to abuse each time I would be doing nothing but emailing your abuse department. You obviously have no idea how to manage what you have, I'm a bit embarrassed for you with that scripted canned response. You probably think I'm making this up, uh? here are a few networks from your our list. I guess I just plucked those out of the sky. Don't worry soon SOFTLAYER won't be able to hide.

October 25th, 2011 at 7:32pm

Thanks for indirectly updating the abuse team with those IP addresses, Frank. I've removed them for the sake of real estate in this comment section, but don't worry, they have been documented. I also appreciate your support in my efforts to springboard my standup comedy routine with responses to abuse-related questions ... I also find them humorous.

All kidding aside, from whom do you believe SoftLayer is trying to hide? Jacob's post here from 2007 references Spamhaus as an authority when it comes to tracking reported spam and malicious activity, and if you search that index for softlayer.com, you get 14 results (most of them /32s) ... That's more than zero, but it's considerably lower than the number you report, so we need to better understand the abusive behavior you're referencing that aren't being reported elsewhere.

As far as having an idea of how to "manage what we have," your feedback here would be very welcome. Let's say you're the security manager for a huge mall. This mall has 86,000 stores with people walking in and out 24x7x365. In this scenario, there are "good guys" and "bad guys" who walk into and out of the mall, and every person looks exactly the same. Some of those people are store owners while others are customers of those stores. As the security manager for the mall, you want to maintain the safest, most well-maintained mall in the world, so when you find out about bad guys, coming in and out of your mall, you do everything you can to kick them out and keep them out. Sometimes those bad guys are store owners who attract and send the wrong crowd, sometimes they are bad guy customers of a good guy store owner.

What would be the best idea about how to manage your mall? It's not possible to differentiate whether a store owner will be a good guy or a bad guy when they're applying to rent a store in your mall, so you can't "keep the bad guys out" in that regard. You can't have a security team of 86,000 people monitoring what's happening in those 86,000 stores, much less have someone individually check the millions of visitors streaming in and out of the stores. What's a security manager to do?

If Las Vegas casinos are any indication, the best bet is to install security cameras and have a team monitoring them all the time. You might not be able to watch everything at the same time, but you can document what's happening around your mall and respond if you notice something unusual (or if someone calls in to report that they've seen bad guys coming from a store in your mall).

That's the position we're in. SoftLayer's network is the mall, the stores are servers, the store owners are our customers, and the bad guys and good guys are traffic into and out of the network. We can do everything we can to profile good guys and bad guys, but even if we know that all good guys have purple eyes and all bad guys have neon green eyes, it's still difficult to try and look every person in the eye as they're walking into and out of the mall. We staff a team of people intent on clearing the bad guys from our mall, and we know that even though good guy store owners may come to host their own bad guy customers, they might end up having bad guy customers every now and then, and they'll want to remove those customers from their store as well, so they appreciate us letting them know.

We're going to keep an eye on our security cameras, and we'll get our security guards to the stores where bad guys are reported as quickly as possible. If no one reports that the people coming out of store 73,403 are all bad guys, what would tell us they aren't good guys? As Edmund Burke once said, "When bad men combine, the good must associate; else they will fall one by one, an unpitied sacrifice in a contemptible struggle." Or more colloquially, "All that is necessary for the triumph of evil is that good men do nothing."

Phew ... I'm glad I had that as a canned response as well. :-)

October 28th, 2011 at 4:46pm

Out of frustration with the dozens of SPAM emails received weekly originating from SoftLayer.com IPs, I sent the most recent two (of the five received so far today) to khazard@softlayer.com, as well as to abuse@SoftLayer.com. So, why is it that about 4 out of every 10 SPAMs received are from SoftLayer.com? Also, what's with the SPAMs from Turkish SPAMVERTISERS using SoftLayer.com to deliver their trash? I'm receiving these Turkish/SofLayer SPAMs on both my email addresses now.
Why?

October 31st, 2011 at 12:26pm

If Softlayer.com is calling themselves a no-spam network, then why am I still receiving spams which advertise websites hosted on theplanet aka softlayer?

I have a pile of those dang SEO "website ranking" spams here... many with bogus WHOIS data and all are being sent to email addresses obtained by spidering webpages. I keep sending the spams to SpamCop as well as the abuse department at your company and your client keeps opening new domains and still sends them to me.

Please practice what you preach with worldtopseo.com - which is today's spam from a site on your server. It's the same spammer who owns Serpsynergy.com, Topreferencements.com, Strategiesreferencement.com,
SEOlinkmasters.com along with others and yet every time a spam is received and I submit it to SpamCop it always comes up with theplanet.com as the hosting provider.

October 31st, 2011 at 2:14pm

Thanks for letting us know and for copying me on the email you sent to our team, Andy. I sent it straight to an abuse manager to address with our customer as quickly as possible.

October 31st, 2011 at 2:17pm

Thanks for updating again here, Mike. Given the way your forwarded messages of spam were sent, it was filtered into my junk mail box, so had you not updated here, I wouldn't have seen it. I sent your reports to the abuse department manager for direct attention as well. Since you have my contact information, please feel free to let me know if there's anything else I can do for you moving forward.

December 3rd, 2011 at 11:38pm

You are a bunch of liars people send you spam complaints to your abuse@softlayer.com
mailbox and you do nothing about it. And people send you DMCA
notifications to abuse@softlayer.com and legal@softlayer.com and copyright@softlayer.com
and you ignore them and do nothing about it.

Softlayer is pure scum you support spammers and other criminals on your network
so long as they pay you scumbags allow them on your network.

 

December 6th, 2011 at 11:53am

Welcome to the SoftLayer Blog, "The Truth"! As you've seen from the previous interactions in this comment thread, I'm happy to help if you feel like your issues aren't being addressed. The email addresses you include in your first comment are designed as notification systems for their respective internal teams, and while you won't get direct responses to reports you send there, the team will work to investigate and resolve the complaint with the customer(s) you reference.

Unfortunately when you say, "you ignore them and do nothing about it," the validity of your display name in your comment can be called into question. You reference seeing 16 listings on Spamhaus (on December 3), and right now there are 12 listings (on December 6). 5 of the current listings were added after you posted your comment, so those wouldn't have been on your list, so 9 of the listings you read would have been resolved and removed in the past three days. Further to that, 8 of the 12 current listings were reported less than a week ago. In some cases, resolutions take time to verify and remove (which is why you see the older listings going back to November 15), but it's clear that we're neither "ignoring them" nor "doing nothing about it."

December 19th, 2011 at 11:39am

Congratulations! Softlayer tops my firewall logs for most blocks! Top address is: 67.228.190.149-static.reverse.softlayer.com . Coming in a close second is: 174.36.239.82-static.reverse.softlayer.com

Seems to be a ton of spam coming from Softlayer still. A quick google search will back this up. Get to work guys...

 

January 19th, 2012 at 9:36pm

I've blocked every single ip range for softlayer after months of deleting spammers and hackers running automated scripts such a x-rumer and those using RFI attacks etc.

Softlayer is a spammer and hacker haven. Why bother wasting your time writing abuse@spamlayer.com? Just block all their ip ranges and be done with it.

It's about time the US government takes a closer look at your outfit.

January 20th, 2012 at 9:23am

Hi strikeout! Did you send in reports of SPAM to abuse@softlayer.com and not see any results? Your approach works well until you have a legitimate customer/partner trying to make a legitimate connection. I don't know what business you're in, but chances are with around 25,000 customers around the globe (or their millions of customers), at least a few of them might be appealing to you as a customer/partner.

If you've sent in abuse complaints and haven't seen results, I'd love to get details from you to investigate internally (khazard@softlayer.com). If your response is simply because you've seen multiple attacks from the same IPs over a period of time and you believe SoftLayer is complicit in those attacks simply because they haven't been resolved without your input, you might be in the same boat as any other users being targeted by the abuse: "Someone else can do it, so I assume someone else has, and SoftLayer hasn't done anything about it." That mentality falls apart when everyone who sees the abuse thinks that.

January 21st, 2012 at 1:49pm

@kevin

Yes about 30 times and there is only so much time a guy can waste. I understand that your network is huge but unfortunately so is the volume of spam and nefarious activity coming from the softlayer network.

There must be ways for your network to detect this type of activity and nip in the bud before the recipients bear the brunt of it. For example xrumer - i've reported at least a dozen users using that software to hammer our servers with spam. It cannot be that hard to find who is installing that on your servers and immediately close them down - there is NO legitimate use for that type of software.

In the end blocking huge blocks of webservers is not our first choice but considering time wasted vs potentially cutting of a few real users is a chance we are willing to take.

BTW - I administer a website run on a phpwebhosting vps which appears to also be on your network - and there are no problems there.

January 23rd, 2012 at 10:22am

Thanks for the additional context, strikeout. Can you forward me an example of one of the reports that didn't get addressed (khazard@softlayer.com)? With a definite example, I can look in deeper to get an understanding of why the reports you've submitted haven't been resolved.

When you suggest having our network "detect" certain kinds of activity, we start to open up a can of worms. We don't actively monitor or censor any content on any of the 100,000+ servers in our data centers simply because that would introduce a lot of privacy/security concerns. Similar to the potential power of the government in the SOPA legislation that we've publicly opposed, if SoftLayer starts looking for and acting on specific file types or software, that could be a slippery slope into censorship, and the manpower required to do so would not scale.

Another similarity between the concern you have and what we've said about SOPA is that the existing system of letting abuse know when you see any problems (like the current DMCA process) allows us to focus our attention on the fraction of a percentage of our infrastructure/client base that needs that attention rather than an approach that tries to keep up with everyone all at once.

If you can send me some of those reports that you feel weren't worked properly, I can follow up with the abuse team to better understand what's happening. Especially if you administer a site on our network, I don't want you to feel it necessary to prevent that VPS/IP address from connecting to the infrastructure you manage outside our network if you're blocking all SoftLayer IP addresses.

February 4th, 2012 at 2:34am

Sir,

you and ThePlanet have several professional spam operationsin your nest and you are covering for all of them - the abuse reports are never replied to and seldomly handled.

So with all due respect, No-Spam claims are nothing but false advertising.

February 6th, 2012 at 10:36am

Please read the responses above and the more recent follow-up blog post: Fighting SPAM and Abuse on a Global Network. If you have any problems getting an issue resolved when it is submitted to abuse@softlayer.com, please email khazard@softlayer.com with details, and I'll investigate.

You will not receive any responses from the abuse team. The abuse@softlayer.com email alias functions only as a notification system. Every valid abuse report is handled quickly.

This post's intention was not advertising anything. It was purely meant to celebrate a pretty impressive milestone given our size and how much work goes into the process of resolving abuse complaints.

February 18th, 2012 at 7:05am

I am currently sending 2 claims about spamvertising to abuse@softlayer.com
I will tell you my experiences.

April 3rd, 2012 at 11:01am

Let me look in my iptables:

Chain fail2ban-apache-noscript (1 references)
target prot opt source destination
DROP 0 -- free.rimed.cu anywhere
DROP 0 -- mx.rimed.cu anywhere
RETURN 0 -- anywhere anywhere

reverse lookup:
=> 184.173.20.17-static.reverse.softlayer.com
=> 159.253.145.50-static.reverse.softlayer.com

So, instead of sending spam, it's better having hacking customers...

well, after your abuse team didn't react in ages, i do now the only thing, which works:
IPTABLES -I INPUT -s *.softlayer.com -j DROP

April 6th, 2012 at 10:38am

Thanks for commenting, LSW.

While the route you took is certainly an effective option when screening out abusive behavior, it might be heavy handed and limiting when you consider the thousands of legitimate customers and millions of legitimate websites that will also resolve to a softlayer.com reverse lookup. As you probably noticed when you read all of the comments in this blog thread, we would love to follow up with your specific issue to understand why the abuse department did not respond in the way you expected. If you can forward me the report you felt was ignored, I'll look into it immediately: khazard@softlayer.com

Thanks!

April 10th, 2012 at 6:38pm

Check it now to see (http://www.spamhaus.org/sbl/listings/softlayer.com).

I'm a network admin and have blocked 208.43.63.220 and others ips used by a brazilian SPAM group ("Kirzner do Brasil") in my company network. They are using a wide range of IPs. For now this appear to be the only one of Softlayer, but it is being used for some weeks now without any worries.

I requested brazilian internet authorities to block the domains of this company (all ccTLD .com.br). Unfortunatelly, in Brazil there isn't any law about SPAM and this is a looooooong path.

April 11th, 2012 at 5:35pm

Thanks for the comment, Tiago. Can you forward me the messages you've sent to abuse@softlayer.com about the group in question? My email address is khazard@softlayer.com

With that information, I get get a better understanding of what's going on.

April 27th, 2012 at 5:19pm

Hi All,

Just wanted to say that Softlayer.com was hosting SPAM from TUMBLR.COM but of course they really do fight SPAM at Softlayer if they know about it. I contacted Kevin Hazard at Softlayer VIA his email and he helped me stop 25-50 SPAM emails per day from TUMBLR.COM, he is a man of his word!

Thank you Kevin,

Steve

June 19th, 2012 at 7:42am

Thanks for the advice. Do you have a recommendation for what to do when it simply doesn’t work? I’ve been getting lots of “Agile and Scrum training” spam from Softlayer for a few months now. I sent complaints, complete with headers and a very polite note so as not to offend anyone, on April 26, June 7th, June 12, June 14th, and June 19 (today).

I even started cc’ing khazard@softlayer.com as per your request.

Any thought when it might actually stop the spam?

June 19th, 2012 at 12:23pm

David,

Softlayer can only take abuse requests and contact Tumblr.com since the blogs. I've been contacting Support@Tumblr.com with the offending blog and they are pretty quick to delete the offending spam blogs BUT I think it like shoveling SH*T against the tide, new Tumblr blogs seem to be created with ease. I do keep sending the blog like this one deleted http://wiwonepa.tumblr.com/?Easffht. Tumblr support is usually pretty quick to suspend the offending blog which softlayer unfortunately hosts. Again softlayer can only go to Tumblr so it better to cut out the middle man & contact tumblr support at the email above.

Steve

June 19th, 2012 at 3:03pm

Steve,

The mail I'm getting is regular old email spam coming from Softlayer IPs, not related to Tumblr.

On the brighter side, it looks like posting here has gotten some attention, so perhaps the spam will finally stop.

David

June 19th, 2012 at 5:54pm

David,

All my SPAM on Softlayer is a result of Tumblr.com spam Blogs, it makes me think SOMEHOW softlayer could BLOCK all of them but they don't seem to be able to!!!

October 28th, 2012 at 6:24am

Do you respond to SpamCop reports? I have been reporting spam from the domain 'cheekymailvouchers.co.uk', three times a day to my main address and to a mailing list I run, which they seem to have harvested from somewhere. It has been coming in for over a week now, on Saturdays and Sundays too. I've had no response to any of my reports.

March 6th, 2013 at 7:09pm

No, they do not respond to spamcop reports. I have submitted many, and to date no response has been had. I will, however, point out that softlayer do continue to send out spam after they finish ignoring the reports.

March 7th, 2013 at 9:21am

In most cases, the SoftLayer abuse team does not *reply* to reports sent to abuse@softlayer.com or reports provided by SpamCop ... That does not mean that the abuse team does not *respond* to those reports, but if you're waiting to get a personal email response to a spam message you forwarded to our abuse team, it's important that your expectations be reset.

Understanding that one of our representatives will not be sending you an email reply, you should still see action taken on your complaint. I've shared my email address ten times in this comment thread with the promise that I'll help in any way that I can, but it would appear that each new comment effectively disregards the previous comments that have been posted. Again, if you've submitted abuse complaints to SpamCop or the SoftLayer abuse team directly and you haven't seen results, please forward the report you submitted to those authorities to khazard@softlayer.com.

March 7th, 2013 at 5:57pm

So what's the problem with responding directly to spam reports once resolved?

It doesn't take a second and it's a common courtesy to reply to someone who has reported an issue to you. Normal, civilised people would expect a reply. What makes you think we should reset *our* expectations?!

The attitude that the general public that should adapt their to SoftLayer rather than the other way around, plus the fact that I see more than just a handful of spamcop reports heading to SoftLayer, only perpetuates the impression that SoftLayer really don't give an abuse team at all and don't give a ***t about preventing spam.

If we send a report to your official abuse reporting address and don't get a response, why would we waste further time looking through forums trying to get another e-mail address to report it to? Sharing your personal address in a forum for such a purpose is admirable, but doesn't address the problem - that your company doesn't *appear* to be taking the original reports seriously.

I think it's SoftLayer's expectations that need to be 'reset'!

--
Ross

March 8th, 2013 at 11:55am

That's a great question, Ross. The crux of your point seems to rest on assumption that replying to each spam complaint would require marginal effort, but that's not true in this case.

Scenario: A user has a shared hosting plan through a hosting reseller. That hosting reseller rents the server housing that shared hosting plan from a SoftLayer customer who provides server management. The shared hosting user's account is compromised, and a spammer uses it to send one spam email message to 10,000 people. If 1% of those 10,000 people sends an abuse report to abuse@softlayer.com, the abuse queue grows by 100 emails for one issue.

When the abuse team gets those emails, they contact our customer about the abusive behavior. Our customer contacts their customer, and their customer contacts the user whose account was used to send the spam message. Action is taken to make sure the account is secured, so the user tells their hosting reseller who tells our customer who tells us that the problem has been resolved. In the span of time for all of that to happen, the abuse team has been notifying other customers about similar reports, and when a report isn't resolved in the window the abuse team provides, our representatives have to take action to disable the offending server (which in a hosting reseller's case could affect hundreds or thousands of innocent clients).

To respond to each of the 100 abuse reports we received about the one message from one domain on our network, the abuse representative would need to find our customer's response, find all abuse reports related to that resolved issue and respond to each. The marginal time that it takes to do all of that adds up quickly at scale, and that activity would eat into the time our team could devote to processing new abuse complaints and following up with customer responses to abuse reports we've filed on their account.

In reality, the compromised account in this scenario would probably have sent more than one spam message before it was found and investigated, and each message would have its own abuse complaints, so the challenge snowballs.

I agree that it would be courteous to reply to each report when the issue is resolved, but doing so would affect the abuse team's ability to operate efficiently. I don't process hundreds of abuse reports about the same issue, so when one is forwarded to me, I'm able to get an update internally that I can share in a reply. As a department, the abuse department has to set expectations based on the service they can provide consistently and efficiently, and the process of determining what those expectations can be is far from arbitrary.

Is that context helpful?

March 8th, 2013 at 12:10pm

The problem with responding to spam reports is that most people reporting them are not going to be ticked to receive the reply: we got your report but the spammer is a good customer, and he blames his customer, so nothing will be done.

The alternative, an untruthful reply, might work for a while. But eventually people are going to realize that the replies are not reflective of reality. That would not be good, either.

All in all, I think their policy of ignoring reports is probably the best consistent with their business model of hosting spammers and blaming someone else.

April 17th, 2013 at 2:24pm

This is NOT about a spam email. However, it appears that your IP is infecting
with a rootkit, as both Chrome and ie10 are constantly being blocked by MBAM for an outgoing
.exe. So, not only do you have spammers, you have malware.

April 17th, 2013 at 3:30pm

Thanks for letting us know, Dan. If you can send an email to abuse@softlayer.com with "malware" and "rootkit" in the subject line and the details of what you're seeing, our team will investigate and take action to remove the violating content.

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.