October 28, 2015

Ongoing Actions to Eliminate Spam Hosting

October 28, 2015

We are announcing a new policy, effective today, as part of our regular efforts to reduce the ability for spam to be sent from the SoftLayer network.

Starting October 28, 2015 bare metal servers and virtual servers provisioned on new accounts will not have the ability to send email directly via outbound connections through TCP port 25 (SMTP). Port 25 can be used as a conduit for distributing unsolicited bulk email.

In a follow-up phase, we will roll out this network policy change to customers who established accounts before October 28. (A separate communications will be sent with timeline and implementation guidance to those customers.)

You can read the technical details on KnowledgeLayer.

SendGrid Services Available to Send and Track Emails

We have partnered with SendGrid™ since 2011 to provide email delivery services. We have arranged for SendGrid to provide SoftLayer customers with an account allowing sending of up to 25,000 emails per month at no charge, which can be activated via the SoftLayer customer portal.

SendGrid allows you to use a SmartHost to relay your outbound mail services while generating metrics, including tracking lists and bounce rates, open rates, and click-through rates. It also assists with newsletters and provides authentication. All of these services are designed to provide stronger email analytics for you to optimize your communications and eNurture programs. Full details on our SendGrid service, including free options, can be found here.

Use Your Email Service Through a Custom Email Port

You are welcome to use your own email service on a custom port following the API or SMTP guidelines provided by your mail provider to configure your servers to an email port other than TCP port 25. This is common practice for most mail providers and should not be an inhibitor to you sending and measuring your communications.

Need an Exception?

If you are a new client and need the ability to send outbound SMTP email via TCP port 25, please open a support ticket in the customer portal, and provide details about why you require an exception to this policy. Be sure to explain why the SendGrid email relaying solution does not fit your system or application needs. Our team is specialized to assist with most email relaying and blacklisting issues for recognized and reputable real-time blackhole lists (RBLs) and can evaluate your situation.

Dedicated to Your Success

We continuously work with established monitoring authorities and groups to eliminate fraudulent spammers and to block the usage of port 25 for email communications.

As we all know, spam is unsolicited bulk email. Our network architecture isolates devices so customers cannot see or share traffic across accounts. We follow ISO 27001. And for federal accounts, we are aligned to NIST 800-53 framework and maintain SOC 2 Type II reporting compliance for all data centers. We integrate three distinct network topologies for each physical or virtual server and offer security solutions for systems, applications, and data as well.

Thank you again to your commitment to SoftLayer as we continue to work hard to ensure a secure environment for you.

-Dani

Comments

January 8th, 2016 at 6:18pm

This should be a lesson to all hosting providers, when even one as large as SoftLayer had to do such damage control. All hosting providers should make sure that new and automated sign ups to their IP Space have controls to prevent or limit egress traffic to port 25, until they are sure of the customers need to operate an email server, and that the customer understands the risks as well. Also, ensuring that the individual customers and operators are listed in 'rwhois' properly, helps to make sure that the whole network isn't painted with the same brush as the ne'er do wells. Outbound rate limiters, and egress traffic reporting is important for every hosting company as the first line of defense, if you want to have IP space that customers want to be on in the future. And while these measures have helped change the SoftLayer IP space from being one of the worst spam sources, to now barely a blip, remember there are other ports than can be used for attacks, not only Port 25.

Leave a Reply

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

Comments

January 8th, 2016 at 6:18pm

This should be a lesson to all hosting providers, when even one as large as SoftLayer had to do such damage control. All hosting providers should make sure that new and automated sign ups to their IP Space have controls to prevent or limit egress traffic to port 25, until they are sure of the customers need to operate an email server, and that the customer understands the risks as well. Also, ensuring that the individual customers and operators are listed in 'rwhois' properly, helps to make sure that the whole network isn't painted with the same brush as the ne'er do wells. Outbound rate limiters, and egress traffic reporting is important for every hosting company as the first line of defense, if you want to have IP space that customers want to be on in the future. And while these measures have helped change the SoftLayer IP space from being one of the worst spam sources, to now barely a blip, remember there are other ports than can be used for attacks, not only Port 25.

Leave a Reply

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.