SMTP verification in Features and Ideas

edited April 2014 in Features and Ideas

Please provide a better way to authorise/verify an account holder in order to unblock SMTP.
Happy to provide CC details and a photo of my drivers license, but not by fax or email. A secure upload / online check is preferred.

I just want to keep an eye on fail2ban notifications!



  • Seems like a bit much just for SMTP. I'd just use another email provider, and connect remotely to send emails. Too much trouble to verify just to prevent spam.

    Would be much better just to impose a certain acceptable limit, and if you need more you can open a ticket with a valid reason why. Most email providers limit to about 100 per day, but I'm sure for sites that have forums and blogs with subscriptions may need much more than that.
  • Use another provider, and send over a different port than 25 (SMTP over secured protocols like SSL or TLS doesn't use 25 by default.)
  • edited May 2014
    Seriously??? Credit Card Information via FAX/EMAIL?

    So to "stop" spam you violate privacy and don't care for security standards?

    Sorry for the honest comment, but this is really nuts....

    You can just set up proper policies to keep this under control... block users who abuse it for good even, there's a lot of ways around this.

    Also what if we don't have a credit card?

    [Suggestion: until you have a proper way to control this, at least give us a public GPG key to send details encrypted]
  • @mikec - A few bad apples always ruin the bunch. We're not in agreement that a photo ID to verify against fraud is a breach of privacy.
  • edited May 2014
    Quite interesting, you may consider being more open about the verification methods in your ToS/AUP as I do not see any mentions of requiring ID. Perhaps even an update to the privacy policy considering how common SMTP is for monitoring and alerts.

    Frankly, I am on the fence about this personally. In the 20 or so server companies I've dealt with in my time, I've never been asked for ID, especially for something so mundane. Typically SMTP / SPAM and the like is monitored upstream using network monitoring technologies; Packet capture or TCP session monitoring.

  • Having to deal with cards at work, I can guarantee you that is against PCI compliance.
  • Would there ever be a change to SMTP verification methods?

    Would be spinning up more instances and transferring from shared hosting if it were easier to send mail...
  • This is insane, as a newbie, deploy few servers to config DNS and others try to figure out sending emails.

    It's been 3 days and it's 4:35 in the morning, turns out Vultr block the outbound emails.

    Vultr should put this term on homepage!!

  • Its in the agreement you accepted...
  • yeah a secure method of delivery would be nice

    maybe use for encrypted emails ?
  • >>Arffeh June 27
    >>Its in the agreement you accepted...

    Terms of service

    use Policy

    anti-spam policy

    Not seeing anywhere a mention that port 25 is blocked by default.. or that one would need to send ID to get port 25 unblocked.

    Reading their use policy now makes me highly doubt I will use vultr for production.
    ------------- will immediately terminate any account which it believes, in its sole discretion, is transmitting or is otherwise connected with any spam or other unsolicited bulk email. In addition, because damages are often difficult to quantify, if actual damages cannot be reasonably calculated then you agree to pay liquidated damages of $5 for each piece of spam or unsolicited bulk email transmitted from or otherwise connected with your account, otherwise you agree to pay's actual damages, to the extent such actual damages can be reasonably calculated.

    One of my client's VMs got hacked on another provider and thousands of spam emails got sent out. If that had happened on Vultr they are basically saying they could charge me $5 per spam sent out.

    I don't know of any other provider that would do such a thing.

    Time to email every friend/client I ever recommended Vultr and un-recommend..
  • VULTR is an awesome cloud hosting I've ever seen !!

    Especially with the low price and datacenter near Asia area.

    But SMTP block policy isn’t a smart decision, I always use email to alert the system event, maybe just 2~3 letters in one day.

    As you know, to enable this function must fill out a table with the PASSPORT/ID scan, This scarifies personal privacy, and put customer under some risk.

    Since you gather personal PASSPORT & CREDIT CARD number,
    It’s too much for just cloud hosting.

    Maybe you can reconsider to have some “deposit money” mechanism, Let the use pay for 20 Credits to guarantee that SPAM or abuse not happen, I think it's better way than you did now.

    The aim of cloud hosting is to provide flexibility, robust, and fast network infrastructure. SPAM indeed a trade-off for every provider.

    Actually speaking,
    I would rather go with LINODE by paying 10USD/Month,
    twice price of VULTR plan, but with more freedom.
  • There are a number of ways they could have handled not having spam sent from their network.

    First.. they MUST make it more visible that they do this. Last night I looked over their terms of service, spam policy and use policy. If they have a mention somewhere about blocking SMTP then it is not obvious.

    Second.. they could at a minimum allow to connect to services like Sendgrid, Jangosmtp.. so they basically still make it strict.. but at least people have an option other than sending personal information to them.

    The sad part is that this policy likely won't do a thing to prevent anything..
    If someone is going to send spam.. they likely can easily use forged documents. it is not like vultr is going to validate the veracity of these documents.

    If someone get's their machine compromised and thousands of spams go out.. the damage will be done.. and all the inconvenience they make most users go through will be for nothing as their IPs/IP block will still get marked as spamming.
  • edited July 2014
    The initial SMTP port block mentioned in the FAQ you read Once it is lifted, it is lifted for your entire account.

    @francisco1844 Read the rest Anti-spam policy. Damages only apply if you are liable. The point of damages isn't to make it a slap on the wrist, but to actually entice you to use services ethically.

    Specifically note:

    "If customers server was compromised (hacked) and then subsequently used for spamming this clause will not apply."

    They are actually pretty flexible in getting it unblocked for you from comments I have seen from other users. Have you actually tried requesting it be unblocked? It took a few minutes for me to get a response & opened by support and I didn't need to provide CC, license, or passport in my case.

    PS. DaveA mentioned in a different post that documents are deleted immediately after the verification process.
  • >> The initial SMTP port block mentioned in the FAQ
    >> you read Once it is lifted,
    >> it is lifted for your entire account.

    It really needs to be in the terms of use or anti-spam policy document.. even those people don't usually read.. but to have it in the FAQ.. only.. means a lot of people won't see it.

    Honestly, something like that should be boldly displayed at registration..

    Even if one didn't use a machine as a mail server even alarms and maintenance scripts expect to be able to mail out.
  • Thinking of moving over from DO. This is one of the things that concern me. I really do not want to send personal info in any way shape or form. (Other than the normal info needed to use CC with service on secure website.)

    I am running a small personal email server and 512 is just pushing it as far as memory goes. Dovcote postfix mysql nginx amavisd-new horde-webmail type setup. Can get slightly larger server for same price or $3 cheaper for 1 gig memory.

  • @nightshade - We'll remove the SMTP block for you, and anyone else whom is a real customer and not a spammer. We are very careful to provide clean IP space for all customers, and try to keep the spammers away.

    We are currently evaluating our policies and will work to make this as painless as possible while not requiring too much information from our customers.

  • edited August 2014
    Dave, I'll too be applying to have the smtp block removed when I get around to it.

    I'm making no comment either way on the amount of ID/proof required (I realise I'm in the minority by not being too concerned in publishing what I consider a public document anyway)

    However I *am* glad it's something you take seriously - a legitimate mail server with an IP address in a range with a spammer reputation is next to useless, and it's a lot harder for dirty addresses to be 'cleaned' than get dirty in the first place, and no doubt scummy spammers would use VULTRs quick instance setup to their advantage if able to

  • @jamie - Not everyone understands that by us doing a little due diligence and taking 5 minutes of their time will save hours of head scratching as to why emails are not going through due to a few people who will abuse it if allowed to.
  • When I first made my vultr account months ago, I went on and contacted support about unblocking smtp and it only took ~10min and it was done. I can understand why Vultr is doing this. Most people would simply abuse email and send out spam, junk, and whatever else that is against the law as well as the ToS. Thats why I been using vultr as well. Things are taken seriously.
  • edited August 2014
    @Dave Exactly!

    Also, I'm sure that if VULTR had problems here with email due to being on spam-blacklists, those that would most vocally blame you would be these same people that seem to think VULTR has a side business selling scans of peoples passports and other id's :-)

    Still, I blame the banking industry. Here in Europe at least, they seem to have managed to pull off a great PR coup, rebranding 'fraud' (their problem) as 'identity theft' (our problem)
  • My VPS host on vultr AU, My app send email VIA Gmail port 587 and works fine for me.
  • @mulder yep, submission (port 587) is fine, it's delivery (port 25) that is the issue!
  • IMHO the smtp block is a good thing. Blacklisting is a serious problem and several of the more important blacklists block entire IP ranges when spam is detected. One bad user can ruin things for everyone.

    On a side note: if you're serious about e-mail delivery its best to outsource to a professional SMTP service. Their higher reputation score improves deliverability and you won't suffer if/when someone on Vultr does end up spamming. Some of these services also provide integrated user feedback. (E.g. when a Yahoo user hits the spam button on your e-mail you get notified.)
  • The SMTP port was unlocked on my account after I properly confirm my identity.
    To be honest, I think the initial blocking of port 25 is a good thing.
    I just think the verification procedure should be better documented some how.
    The whole thing is a little confusing...
    But what matters is that's working.
  • edited September 2014
    maybe good idea to add a note on deployment page, have a check box that says

    'I understand that SMTP port is blocked by default and requires identity verification to unblock, I will contact Vultr support if I require SMTP port unblocked'

    and not let deployment continue until the box is checked
  • I get around this by using Amazon SES - no need for port 25 that way and I don't get the added headache of having to manage another MTA.
  • I have ecommerce site that needs email if someone order. That us from phpmail. Do I need port 25 unblock? That is i am concern to step up to vultr . And wordpress get hacked and if some hacker sending email through server will you tell me before you just delete it?
Sign In or Register to comment.