SMTP block is unreasonable

edited November 2014 in Features and Ideas
Hello,

As you probably know VULTR blocks port 25 (default SMTP port) because it'd be possible to send spam then. A copy of your ID and more is needed to unblock the port. And if spam is sent, that would require a $5 dollar fee per spam email sent.

I find this unreasonable because, as far as I'm aware, it's not even legal to ask for such ID. I could be wrong, if so please correct me.

I understand that everybody hates spam, but this level of control VULTR wants about the SMTP port is just too high.

Multiple people have requested to remove this block but VULTR staff just ignores these requests. I chose for reselling VULTR servers because:

- many locations
- high performance
- Windows

However, I might just move to DigitalOcean or a similar service because VULTR has this frustrating SMTP block.

Q: If we'd do so, then the chance spam will be sent is higher! So why remove it then?
A: Correct. But the block is frustrating for 'normal' users and it's a big risk for VULTR. Trust me when I say you have already lost customers because of this. And, even if an ID is verified and the port is unblocked, spam could be sent. So what's the use of only unblocking the port when having the customer upload their ID...?

Also, as I already said, I resell VULTR servers and what if customers send spam? Or when their server(s) is/get hacked? I'd have to pay the $5 per mail, probably. (Again, please correct me if I'm wrong.)

TL;DR: remove the port 25 block!

Comments

  • Looking at your account, you've never even asked for the block to be removed.

    > Multiple people have requested to remove this block but VULTR staff just ignores these requests.

    Can you provide more details here? I'm not aware of any cases where we ignored requests.
  • They are actually pretty flexible in getting it unblocked for you from comments I have seen from other users. Have you actually tried requesting it be unblocked? It took a few minutes for me to get a response & opened by support and I didn't need to provide CC, license, or passport in my case.

    Ideally, you'd have your own policies if you rent to customers and would give them liability for spam activities. I would not advise just renting a server to someone without providing terms because you maintain all liability for them.

    I'm actually glad Vultr provides a clean space for customers. At least here it will be less likely you get stuck wondering why your emails aren't going through.
  • > Looking at your account, you've never even asked for the block to be removed.

    Haha, busted!

    Seriously though - and I don't mean this as an insult - I (and I assume others, probably even Vultr) would prefer someone who has such a cavalier attitude to spam to go elsewhere.

    You expect the port 25 block to not exist at all? I could hold my breath the amount of time it would take to be put on DNSBL - and whilst many are run professionally, many others that are used are run by little facists who would have no hesitation in adding the whole 108.61.0.0/16

    I haven't requested an unblock yet - I do have some queries regarding the terms I will raise when I get around to it, but other than that, as Nicholas says, the clean IP space is well worth a little bit of effort on our parts. You seem to sound as if Vultr have this policy just to annoy us!

  • edited November 2014
    @devicenull @Nicholas @jamie
    I have to agree with you guys here, I'd much prefer a clean IP range VS. free for all spamming.

    Asking for ID is legal actually, there are many large hosts (I'm talking top 10 worldwide hosts now) that ask for ID (usually for orders outside of US or UK, thats just orders, not even removing the SMTP block!)

    If you have a legitimate business or use for a SMTP server, you should have no problem providing Identification. This keeps out spammers and makes sure Vultr thrives on legitimate users and business that can operate, no fuss! :-)
  • I'm not a big fan of blocks, bans or other forms of restrictions - but I can completely understand why Vultr takes this approach. Cheap hosting _will_ attract inexperienced administrators and all kinds of interesting personalities. And an open relay or a hacked Wordpress installation poses a significant risk to a networks integrity. And while I really don't like the business model behind blacklist I still don't want my server's address to be on one because somebody else spammed.

    In addition to that: I opened a ticket, explained what I want to do and what I am working on, and received an answer within an hour, allowing me to send mails directly. So I can't verify your claims of the support ignoring requests. And I can't confirm that they lost customers either - at least not this one. ;)
  • I think I misunderstood how it exactly works, excuse me in that case.

    > Looking at your account, you've never even asked for the block to be removed.

    I indeed never did, so? As I said in the first post I'm reselling VULTR servers and I don't need the SMTP block removed. I just want the best for my customers.

    I said:

    > Multiple people have requested to remove this block but VULTR staff just ignores these requests.

    I understood this from multiple discussions on other forums where the OP can confirm that the block was never removed after opening a ticket, with a completely valid reason.

    > You expect the port 25 block to not exist at all? I could hold my breath the amount of time it would take to be put on DNSBL - and whilst many are run professionally, many others that are used are run by little facists who would have no hesitation in adding the whole 108.61.0.0/16

    Then why doesn't DigitalOcean do such thing? Yeah, they do it now in some cases, but I have never had a block and no IP range was blacklisted (as far as I've experienced, or people I know).

    > I don't mean this as an insult - I (and I assume others, probably even Vultr) would prefer someone who has such a cavalier attitude to spam to go elsewhere.

    Are you saying that I have such attitude? No, I hate spam as much as you do...
  • > I indeed never did, so? As I said in the first post I'm reselling VULTR servers and I don't need the SMTP block removed. I just want the best for my customers.

    I'm somewhat confused here. If you don't want the SMTP block on your account, why not open a ticket asking for it to be removed, rather then suggest we just remove it completely for everyone?

    Our SMTP policy was far stricter up until a couple months ago, so if you're going by old posts they aren't really valid anymore.

    > I understood this from multiple discussions on other forums where the OP can confirm that the block was never removed after opening a ticket, with a completely valid reason.

    I have no way to verify this. However, what you're describing seems to be very different then 'ignoring' the request. Without further details about who these people were, I really can't even begin to guess what the situation was.
  • @jamie

    >You expect the port 25 block to not exist at all? I could hold my breath the amount of >time it would take to be put on DNSBL

    I don't know how long you can hold your breath for, but you might be turning rather blue.

    What mail servers these days default to open relays?
  • edited November 2014
    @wdele :

    (Baaah. I finally found an android browser that is somewhat usable, but now I find it won't let me paste text... sigh... anyone got any recommendations? )

    Why don't DO do such a thing? I don't know, and I'm not familiar with their setup, but if Vultr had such a policy, and I was an Evil Spammer, I would sign up a small test account, familiarise myself with the API, and then one dark stormy night, blast up a bunch of instances constantly sending spam.. maybe to avoid detection, i'd create multiple accounts for the purpose, buying pre-paid anonymous Visa cards for the purpose.. For only a few dollars I'd be able to send thousands of spams before getting shutdown.

    And, I didn't mean you approved of spam, just that you seem to not care too much about preventing it.

    @ac000 ok, maybe I'm now blue and very dead! :-) , but as I mentioned above just now, I was thinking of spammers coming here, not about them exploiting weaknesses. However, @dotnot makes a good point about wordpress vulnerabilities etc.

  • @devicenull

    Are you saying that the removal of the SMTP block is account-wide, rather than server-wide?
  • It is account-based, not per VM.
  • @Nicholas

    Oh, in that case I don't have any problems with the block. Thanks!
  • @BensDaMan
    ...This keeps out spammers
    It stops dumb spammers from making use of poorly configured mail servers as open relays. (no shoot foot)[1]. Which is a very "good thing®"


    @others

    Compared to the time it takes to properly configure a mail server, the requirement to request port 25 be opened is hardly onerous.

    As for the identification requirement... seriously?! If anyone has problems with that they should be hosting their own server. Though I'd welcome ideas on why I may be wrong.


    Kind regards



    [1] It won't stop stupid spammers from renting a VPS to host a spamming email server and requesting port unblocking. Note for example that what is legal in the U.S. is not legal in Australia (opt-out instead of opt-in).

    For obvious reasons I won't expand on why a smart spammer (oxymoronic?) doesn't need a VPS or an open relay - beyond wishing all mail admins would use authentication (to stop open relays), and deploy and employ SPF/DKIM/DMARC to help stop all spammers and identity fraud.

  • I want to be sure: so the unblock is per account, not per server? If so, I have no problems with the SMTP block and it's quite a good thing VULTR does this. This thread was more from a reseller's point of view.
  • I believe we've also discussed this in older posts that in +/- 18 years of being in this business we've never levied a monetary penalty against anyone for breaking our spam policy. That language is in there for the most egregious circumstances our legal could imagine and luckily we haven't yet had a situation with such a nefarious user.
  • edited November 2014
    @DaveA ok, that makes sense, covering all bases etc. - However, the spam policy doumentation does look scary in its current form!!
  • @jamie
    Not SPF! SPF is broken!
    How so? Can you give an example or citation please?

    I've not had any problems with it.

    Kind regards
  • edited November 2014
    (Deleted)
  • Even if it's a bit of thread-hijacking: The reason SPF is broken, mind you that this is my personal opinion not the ultimative truth, is because there are only two ways to configure it:

    * Lazy, relaxed - basically useless.
    * Strict - works as intended but comes with a lot of the penalties @jamie linked
  • @jamie

    I won't patronise you by sugar-coating my opinion. (surely we're all old enough to hold the opinion we deserve?).

    From your referenced post:-
    If the recipient of an email uses aforwarding(sic) address, they may no longer get the email you send.
    While that may seem like a problem to you, with the greatest respect - I see it as a benefit. The only legitimate reason I can think of for forwarding addresses is a temporary measure for changed email addresses. ">IMNSHO the BP for changing email addresses is to do all of the following, in no particular order:-
    • set up email forwarding if you can't setup aliasing.
    • set up auto-respond with your new email address in the body of the response and add the new address to the Replyto: field.
    • contact everyone in your contact book, and, who you've received email from (that you wish to hear from again) advising them of the new address.
    I take SPAM and identity fraud seriously - not the least because it chews up resources.

    Much is wrong with the intertubes, and much is possible to improve it - the core things are (IMO):-
    1. DNSSEC to prove domain
    2. SSL and TLS to secure transmission
    3. SPF, DKIM, and DMARC to prove sender
    4. PGP/GPG to prove authorship and message integrity
    You don't mention mailing lists - many of which are the strongest apologists (enablers) for not using SPF. So I won't go into reasons why their stance is wrong (lazy and recalcitrant?).

    @donot
    Lazy, relaxed - basically useless.
    Out of context perhaps. In context it's an interim step that doesn't penalise those that are slow to adapt necessary measure to combat SPAM and identity fraud. It's still very useful for filtering.
    Strict - works as intended but comes with a lot of the penalties
    Penalties for late developers, those that 'lower the standard', SPAMMERs, and identity thieves. Not a penalty for BP mail server admins.

    I don't believe you're hijacking the thread.


    Kind regards
  • DNSSEC to prove domain
    SSL and TLS to secure transmission
    SPF, DKIM, and DMARC to prove sender
    PGP/GPG to prove authorship and message integrity
    I agree on DNSSEC, SSL/TLS as well as PGP/GPG. I brought up my concerns on SPF. DKIM-implementations need some serious work on their canonicalization-stuff for being MIME-aware before I can even remotely thinking of implementing it in production. But hey, luckily there are much smarter folks out there than me.
    Penalties for late developers, those that 'lower the standard', SPAMMERs, and identity thieves. Not a penalty for BP mail server admins.
    I'd love to go along with you here, being called an 'administrator'. But sadly I am not the one in charge of the systems I have to work with. So if things, like the exampled forwarding, don't work I have to fix it as soon as possible or legitimately explain why that's the case. 'To combat spam!' sadly never really counts. I did play with Sender Rewriting Schemes a little bit, but there is complex logic involved and I don't think I'm mature enough, as an administrator, to properly configure this. So I had to, more or less, abandon SPF.

    It doesn't always matter, in a corporate environment, what I'm viewing as best practice or what's generally viewed as best practise but rather what management says. No matter how wrong it may be.

  • Please, on-topic.
  • One option would be to leave the Vultr SMTP block in place, and use an outside service to send email...but using SMTPS (port 465, which isn't blocked).

    You can then configure your MTA (sendmail, qmail, postfix) to use the outside service for outgoing email. You can use google to find instructions by adding "smtps smarthost" to your MTA name. For example, search "postfix smtps smarthost" and you'll find some instructions on how to do it. You'll also need to modify your SPF records as needed.

    Mandrill.com has a free plan (including SMTPS relaying) for up to 12k outgoing emails a month. There's also Zoho mail, and a few other either cheap, or free options.
  • This thread is a gold mine for me,as I have enabled Spoof and DKIM on my little Cpanel server for my 7 websites...and I get like 150 attacks from China,Ukraine,Russia and US/Microsoft zombie computers every day

    Hulk is sending me 145 emails today about new adresses blacklisted after they had their 5 attempts

    I think that the best method for Vultr.com to solve this is to enable all security measures on their servers as described earlier and unblock the port 25

    the usual complains are:I dont know how to do it,I dont trust it,I never worked with it,I dont want to learn,I dont want to abandon Mysql 5 in favour of Maria Db 10.1 and so on...and I am lazy:)

    so IBM has sendgrid at Softlayer,it works...barely for 25000 emails/month is free but the bare metal servers are just VPSes sold for 17300 dollars per month?:)))
    of course it is unrealistic...they have one huge supercomputer at Dallas,not thousands of servers on shelves..they are not Speedy Gonzales

    I tested my setup there with the command
    ab -n 1200000 -c 100 https://www.democratie-virtuala.com/
    and I got 86-99 cores load on my 24 core server....if it was real and not Vmware...could have not done it
  • edited July 2017
    i am so angry i'm considering switching.i literally spent all day trying to send an email to my gmail thinking i was going crazy and then i found this post. i think it's bs how the do this. there should be some type of notification before you sign up or something.
  • edited July 2017
    Knee-jerk stroppy reactions will earn you no favours.

    Why are you angry? Because the rest of us aren't suffering bad IP reputation and spam filters?

    Surely you read the terms and conditions of the service in the FAQ before signing up? https://www.vultr.com/faq/#outboundsmtp
    Do you allow outbound SMTP?

    In some instances, outbound traffic to the SMTP port may be blocked for new accounts. If you encounter this restriction, contact our support team from the customer portal.
    And please don't exaggerate - you wouldn't be signing up for an unmanaged service in the first place if it took you anything longer that 10 minutes to determine that the outgoing port 25 was being blocked.

    So again, why are you angry? As you no doubt did everything correctly, so there can be no blame on you, you just spent 10 minutes of your time realising you'd forgotten about the smtp block, which the nice kind vultr folk will remove when they can be sure you're not a spammer.

    If anything, you should be happy that whilst you wasted 10 minutes due to your own forgetfulness, you realise that you're likely to save far more time than that in the future from the much reduced chance of having to deal with your IP ending up on a spam-blocklist in error.
This discussion has been closed.