Re: Spamhaus flags any IP announced by our ASN as a criminal network

[August Yang via NANOG <nanog () nanog org>]

Several Huize ASNs, e.g. AS47158 and AS141011, were revoked due to RIR 
policy violations, which include prohibited sharing of ASNs with third 
parties, IP hijacking, and malicious path prepending.

Given this history, it is not surprising that Spamhaus would blacklist 
IP addresses associated with their ASN. In my opinion, such action is 
well-justified.

Best regards,
August Yang

On 2023-03-20 15:32, Collider wrote:
> Why do two different companies with what should be independent
> networks share an AS number?
>
> On 20 March 2023 18:20:08 UTC, Aaron Wendel
> <aaron () wholesaleinternet net> wrote:
>
> > The solution to your problem is to terminate the customer causing
> > the abuse, in this case 62yun.com.  Once you do that I'm sure
> > Spamhaus will stop listing all your IPs.
> >
> > Aaron
> >
> > On 3/20/2023 6:54 AM, Brandon Zhi wrote:
> >
> > It seems you've reached the point that they ignore specific
> > prefixes and set every prefix you are advertising as criminal.
> >
> > *
> > *
> > Our sponsor (LIR) 62yun.com <http://62yun.com>, they have 2 prefixes
> > for VPS/Dedicated Server using our ASN.*
> > *
> > 62yun did receive a lot of complaints, but as far as I know they
> > have been handling them (their head said their team is not good at
> > English and so they did not reply emails)
> > For me, I cannot reply to all emails for them, since I don't have
> > that much time. I also need to work for my company.
> >
> > As I understand it, most things at Spamhaus are manual
> > determinations.
> > You click on "show details" and they give you a list of timestamped
> > report IDs, each with a 1-line description of the reviewer's
> > assessment of the fault.
> >
> > I checked https://check.spamhaus.org/listed/?searchterm=46.23.100.0
> > and the reason they gave us was simple, saying our not willing to
> > handle abuse. but we stressed with them many times that we are 2
> > different companies. We also do not have the authority to handle
> > these complaints, but we will alert 62yun.com <http://62yun.com>.
> >
> > But they still intend to blacklist all the prefixes under our ORG
> > ID, even if the user is not us.
> >
> > Based on my past experiences, Spamhaus is rather gracious at
> > first, but if you ignore them, they will start blocking you en
> > masse. About 10 years ago, I worked for a datacenter/NSP and
> > personally handled all Spamhaus complaints, and as soon as I left
> > to go to another company (and the company stopped taking care of
> > the complaints), Spamhaus blocked every single one of their IPs
> > until they committed to actually handling the complaints again.
> >
> > This has little impact on 62yun.com <http://62yun.com>'s VPS
> > business, and my feeling is that if someone uses their VPS to build
> > a mail server those emails that are sent from this server may be
> > rejected.
> >
> > However, we are recently building a CDN for one of our partners (a
> > social media company), and we need to use a provider like vultr,
> > which is not really an IP Transit provider, to announce prefixes,
> > however, they reject prefixes on the Spamhaus list.
> >
> > I don't think any ISP would reject an IP that is on the Spamhaus
> > list.
> >
> > *Brandon Zhi*
> > HUIZE LTD
> >
> > www.huize.asia <https://huize.asia/>| www.ixp.su
> > <https://www.ixp.su/> | Twitter
> >
> > This e-mail and any attachments or any reproduction of this e-mail
> > in whatever manner are confidential and for the use of the
> > addressee(s) only. HUIZE LTD can’t take any liability and
> > guarantee of the text of the email message and virus.
> >
> > On Mon, 20 Mar 2023 at 02:29, Tim Burke <tim () mid net> wrote:
> >
> > Have you received complaints from Spamhaus in the past? If so,
> > have you acted on them in a timely manner?
> >
> > Based on my past experiences, Spamhaus is rather gracious at
> > first, but if you ignore them, they will start blocking you en
> > masse. About 10 years ago, I worked for a datacenter/NSP and
> > personally handled all Spamhaus complaints, and as soon as I left
> > to go to another company (and the company stopped taking care of
> > the complaints), Spamhaus blocked every single one of their IPs
> > until they committed to actually handling the complaints again.
> >
> > V/r
> > Tim
> >
> > On Mar 18, 2023, at 8:57 AM, Brandon Zhi <Brandon () huize asia>
> > wrote:
> >
> > Hello guy,
> >
> > We recently discovered that any IP address announced by our ASN
> > is blacklisted by Spamhaus, even if we only announced it but not
> > use it.
> >
> > I would like to ask if this is manually set by Spamhaus or is the
> > system misjudgment? Has anyone encountered the same situation as us?
> >
> > Best,
> >
> > *Brandon Zhi*
> > HUIZE LTD
> >
> > www.huize.asia <https://huize.asia/>| www.ixp.su
> > <https://www.ixp.su/> | Twitter
> >
> > This e-mail and any attachments or any reproduction of this
> > e-mail in whatever manner are confidential and for the use of the
> > addressee(s) only. HUIZE LTD can’t take any liability and
> > guarantee of the text of the email message and virus.
>
> --
> Sent from my Android device with K-9 Mail. Please excuse my brevity.