Well I thought I would share a recent (well last 6 months or so) experience I have had with a long time client.
The Client:
They are an adverture travel agency and they generate a lot of business from their website. Where as their operation is fairly lucrative small business with 5 FT employees, they grew from a traditional print ad based business to web site driven business. They did all of this with out a lot techinical expertise and mainly relied on consultants such as myslef.
The Host:
They use a common hosting service that is reliable and inexpensive. The service is your typical LAMPP stack. They load up hundrends of websites on a single IP address.
The Problem:
COMCAST & ATT-VERIZON have been putting blocks on their email accounts with some regularity over the last six months.
The Investigation:
When it first happened I contacted the host who got the block lifted in a few hours. At the same time I checked the logs found nothing suspicious. I verified their contact pages were pretected from email injection. I went ahead and changed all the passwords for the control panel and email accounts. I also checked the clients PCs for trojans etc. At that point I figured it was just glich and the problem was solved.
2 weeks later...
It happens again. I run through the same investigation as before... presuming I missed something. The host service was equally helpfull getting the block lifted.
2 days later...
It happens again. Now the client is angry, I'm frustrated, the host gets the ban lifted.
Rinse wash and repeat...
For next six months or so this reoccurs at irregular intervals and the host service gets the block removed. Still all parties are frustrated.
Current Resolution:
The client's frustration builds. I'm concerned that I'll get replaced by this long time client. The best way I know to stop the problem is to get the off a shared IP address. This naturally is significantly more expensive then a shared address. They want to change host services, but the host has been mostly cooperative and changing services will not really solve the problem. Although I believe the host could be better at policeing their servers.
Ultimately (and this took a lot of phone calls to the host service) the host put a fraud alert on the server. With this alert in place the host monitors the server more deeply and suspends accounts that have large volumes of email. Since the alert was placed on the server the incident rate has slowed way down.
My Beef:
I would think its in the host service interest to perform this level scrutiny on all servers all the time. It would seem to me that COMCAST and ATT should be able to share some data about the spam and help the host service (and me!) determine the offender's domain rather easily. However neither my COMCAST nor ATT-Verizon seem even remotley interested in doing so. Neither would not show me the offending email(s). Infact neither were particularly responsive by telephone, website or email. I'm all for arresting SPAM but none of these groups give a webmaster enough information to do anything about it.
Rant complete.
The Client:
They are an adverture travel agency and they generate a lot of business from their website. Where as their operation is fairly lucrative small business with 5 FT employees, they grew from a traditional print ad based business to web site driven business. They did all of this with out a lot techinical expertise and mainly relied on consultants such as myslef.
The Host:
They use a common hosting service that is reliable and inexpensive. The service is your typical LAMPP stack. They load up hundrends of websites on a single IP address.
The Problem:
COMCAST & ATT-VERIZON have been putting blocks on their email accounts with some regularity over the last six months.
The Investigation:
When it first happened I contacted the host who got the block lifted in a few hours. At the same time I checked the logs found nothing suspicious. I verified their contact pages were pretected from email injection. I went ahead and changed all the passwords for the control panel and email accounts. I also checked the clients PCs for trojans etc. At that point I figured it was just glich and the problem was solved.
2 weeks later...
It happens again. I run through the same investigation as before... presuming I missed something. The host service was equally helpfull getting the block lifted.
2 days later...
It happens again. Now the client is angry, I'm frustrated, the host gets the ban lifted.
Rinse wash and repeat...
For next six months or so this reoccurs at irregular intervals and the host service gets the block removed. Still all parties are frustrated.
Current Resolution:
The client's frustration builds. I'm concerned that I'll get replaced by this long time client. The best way I know to stop the problem is to get the off a shared IP address. This naturally is significantly more expensive then a shared address. They want to change host services, but the host has been mostly cooperative and changing services will not really solve the problem. Although I believe the host could be better at policeing their servers.
Ultimately (and this took a lot of phone calls to the host service) the host put a fraud alert on the server. With this alert in place the host monitors the server more deeply and suspends accounts that have large volumes of email. Since the alert was placed on the server the incident rate has slowed way down.
My Beef:
I would think its in the host service interest to perform this level scrutiny on all servers all the time. It would seem to me that COMCAST and ATT should be able to share some data about the spam and help the host service (and me!) determine the offender's domain rather easily. However neither my COMCAST nor ATT-Verizon seem even remotley interested in doing so. Neither would not show me the offending email(s). Infact neither were particularly responsive by telephone, website or email. I'm all for arresting SPAM but none of these groups give a webmaster enough information to do anything about it.
Rant complete.
