Hi, This was to be expected, but I hoped for some more months. No money was lost. It is getting hard to find cheap 100TB offers. If you have suggestions, let me know. Bandwidth history: https://www.torservers.net/status/fdc1_vnstat_d.png https://www.torservers.net/status/fdc1_vnstat_m.png >31.03.2011 19:20: Four tickets about spam received from synacor.com >31.03.2011 19:30: Sent default reply for webmail spam >31.03.2011 19:52: "Based on the feedback, I've lifted the rbl restriction on 50.7.240.28. I haven’t seen a lot of abusive traffic from this IP, so I think we're good. As an extra hand of support, you may want to check the IP's reputation at http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a50.7.240.28 - it doesn’t look too good to me, and your traffic may be slown down somewhere else as well. Regards, Synacor Postmaster" >01.04.2011 02:36: Network Security Administrator FDC: "Your explanation is not acceptable. According to the report's sender log, your IP has been involved to spam e-mails so requesting each ISP to provide you IPs to block them is not the appropriate action. Additionally, multiple IPs have been blacklisted to at least 1 spam list (CBL), violating our AUP, and your IPs have poor reputation at senderbase.org. Related URLs: http://cbl.abuseat.org/lookup.cgi?ip=50.7.240.27 http://cbl.abuseat.org/lookup.cgi?ip=50.7.240.28 (blacklisted twice) http://cbl.abuseat.org/lookup.cgi?ip=50.7.240.29 http://www.senderbase.org/senderbase_queries/detailip?search_string=50.7.240.28 We are looking forward of your response and actions in the next 24 hours to avoid service suspension. If spam listings persist, service will be terminated. >01.04.2011 02:45: As you know we already block SMTP and other spam related ports. Very few spammers use Tor, and find misconfigured webmail servers. As you can see from the report, we are not the originator of mail spam as we don't allow SMTP connections nor such mails are generated on our servers, the spam merely passes our server as part of an ordinary HTTP request. What I can do is block webmailer addresses, but of course only after the incident has been reported. What actions do you suggest we should take? >01.04.2011 03:17: You're free to take any measures you judge, in order to avoid your server being abused. You should make sure that your IPs won't get blacklisted to any spam lists and abuse reports will be dealt in a timely manner. The current blacklists in CBL and senderbase, which both are used a lot world-wide, are violating our AUP and they should be resolved ASAP. >01.04.2011 12:28: Like I said, I have no idea what action to take to stop this from happening. Don't you see the problem here? Our servers are rented exclusively for Tor exit traffic, and even if I blocked ANY outgoing port except port 80, which is crucial for our services, you will see those few, small incidents. Can you please issue a refund of the bill I have just paid for next month and cancel the server? >01.04.2011 16:45: I can see the problem but it's your responsibility to secure your services to avoid spam listings and reports. Would you like me to forward your ticket to billing department for cancellation and refund? We usually do not provide refunds due to abuse issues but since your expiration date is today, I believe it can be done. >01.04.2011 20:23: 50.7.240.26 is now canceled - $299 was refunded back to your card. Please allow 5 business days for the refund to show on your CC. -- Moritz Bartl https://www.torservers.net/