As Reddit recently learned it’s not a great idea to use the Amazon EC2 cloud to host mailservers. There are a number of reasons for this, most of them related to the reputation of mail coming from EC2 servers.
When you’re using machines in the cloud, changing IP addresses is as simple as initializing a new server. Spammers discovered this almost as soon as the EC2 cloud became public. They would set up a mailserver and send spam through that server until it was blocked. Then they’d just start another instance to avoid the block and keep spamming. They had an almost unlimited number of IP addresses to abuse and moving around was easy to do. Amazon did little to stop the spam coming from the cloud so many ISPs and spam filtering companies blocked email from the entire range of IP addresses allocated to the EC2 cloud.
Blocking large swathes of network space that are consistent sources of abuse is well accepted as a method of dealing with spam. Yes, this form of blocking has inconvenienced legitimate companies who aren’t actually doing anything wrong. But when a service provider doesn’t take sufficient action to stop customers from spamming through their networks, then ISPs will implement countermeasures.
Reputation and "the cloud"
R
RSS - Posts
Some one on Reddits post commented that this also affects where the images are hosted within the email too.
So if the email originated from outside the cloud but the referenced images are in the cloud it can also trigger filtering systems.
So you have any feedback on this?
Doesn’t this show an absolute shocking disregard for what is considered standard network policy these days (ie do not allow spam to be sent from your network, shut it down when identified and change policies as necessary to mitigate future outbreaks)?
Am I the only one completely stunned by Amazon’s gross negligence?
This reminds me of some recent discussion of SalesForce’s recent acquisition of a Rokso spammer and their lack of a responsive abuse desk.
Is there some newly found corporate disregard for SPAM?
Robin, that’s not specific to images: image links in HTML email are subject to URL reputation systems, same as any other link. It wouldn’t surprise me at all if links to cloud service domains would develop a poor reputation.
Justin, the only thing new here is the term “cloud.” There’ve been hosting companies which try to ignore their outbound traffic since before spam was a problem.