How web hosting providers can battle fraudulent sign-ups

Posted: Tuesday, October 02, 2012
Posted byksimpson.

Man with hat

Back in February 2012, we blogged about the fraudulent sign-up problem at IaaS providers. Today, Spamhaus posted a lengthy, extremely helpful guide for IaaS providers (they call them hosting providers) discussing how they can best avoid taking on new customers who will abuse their services.

Fraudulent sign-ups are a major problem for web hosting providers – particularly for providers offering Virtual Private Servers (VPS’s) and other flexible hosting options. Spammers take advantage of these services to set up spamming operations and trade on the good name and IP reputation of the provider.

Spamhaus recommends several steps that hosting companies can take to prevent fraudulent sign-ups. I’ll summarize their recommendations, and add some of my own:

  • Verify User Information – Confirm the user’s identity via SMS, a callback, or some other “out of band” method. This helps to filter out some of the automated methods spammers use to create large numbers of accounts with fictitious identities.
  • Blacklist Abusive Customers – When customers mis-behave, add their details to a blacklist. Consult this blacklist whenever someone tries to sign up for a new account, and prevent the same blacklisted person from signing up again.
  • Have a Strong Acceptable Use Policy (AUP) – Make sure you have the legal backing to terminate bad customers by having a strong AUP. Spamhaus even offers a point-and-click “AUP generator
  • Monitor Traffic – Actively monitor traffic entering and leaving your network. Sign up for “feedback loops” (Wikipedia reference) to get notifications when email recipients complain about your customers’ email traffic. Implement an outbound email filter.
  • Verify Customer IP Addresses – When a new user signs up, check whether their IP address is registered on a blacklist. Don’t permit sign-ups that come via the Tor network.
  • Have a Responsive Abuse Desk – Fraudsters look for hosting services with lax abuse policies and enforcement. Don’t be one of those companies. Have a well funded abuse desk, with good response times, and fraudsters will put the word out that your service is a bad place to steal business.

6 Responses to “How web hosting providers can battle fraudulent sign-ups”

  1. November 20, 2012 at 2:05 am, AnilkumarT said:

    Nice Post.. Good Keep Going

  2. November 20, 2012 at 10:56 am, Payday loan in Colorado said:

    This post is so well written and it’s easy to see you know what you’re talking about.

  3. December 22, 2012 at 2:17 pm, sitedevers said:

    We battle fraud the old fassion way; if we catch you, your IP, email, name, and domain gets blocked.
 for more information on our hosting.

  4. February 26, 2013 at 4:02 am, formation said:

    Thanks a lot for enjoying this beauty article with me. I am  appreciating it very much! Looking forward to another great article. Good luck to the author! all the best!

  5. March 26, 2013 at 2:50 am, usamen24 said:

    When clients mis-behave, add their information to a blacklist. Seek advice from this blacklist whenever someone tries to subscribe for a new consideration, and avoid the same penalized individual from deciding upon up again.

  6. May 16, 2013 at 12:23 am, Ian @ projects2crowdfund said:

    I think sms confirmation will help control fraudulent sign ups. Though I do not see it arresting such cases but at least minimize it. Such sign up is dangerous for platforms involve in making money such as fundrasing and a lot others.

Leave a Reply