Suspended + termination triggered due to hostname mismatch, industry standard?
Hi all,
Looking for feedback from the community on a situation we just experienced with a provider.
We’ve had a dedicated server with them for ~2 years and have been a customer since 2021 (spending several thousand EUR/month across services).
Server history:
- No abuse reports
- No spam history
- No incidents
Today, the server was:
- Suspended
- Marked for cancellation/termination
- No prior notice given
Reason provided:
Spamhaus CSS listing
After investigating, the root cause was:
A temporary DNS inconsistency involving:
- HELO hostname
- PTR (rDNS)
- Forward-confirmed reverse DNS (FCrDNS)
At the time:
- Hostname did not resolve properly (domain issue)
- PTR pointed to that hostname
- Result → FCrDNS mismatch
- IP listed on Spamhaus CSS (Apr 27)
Spamhaus reason:
HELO/EHLO & DNS checks (hostname / rDNS mismatch)
Important context:
- The server does NOT send direct outbound email
- Outbound mail is relayed via MailBaby (relay.mailbaby.net)
- No spam activity occurred at any time
Current status (fully verified):
✔ Hostname: resolving correctly
✔ A record: resolves to IP
✔ PTR: matches hostname
✔ FCrDNS: valid
✔ SMTP banner: correct
✔ Exim config: correct
✔ Outbound mail: relayed (no direct sending)
✔ Spamhaus: NOT LISTED anymore
Provider stance:
They referenced their AUP clause:
“Any activity that may lead to IP blacklisting”
They classified this as a violation and:
- Suspended immediately
- Initiated termination
- Refused escalation multiple times
- Stated reactivation was “not negotiable” (later reactivated as an “exception”)
No logs, abuse reports, or spam evidence were ever provided.
Example replies:
"You violated the rules of using our services, the server remains suspended, reactivation is not negotiable."
"If any of our Terms of Service are violated, the service is suspended without prior notice and without the possibility of reactivation… Please do not waste time opening tickets…"
Key questions for the community:
- Is a temporary DNS / FCrDNS mismatch typically treated as an abuse violation?
- Is immediate suspension + termination (no warning) standard for this scenario?
- Do most providers differentiate between:
- Misconfiguration
- Actual abuse (spam, malware, etc.)
- How would your provider normally handle this?
From our understanding:
Spamhaus CSS can list:
- Misconfigured systems
- Not only confirmed spam sources
So a listing alone ≠ confirmed abuse.
We’re not disputing that DNS should be correct, it is now fully fixed.
The concern is the handling:
- No warning
- No remediation window
- Immediate enforcement as “violation”
- Refusal to escalate to management or abuse team
Would appreciate insight from providers and sysadmins here.
Is this normal handling, or an overreaction?
Thanks
Comments
Completely, totally and utterly ridiculous if this was the first offence and you have been a customer for 2 years and not 1 abuse report has been filed against your services.
But.... sorry, we so often hear stores like this and then find out details were left out, like, the host has terms that forbid email activity of ANY kind and you were sending email even if via a 3rd party that triggered an alert from spamhaus due to your own misconfiguration and now they know you have been violating their terms for 2 years and ultimatley did land their IP on a spamhaus blacklist.
So we can't really judge until we know who it was and see a copy of the ticket/correspondence.
On the surface, it seems like a complete overreaction from a host.
Tin foil hat: you have a great deal, prices of everything have gone crazy, they were handed an excuse to remove you.
TierHive - Hourly VPS - NAT Native - /24 per customer - DE, UK, SG, CA, USA x3, FR, AU, PL, NL
FREE tokens on sign up, try before you buy. | Join us on Reddit
I’d be happy to share the full ticket and name the provider for full transparency, but we currently operate multiple servers with them and have few thousands euro of ongoing services.
Given how this particular ticket was handled, we prefer not to escalate things publicly in a way that could risk disruption to our infrastructure.
This server host a brand of Nootropics on WooCommerce fully updated and managed, using mailbaby for transactional email as provider IP reputation isn't good enough to be used for mail service for us.
Here the redacted full ticket:
https://pastes.io/04FrDJu0
It is not a common practice with most reputable hosting providers. Name and shame the provider, your thread is pointless without it.
Looking at the ticket, I think most damage has already been done. You have threatened the provider with threads on green forums and WHT, which you did, but without the provider name for whatever reason.
Well, to be honest, it sounds like you are paying a reseller, and also, the brutal truth is, if you remain with them after this, you only have yourself to blame when it blows up in your face.
You have had your warning. I hope you have a great DR plan.
I am not aware of any spamhous list that actively lists IP's that are not configured for email not being correctly configured for email, but I don't spend a lot of time researching this sort of stuff.
Good luck for the future, they almost certainly don't care about this, as you are not prepared to name them, and the fact that you already threatened this with this probably landed you on fraudrecord, and has done enough damage that they will look for any reason to remove you asap now.
Again, we only have 1 side of this, and only ever will have 1 side, so the impact is minimal, we have seen these things do a 180 with a single post so often.
TierHive - Hourly VPS - NAT Native - /24 per customer - DE, UK, SG, CA, USA x3, FR, AU, PL, NL
FREE tokens on sign up, try before you buy. | Join us on Reddit
also given your last post:
I suspect there is almost certainly another side to this, and the narrative is being manipulated.
TierHive - Hourly VPS - NAT Native - /24 per customer - DE, UK, SG, CA, USA x3, FR, AU, PL, NL
FREE tokens on sign up, try before you buy. | Join us on Reddit
You are probably right only reason we are being careful here is because we still have a few thousand euros worth of ongoing services with them. If they react badly , we would be facing a massive migration and a significant amount of operational work to move everything away safely. We need to plan ahead make sure everything is backup. It's 10+ dedicated machine and 3,xxx$/m
They do advertise here. Once everything is safely moved away, I will share the name of the datacenter.
From what I understand, if you're sending emails, ensure you understand where you're sending emails and make sure you've set your email outgoing server correctly. This includes setting up DKIM, SPF and everything else Google needs to verify the email was sent from your server. Moreover if you're sending more emails then normal, use a mail relay server. Otherwise if your host receives complains and get their IP banned, they have all the reason they need to ban your...
I can't remember the last time anyone took Spamhaus seriously. That said, this is sus.
It's only a few paragraphs of text. Try reading them next time.
"It's a hard life- to be a stick insect." - Karl Pilkington
I mean you've already gone full "I'm gonna give you a bad review everywhere" in those tickets, so you're probably at best on borrowed time.
Whatever the whole story, you've burned that relationship and I'd be very nervous of taking your time migrating.
I want to be clear. I did not leave any bad reviews anywhere, and I did not publicly name the provider.
From my side, the issue seems to be more about how one employee handled the situation and ignore my request to have the ticket escalate to manager. I only asked whether this kind of reaction was normal, because it felt like a very strong response to a minor issue that could have been fixed quickly with common sense.
We did not want to start a public fight. We are trying to understand what happened, protect our customers, protect our business, and plan a clean migration if that becomes the safest option.
We do appreciate the network and the services they provide. That is why we would have preferred a normal technical discussion instead of an immediate escalation. We are both real companies with contracts and obligations.
This suggests that you know that they know who you are and probably read this, so its a passive aggressive threat, like you could name and shame at any time.
That's how I see it anyway.
Is what it is, if your not going to involve them then going public with no details is helping nothing unless you feel like a "manager" is going to stumble on this, read all that, see your name, know the situation and react, in which case it would have to be a pretty small operation and they are probably just laughing about it on slack.
idk, seems very odd to be honest that you would put this much effort in to it instead of just moving on, they must be providing something that's not as easy to get elsewhere, or you would have been gone immediately, so maybe don't burn bridges, sometimes people are just wrong. and sometimes its ok.
TierHive - Hourly VPS - NAT Native - /24 per customer - DE, UK, SG, CA, USA x3, FR, AU, PL, NL
FREE tokens on sign up, try before you buy. | Join us on Reddit
I mean, sounds like a joke to me.
I had one VPS "suspended" like a few weeks ago.
I got accused to running DDoS, they only suspended IPv4 but not IPv6 neither the VPS itself.
I replied to the ticket and it was resolved within like 2 hours.
Free NAT KVM | Free NAT LXC
From your own ticket:
"We will proceed with full public documentation of this case. We will open detailed threads on ..."
The fact that you haven't (yet) named them doesn't really tone down the obvious threat. Once you reach the stage of threatening someone's business, they may not see you as a good long term customer.
Anyone saw my popcorn bowl?
Ok, here is my Provider view on the matter, after reading the ticket provided here.
Section 1.4 [provider acceptable usage policy] (Any activity that may lead to IP blacklisting (SpamHaus, StopForumSpam, SpamCop, Blocklist, anti-virus databases and any other blacklists).)
@btchost - it seems the provider you chose is sensible to these, if they put it in TOS, you should know better.
The "Industry-standard" is like mehh, you really think that Industry-standard in your opinion out-ways their own TOS that you agreed upon on sign up? really? you do think that?????
After they did reactivate the service, most probably because you are with them for 2 yrs as you say, you though you have the upper hand and kept hitting on the nail:
"That said, this situation still requires escalation and review."
They responded you in a pretty normal official way :
And that there was your last warning, nothing more nothing les.
Now from here on you thought you know better, and played the "terrorist" card:
So let me get this straight, you got suspended for TOS violation, the why, how you managed to get there is on you as you are the one that agreed on their TOS and AUP, regardless if you think it is stupid or not.
Rather then to acknowledge the fact you overstepped their rules, you played the " I am gonna publicly mess you up ". nice, while you still have valuable data with them? you are "brave" I will give you credit.
( brave there was sarcasm )
The only ones that will be on your side are the same as you, those that don't care for the Provider rules or think that their view on "Industry-Standard" replaces the TOS and AUP. - just you know, these type of customers no established provider wants on their network.
You could had resolved this issue much more elegant, you do have more technical knowledge then a usual user, but you behaved like the usual abuser.
I for one, would had given you 24-48 hours to move off and be gone, and would even give you a can of spray so you can "graffiti" what you wish wherever you wish.
You miss the fact that abuse rates are increasingly high lately, and some providers do care for IP reputation, might it be because they have to and are obligated by the one that is lending them the subnet or are bound by contract, or just because they wish that their subnet does not get on whatever black list so the customers they have other then you don't open tickets because their service cannot reach whatever destination subnet/asn/service.
If you don't like my honest answer, go get yourself an ASN, rent out a /24 buy a server, colocate it and do things how you wish, but as long as you are not the holder/owner of resources and you lend out, then for the love of all things, read the TOS/AUP and don't piss against the wind with the Provider on delicate matters, service suspension due to TOS/AUP would qualify as such.
Cheers!
Host-C | Storage by Design | AS211462
“If it can’t guarantee behavior under load, it doesn’t belong in production.”