[shaicoleman]

Outlook/Hotmail blocks DigitalOcean. After half a dozens attempts over the years to delist my IP, and following all the best practices (dedicated fixed IP, SPF, DKIM, DMARC, FCrDNS, zero spam, TLS, etc.) I gave up.

Eventually, most people realize that their Outlook/Hotmail email service is defective because they're not receiving emails, and they migrate to another email service.

[Avamander]

> Eventually, most people realize that their Outlook/Hotmail email service is defective because they're not receiving emails, and the move to something else.

Or people realise that DO's current anti-abuse is very insufficient and will move to something else.

[shaicoleman]

Outlook/Hotmail is the only service that's blocking my emails. I've been with DigitalOcean for 10 years. Beforehand it was just a matter of filling a form and waiting 24 hours to get the IP whitelisted. A few years ago, Microsoft started refusing whitelisting IPs.

DigitalOcean on the other hand started blocking SMTP by default for new customers since June/2022 [1], and thus significantly reduced the amount of spam coming out of their network. That said, they're still not doing enough to stop spam from their network, and they're still a source of spam [2].

I can cryptographically prove the identity of the server (and thus its reputation), and there's no justified reason to block mails based only on the network's IP address, while ignoring all the other factors.

1. https://www.digitalocean.com/blog/smtp-restricted-by-default

2. https://www.uceprotect.net/en/l3charts.php

[literalAardvark]

I block DO even on web servers. Their abuse policy is exactly at the quality you'd expect for the price.

My customers can't afford to add a datacenter every time DO customers decide to steal our shit.

[progval]

Ah, that explains why I stopped receiving so much spam from DigitalOcean last year. Thanks

[huhtenberg]

I have a personal mail server and I too had no choice but to blacklist DO.

They generate a lot of phishing emails (rather than conventional spam). I used to diligently report it to their abuse contact, but they don't seem to care or do anything about it in the slightest.

[rixthefox]

> most people realize that their Outlook/Hotmail email service is defective

This is exactly what I've begun telling people and warning friends and family members about. I run my own email... well I run my own ISP at this point and we have our own dedicated block of IPv6 addresses but still rely on IPv4 addresses from our cloud providers and I've started to grow frustrated by the lack of movement by the incumbent email providers that I've started just straight up telling people don't expect any email delivery from me if you're using any provider that still lacks proper IPv6 on their SMTP servers.

It's no longer my problem and I will happily tell people that their email provider is defective and that they need to find a new host. If that is too much for them, to bad so sad not my problem. I did everything I could do. At some point you have to stop trying to work around "Big Cloud" and their nonsense.

[WarOnPrivacy]

> Outlook/Hotmail blocks DigitalOcean.

Microsoft blocking a mail server and DO being blocked aren't necessarily the same thing.

I service a number of MS accounts (hosted domain and O/H/live.com) and they block mail from small servers I manage - and from (non-major) online services I work with. There are forums frequent that send verification mails to MS addys that never arrive.

Past that: My last time blocking mail server attacks from DO IPs is today. It's always today and has been years and years. Not just DO. OVH, Psychz and a at least doz more attack with that consistency.

[edit: Post below mentions DO SMTP changes in 2022. DO is still attacky but less attacky is possible. Not sure.]

And not that far behind, Amazon. Amazon is a lot harder because unlike the above, I regularly get legit traffic from them.

[vel0city]

I've had decent deliverability to some of my Outlook addresses from my Digital Ocean droplets for about a decade. Low volume (a dozen or so a week?), only to a few dozen addresses. I had poor deliverability until I updated the Reverse DNS to match my sending hostname. Since then, I have not had a single email get filtered.

[tempnow987]

Or folks will check where their spam comes from. At least 2-3 years ago digital ocean was a ridiculously major source of spam. I've no interest in investigating why, but there is a near zero chance they were following anything like "all the best practices".

This is from DO's own site based on a quick search:

"I am being BOMBARDED, and I mean BOMBARDED with spam from Digital Ocean over 5 spams a day all from the same bunch of domains, all hosted on DigitalOcean and coming from your IPs.

In the last 2 weeks I’ve emailed your abuse mailbox 20+ times and filled in the contact abuse form 10+ times.

NOTHING is being done about it. My next plan of action is to keep posting here until Digital Ocean takes action.

Do you even have an abuse team? are they doing any work at all? I can provide 30 more samples if needed."

Absolutely pathetic - all major providers should blackhole email from DO.

Note that this contrasts to AWS. I was on AWS from flat network days (where folks were running scans internally etc. AWS respond with a ticket usually to abuse reports and then usually a bit later a note that things have been taken care of.

How does AWS which is FAR larger in IP address space than DO have so much LESS spam coming from their IP address space? Perhaps because they pay a tiny bit of attention to the issue.

[dangus]

This probably isn’t directly helpful or relevant advice, but I don’t see a good reason to spend double on DigitalOcean droplets compared to what you get with Hetzner Cloud.

[shaicoleman]

* Stability: I've had zero issues in the last decade

* Latency: Hetzner's ping latency is more than double for me

* Switching costs: migrating hosting providers can be time consuming

That said, I agree that DigitalOcean isn't good value for money anymore.

[Aerbil313]

Oh, are you the creator of Colemak?