Bitcoin Forum

My friend is in web hosting business accepting Bitcoin. There is an alarming level of customers using bitcoin spamming emails out from his servers. Due to the anonymous nature of BTC users, abuser signed in as another customers and continue the spam activities. Multiple servers have been taken down by network providers due to spamming activities.  >:(

I have been helping him to look for different ways to detect such users up-front during checkout. We are using FraudLabs Pro and it detects highly anonymous, blacklists and recurring abusers.

Are there other screening services we can use? Preferably with free plan like FraudLabs Pro.

Reference: http://www.fraudlabspro.com/tutorials/how-to-prevent-bitcoin-fraud (http://www.fraudlabspro.com/tutorials/how-to-prevent-bitcoin-fraud)

Ouch - yeah, I'm not sure I would provide anonymous hosting service.

They can pay with bitcoin but they sure as hell better provide some proof of their identity before I would let them have access to a system capable of spamming (or scamming) others.

Oh, btw, given how this appears to be your first post and you link to a service, I'm guessing you yourself are nothing but a spammer.

I've removed the link if this is not acceptable.

If you are advertising that service, there's a services section where it is perfectly fine.

If you are genuine I apologize, but it is just a really common marketing tactic to register at boards and "ask" about a service in order to drive traffic to it.

In credit card transaction, we can use the ID to verify the card holder name. However, in BTC case, there is no way to confirm that the ID received is indeed the real user.

Yes, that is a problem for porn sites too. I have some ideas for a solution but I can't start working on it until I get home (I'm on vacation).

You can require credit card for sign up - and then accept bitcoin for payments after the fact.

Asking for credit card just to accept Bitcoin is wrong way to do it. What your friend needs to do is limit outgoing traffic on his hosting machines and raise limit as customer is longer with him. There are anti spam mesures he can deploy (like max number of outgoing mails per minute etc.) that can help with this kind of situation big time.

I realize that is a bit problem, but I think he should update his ToS if he already hasn't to include those things and then get some way to detect when they do that, he should find out how other hosting companies do it, and kick those people out. Another way to limit is allow to buy hosting for at least a year, that way it is less likely someone will risk all that money being taken if they spam.

Hope he stays in business.

I have been thinking of going in to Bitcoin webhosting myself, and thank you for the heads-up.

Bitcoin is not anonymous; only pseudonymous. If they are not using mixers or coinjoin, you can try coin tainting to black/greylist the spammer's coins. To do this, you would need to ask for a refund address so that you can safely return the coins (they will start mixing them; making assumptions will result in lost coins).

Black-listing is bad for Bitcoin in general though because it hurts fungibility. That said, encouraging coin mixing makes Bitcoin safer for all users because block-chain analysis becomes more difficult.

Do these users not need contact information to sign up? You can do confirmation e-mails like mailing lists if you do not already do that.

what a problem ?

- customer pay in bitcoin (no chargeback)
- customer kill the contract by spam
- server kill account of customer
- no chargeback

win/win  ;D

They are using free email address. We do receive email confirmation, but again the email addresses are disposable.

Maybe you should require phone number verification via SMS or a phone call? Most legit customers have landlines and/or cell phones.

I'm not an expert but isn't it possible to monitor/limit/shape/throttle outgoing mail traffic?

Couldn't he just watch the IP addresses of the people who are logging in to he abuser's account?

This would be a very simply solution as it would prevent people from creating multiple accounts (there is no real reason for your customers to have multiple accounts as they could simply purchase additional capacity, likely at a discount).

It is reasonable to disallow anonymous customers from using outgoing port 25 directly from his servers. If his customers want to send emails, he could provide them SMTP relay services (at additional cost) with some kind of cap to prevent spamming.

This thread caught my attention, i was also looking to get one hosting with this one using BTC, thanks to it, i saved my time & money else something spam would have caught me up :(

Technically, no, it wouldn't.  All the people would have to do is know about Google Voice and they can create another phone number.  Took me about five minutes to setup my GV account.

Have you considered detecting spamming activity of existing users?  I know that some web hosts will suspend your account if you send too many emails from a server.

That way, you wouldn't need to worry about screening users - you can just stop them if they start sending tons of emails.

It doesn't need so troublesome, just change a web hosting business

Just ban users that spam other.