I received an Abuse ticket for phishing spam, how can I resolve it?
I received a support ticket informing me that my Linode sent phishing spam. My Linode had network restrictions placed on it after 24 hours. Why? What can I do to resolve this?
We have a low tolerance policy when it comes to phishing spam. When Linode receives a verified complaint of phishing content being hosted on or sent by a server on our platform, we fully restrict network access to that machine if the issue has not been resolved within 24 hours.
Phishing websites and spam present an immediate danger to anyone who may interact with them, so it is important for us to mitigate these issues as early as possible. This helps prevent the spread of phishing content, which in turn lowers the chances of them successfully soliciting confidential information.
How did phishing spam get sent from my Linode?
More than likely, this is the result of a compromise. There is a very helpful post on recovering from this situation you can find here.
If your Linode has been compromised, we strongly suggest that you audit and reevaluate your Linode's security going forward. We also have a guide on strengthening your Linode's security, which can be found here.
You might also benefit from a dedicated security consultant, such as Sucuri. These companies can help you recover from serious compromises, and put measures in place to mitigate reoccurrence.
Connecting to your Linode while network restrictions are in place
If the initial warning time has passed and we have placed network restrictions on your Linode, this post offers resources on how to access and fix your Linode while those restrictions are in place.
Reviewing your mail server's security and reputation
After you have utilized the resources above to secure or rebuild your Linode, you might want to also review our guide on configuring and protecting your mail server for further preventative measures. Additionally, if you're experiencing mail-deliverability problems following the successful resolution to a phishing spam complaint, you'll want to use this tool to check if your IP or domain is currently on a blacklist and contact the list's administrators to have it removed.