[tor-relays] G-Core Labs and their humanoid robots

Tor Relays torrelaysaregreat at gmail.com
Tue Jun 8 11:56:33 UTC 2021


 TL;DR: G-Core Labs does not understand their abuse detection software and
their support agents are a bunch of humanoid robots.


Dear customer,
Due to suspicious activity SMTP ports have been blocked.
Affected service ID: <id>. Destination port: 25, 465, 587.
To unblock contact support.

Me:
hello, i guess you are referring to a recent spamhaus entry?
i do not use ports 25, 465, 587 so it likely is a false positive.
I don't need these ports open but i would prefer if you could unlock them
in case i would like to use them in the future.
otherwise i might wonder why they don't work without remembering that they
got blocked on your end.
Thanls

Support agent 1:
Hello,
In terms of Acceptable Use Policy (AUP), clause 2(d), we reserve a right to
block SMTP ports if your service is not located at our platform.
Please, find the list of blockage cases and solutions.
1) Service belongs to third parties.
Unfortunately, we have to deny your request of unblocking SMTP ports
according to AUP.
2) Service belongs to our platform.
Please, specify domain you send emails to. If domain is fine, we'll unblock
ports accordingly.
3) You didn't send any emails.
Please, check your server to find the reason of spamming. As soon you
resolve the issue, we'll unblock ports. However if our automated system
identifies spamming on your server again, we'll have to block SMTP ports
permanently.
We kindly ask you to send a reply in a detailed manner so we could analyze
your case accordingly.

Me:
I will repeat myself:
I do not send emails.
Please unblock the SMTP ports or specify why you blocked the SMTP ports.
Thanks.

Support agent 1:
Check your network settings, perhaps something could cause it.
Tell us what you will found and we will figure it out.

Me:
I do not have a reason to believe the server got hacked and i do not use
the server to send emails so it likely is a false positive.
Why were the SMTP ports blocked?

Support agent 1:
It was blocked because automatic monitoring system find your activity
suspicious.
Now, trust level of your traffic for IP has been increased however the
traffic is still automatically monitored. If the system of automatization
identifies your traffic as illegitimate or if we receive an infringement
report, we'll have to disable ports once again.

Me:
Please do not block any ports without my consent when you do not have any
logfiles that prove any misbehavior.
"Automatic monitoring system find your activity suspicious" does not help
in debugging any possible misbehavior coming from my server.
Do you have information about where i can read up about the function of
your automatic monitoring system to prevent this problem?

Support agent 1:
We can't share information about algorithm.


Four days later, different support agent:

Dear customer,
Due to suspicious activity SMTP ports have been blocked.
Affected service ID: <id>. Destination port: 25, 465, 587.
To unblock contact support.

Me:
hello,
can you please give me more details about the suspicious activity?

Support agent 1:
Hello,
In terms of Acceptable Use Policy (AUP), clause 2(d), we reserve a right to
block SMTP ports if your service is not located at our platform.
Please, find the list of blockage cases and solutions.
1) Service belongs to third parties.
Unfortunately, we have to deny your request of unblocking SMTP ports
according to AUP.
2) Service belongs to our platform.
Please, specify domain you send emails to. If domain is fine, we'll unblock
ports accordingly.
3) You didn't send any emails.
Please, check your server to find the reason of spamming. As soon you
resolve the issue, we'll unblock ports. However if our automated system
identifies spamming on your server again, we'll have to block SMTP ports
permanently.
We kindly ask you to send a reply in a detailed manner so we could analyze
your case accordingly.

Me:
Thanks but i know the AUP.
The server does not send any emails and i do not have a reason to believe
the server got hacked so please tell me the timestamp and destination of
the connection that triggered your automatic monitoring system.

Support agent 1:
Let us please discuss your issue with our colleagues. We will inform you on
this ticket.

Support agent 1:
Hello!
Thank you for waiting!
Unfortunately, we have to decline your unblocking request. As we see there
is a second block on the same server.
We couldn't unblock ports if they were blocked once

Me:
My question was:
What triggered the block?

Support agent 1:
We couldn't provide you detailed information about SMTP-blocking system,
sorry.
The block is triggered if your server has suspicious activity on SMTP ports.

Me:
i understood that.
What does "suspicious activity" means?

Support agent 1:
Let us, please, clarify this information with our engineers

Me:
Thank you.
I hope you understand that it's an unfortunate situation when i do not find
any misbehavior on the server but your "automatic monitoring system"
accuses me of misbehavior and the answer is "there was suspicious activity".
I am awaiting the response.

Support agent 1:
We have received a reply from your colleagues.
Sorry, but we couldn't announce how this technology works. It is
confidential information!

Me:
Can you forward me to someone higher or is there an address where i can
complain?

Support agent 2:
Hello,
Let us please discuss this moment with colleagues. Please stay tuned!

Support agent 3:
Thank you for waiting. Unfortunately, we can't forward somebody higher to
you or give you an email additional email address. All communications take
place via the support team. If you want to complain, please send us your
complaint and we will send it to our colleagues.

Me:
Hello <name>!
Sure, i can summarize it for you:
I would like to complain about a malfunction in your "automatic monitoring
system".
Four days ago i received a ticket that SMTP ports are blocked due to
"suspicious activity".
I answered the support agent that the server is not used for sending emails
and there is no sign of a malfunction on the server so it very likely is a
false positive and he unblocked the SMTP ports.
Today i received such a ticket again and the server is still not used for
sending emails and there still is no sign of malfunction.
To help you understand the incident i would need some information from you:
- the source/destination IP and port that triggered the automatic
monitoring system
- an exact timestamp
What solution can you offer me?

Support agent 3:
I'll send your message to our colleagues and let you know about the result.

Support agent 3:
Unfortunately, we can't provide you with any information that you've been
asking for and we have to decline your request for unblocking. Our decision
is based on our Master Service Agreement. You can find it here:
https://gcorelabs.com/legal/

Me:
What is the reason that you can not provide me with the requested
information?

Support agent 3:
We don't provide that kind of information. As we already said it's
confidential information.

Me:
Punishing the user for something, then making the information about the
cause of the punishment as confidental for him is interesting.
Are you sure that you properly understand the function of your "automatic
monitoring service" and what steps will you take to prevent false positive
results in the future?

Support agent 3:
Our engineers are working to improve the technology of SMTP ports blocking,
but I'm afraid I can't share with you any additional information about it.


I gave up after that.

This happens when you use A/I to detect abuse and degrade humans to
communicate A/I decisions.

A/I will abuse us all.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20210608/f696094d/attachment-0001.htm>


More information about the tor-relays mailing list