Anti-Abuse & Network Abuse Policy

Effective Date: [16/04/2026]
Last Updated: [16/04/2026]

1. Introduction & Scope

RedSwitches Pte Ltd. (“RedSwitches,” “we,” “us,” or “our”) is committed to maintaining the integrity, security, and reputation of its network infrastructure. This Anti-Abuse & Network Abuse Policy (“Policy”) governs all abuse originating from or facilitated through IP address space that RedSwitches owns, leases, or assigns to clients — regardless of which client is using that address space at any given time.

This Policy applies to:

• All clients using RedSwitches services, including bare-metal dedicated servers, GPU infrastructure, IP Transit, and any related services
• All IP addresses in RedSwitches’ assigned and routed address space (including, but not limited to, our RIPE and ARIN allocations)
• All traffic originating from, transiting through, or hosted on RedSwitches infrastructure
• Resellers and their end customers, who are subject to this Policy through their reseller agreement

As a bare-metal infrastructure provider, RedSwitches provides physical hardware, network connectivity, and IP address assignments. We do not access, monitor, or control client operating systems or content. However, we actively monitor our network layer — including traffic volume, traffic patterns, BGP routing, and IP reputation signals — at all times. This network-level visibility allows us to detect and respond to abuse that affects our infrastructure, our upstream providers, and the broader internet.

2. Types of Abuse Covered

The following categories of activity constitute network abuse under this Policy. This list is illustrative, not exhaustive.

2.1 Spam

Sending unsolicited bulk email (UBE), unsolicited commercial email (UCE), or unsolicited bulk messages via SMS, messaging platforms, or any other communication channel. This includes:

• Operating open mail relays
• Sending email with forged headers or deceptive sender information
• Harvesting email addresses for the purpose of sending unsolicited messages
• Operating or participating in SMS phishing (smishing) campaigns

2.2 DDoS Origination

Launching, participating in, or facilitating distributed denial-of-service (DDoS) or denial-of-service (DoS) attacks against any target. This includes:

• Using RedSwitches infrastructure to generate volumetric attack traffic (e.g., UDP flood, SYN flood, amplification attacks)
• Operating DDoS-for-hire services (“booters” or “stressers”)
• Participating in botnet-coordinated attack activity
• Generating traffic that causes disruption to RedSwitches’ upstream network infrastructure or other clients

2.3 Botnet Command and Control

Operating botnet command-and-control (C2) infrastructure, including:

• Running C2 servers that issue commands to compromised machines
• Hosting malware dropper servers or staging infrastructure
• Operating infrastructure used to coordinate coordinated attack activity of any kind

2.4 Unauthorised Port Scanning and Network Reconnaissance

Conducting unauthorised scanning, probing, or enumeration of external networks or systems, including:

• Large-scale port scanning of IP address ranges not assigned to you
• Vulnerability scanning of systems without authorisation from the system owner
• OS fingerprinting, service enumeration, or credential-stuffing reconnaissance against third-party systems

Note: Security researchers and penetration testers must ensure they have explicit written authorisation from the target system’s owner before conducting any scanning or testing activity from RedSwitches infrastructure.

2.5 Open Proxy and Open Resolver Abuse

Operating improperly configured or deliberately open network services that enable third-party abuse, including:

• Open HTTP/SOCKS proxies accessible to the general public and used to facilitate abuse
• Open recursive DNS resolvers exploitable for DNS amplification attacks
• Transparent proxies or traffic forwarders used to obscure the origin of malicious activity

2.6 Brute Force Attacks

Conducting automated credential brute force or credential stuffing attacks against third-party systems, including:

• SSH, RDP, FTP, or application-layer brute force against external hosts
• Credential stuffing using leaked credential databases
• Password spraying against authentication services

2.7 Malware Distribution

Hosting, distributing, or facilitating the spread of malware, ransomware, spyware, adware, or any other malicious software, including:

• Malware download servers or staging servers
• Exploit kit infrastructure
• Ransomware-as-a-service (RaaS) platforms or infrastructure
• Malware update or payload delivery infrastructure

2.8 Phishing and Social Engineering Infrastructure

Hosting or operating infrastructure used for phishing, fraud, or social engineering, including:

• Phishing websites or pages impersonating legitimate brands or services
• Credential-harvesting landing pages
• Business email compromise (BEC) infrastructure
• Fraudulent payment processing or fake e-commerce infrastructure
• Infrastructure used to facilitate advance-fee fraud, romance scams, or similar schemes

3. Abuse Response

3.1 Abuse Reports

All abuse reports should be submitted to:

[email protected]

This inbox is monitored 24 hours a day, 7 days a week. RedSwitches will acknowledge receipt of valid abuse reports within 24 hours and will keep the reporter informed of progress to the extent permitted by applicable law and client confidentiality obligations.

3.2 Automated Response — DDoS Origination

Where our network monitoring systems detect that a client’s server or IP address is actively generating DDoS attack traffic, automated null-routing may be applied immediately, without prior client notification, to protect the integrity of the RedSwitches network and its upstream providers. RedSwitches will notify the affected client promptly after null-routing is applied and work with them to remediate the issue.

3.3 Standard Complaint Response Process

For abuse complaints that do not involve automated triggering (Section 3.2), the standard response process is:

1. Report received at [email protected]; acknowledged within 24 hours
2. Client notified — RedSwitches forwards the complaint to the affected client, including relevant details of the alleged abuse
3. Remediation window — the client is given a reasonable period to investigate and remediate. The specific window depends on the severity of the abuse:
   • High severity (active attacks, C2, malware distribution, phishing): 4 to 12 hours
   • Medium severity (spam, port scanning, open proxies): 24 to 48 hours
   • Low severity (isolated incidents, stale reports): 48 to 72 hours
4. Escalation — if the client does not respond or fails to remediate within the applicable window, RedSwitches may suspend the relevant service or IP address pending resolution

Zero-tolerance categories — the following categories of abuse are subject to immediate service termination without a remediation window, consistent with our Acceptable Use Policy:

• Child sexual abuse material (CSAM)
• Botnet C2 infrastructure
• Active DDoS attack origination (where automated null-routing is insufficient)
• Ransomware distribution infrastructure

3.4 Repeat Abuse

Clients who receive two or more abuse complaints within any rolling 6-month period that result in confirmed violations will be subject to escalating enforcement action under RedSwitches’ Acceptable Use Policy, including account termination.

4. Network Integrity

4.1 Traffic Management Rights

RedSwitches reserves the right, at any time and at its sole discretion, to:

• Null-route (blackhole) any IP address in its address space that is causing or is at risk of causing disruption to the RedSwitches network or its upstream providers
• Rate-limit traffic from any client IP address or service where traffic patterns indicate abuse, misconfiguration, or excessive resource consumption
• Block or filter specific traffic types, ports, or protocols that pose a network security risk
• Disconnect a physical server or network port where continued connectivity poses an imminent risk to network stability or security

These measures are taken to protect all RedSwitches clients and the broader internet. Where feasible, RedSwitches will notify the affected client before or promptly after taking such action.

4.2 BGP Routing Integrity

RedSwitches maintains strict BGP routing policies to prevent route leaks and IP hijacking. Clients using RedSwitches IP Transit services or Bring Your Own IP (BYOIP) features must comply with the following:

• You may only advertise IP prefixes that are explicitly authorised in writing by RedSwitches or that you legitimately own and have provided proof of ownership
• You may not advertise prefixes belonging to other organisations
• RedSwitches validates route origins using RPKI (Resource Public Key Infrastructure) where available and investigates any anomalous routing advertisements

Any suspected BGP route leak or IP hijacking incident — whether originating from a client or directed at RedSwitches address space — will trigger an immediate investigation and may result in the withdrawal of affected route advertisements without prior notice.

4.3 IP Reputation Monitoring

RedSwitches monitors the reputation of IP addresses in its assigned space using industry-standard threat intelligence feeds, blacklist monitoring services, and internal telemetry. Where a client’s IP address develops a sustained poor reputation (e.g., persistent blacklisting across multiple reputable threat intelligence sources), RedSwitches will:

1. Notify the client and request investigation and remediation
2. Allow a reasonable remediation period (typically 7 to 14 days)
3. If reputation is not restored, reclaim the affected IP address(es) and issue replacement addresses, or terminate services if remediation is not feasible

IP addresses with unresolved poor reputations affect all clients sharing RedSwitches’ address space and the company’s ability to operate as a responsible network operator.

5. How to Report Abuse

To report network abuse originating from RedSwitches IP space, contact:

[email protected]

5.1 Required Information

To allow us to investigate efficiently, please include the following in your report:

• Your contact information — name, organisation (if applicable), email address
• Description of the abuse — a clear description of what occurred and the impact
• Affected IP address(es) — the RedSwitches-assigned IP address(es) involved
• Timestamps — date, time, and timezone for each incident
• Supporting evidence — server logs, email headers, pcap files, screenshots, or any other relevant technical data
• Your IP address(es) — if you were the target, include the IP address(es) being attacked
• Abuse type — categorise the abuse using the types in Section 2 if possible

Reports submitted without adequate information may not be actionable. We may follow up to request additional details.

5.2 Response SLA

RedSwitches will acknowledge all valid abuse reports within 24 hours of receipt. We aim to provide a substantive update on the status of the investigation within 72 hours. Complex cases involving law enforcement coordination or extensive forensic review may take longer.

5.3 Confidentiality

Information submitted in abuse reports will be handled confidentially and used solely for the purpose of investigating and remediating the reported abuse. We may share relevant details with the affected client to the extent necessary to facilitate remediation.

6. Cooperation with Third Parties

6.1 Upstream Providers

RedSwitches cooperates with its upstream transit providers and peering partners to address abuse affecting shared network infrastructure. This may include sharing abuse-relevant technical data (e.g., traffic flow records, routing information) with upstream parties in connection with specific incidents.

6.2 Regional Internet Registries (RIRs)

RedSwitches operates under allocations from regional internet registries including RIPE NCC (for European address space) and ARIN (for North American address space). We maintain compliance with the policies and operational guidelines of these organisations. Where sustained abuse threatens our IP address allocations or our standing with RIRs, we may take enforcement action to protect our registry relationships.

6.3 Law Enforcement

RedSwitches cooperates with lawful requests from law enforcement agencies in accordance with applicable law. Our law enforcement cooperation procedures are governed by a separate Law Enforcement Request Policy. In the context of network abuse:

• Where abuse involves criminal activity (e.g., CSAM, fraud infrastructure, ransomware), RedSwitches may refer the matter to relevant law enforcement authorities proactively
• We comply with valid legal process (court orders, search warrants, official requests) requiring us to preserve or disclose information
• We will notify affected clients of legal requests except where we are legally prohibited from doing so

7. Client Obligations

By using RedSwitches services, you agree to:

7.1 Maintain Accurate Contact Information

Keep your account contact details — including technical contact, billing contact, and abuse contact — current in the RedSwitches client portal at all times. RedSwitches relies on these details to route abuse notifications to you promptly. Failure to maintain accurate contact information is a breach of this Policy and your service agreement.

7.2 Respond Promptly to Abuse Notifications

Respond to abuse notifications from RedSwitches within the timeframes specified in Section 3.3. Prompt engagement is essential to resolving complaints and preserving your service continuity. If a complaint is forwarded to you and you believe it is erroneous, you must still respond and explain why — silence is not an acceptable response.

7.3 Implement Reasonable Security Measures

You are responsible for the security of your server, operating system, and applications. You must:

• Patch and update software in a timely manner to address known vulnerabilities
• Implement access controls appropriate to the sensitivity of your services (e.g., firewall rules, SSH key authentication, strong passwords)
• Monitor your own systems for signs of compromise
• Take immediate action if your server is compromised (e.g., malware infection, credential theft) to prevent your infrastructure from being used for abuse

If your server is compromised and used for abuse, you remain responsible for ensuring the abuse stops and that remediation is completed within the applicable timeframes, even if the abuse was not initiated by you personally.

7.4 Reseller Obligations

If you are a RedSwitches reseller, you are fully responsible for ensuring that your sub-clients comply with this Policy. You must maintain and enforce an equivalent abuse policy for your own customers, respond to abuse notifications on behalf of your sub-clients, and cooperate with RedSwitches in investigating abuse from your assigned IP space.

8. Modifications

RedSwitches reserves the right to update or modify this Policy at any time to reflect changes in law, regulation, network operations practices, or the threat landscape. Material changes will be communicated via email or notice in the client portal at least 14 calendar days before taking effect. Continued use of RedSwitches services after the effective date of any change constitutes acceptance of the revised Policy.

For questions about this Policy or to report abuse, contact us at [email protected].