Everything blocked?

[dhanna]

Nearly all my mail today was blocked by bl.spamcop.net

I mean things that have never been blocked before, like my notifications from my bank and from the national do not call list servers. Also blocked AV notifications from my own ISP which have never been blocked before.

So what is up with that?

[Merlyn]

Nearly all my mail today was blocked by bl.spamcop.net

I mean things that have never been blocked before, like my notifications from my bank and from the national do not call list servers.  Also blocked AV notifications from my own ISP which have never been blocked before.

So what is up with that?

Maybe you have been using quick reporting without checking where the reports are going and you have added yourself to the blocklist and everything coming to you is blocked ?????

So what is up with that?

[StevenUnderwood]

Merlyn, I think you need a break

dhanna, If you post the headers of one of the held messages we might be able to help you. The only headers needed are and x-spam-* and x-spamcop-* toward the bottom of the headers. Those were added by spamcop to show why messages were held. Please mung any email addresses in any headers you post.

[Wazoo]

and strangely enouigh, I'd say Ellen posted a response to aother poster's Topic that really seems to have more of a relationship to this Topic's issue ... please see http://forum.spamcop.net/forums/index.php?showtopic=1507 and perhaps go with the flow there?

There are thoughts of possibly merging these two Topics based on Ellen's response, but the problems posted aren't exactly the same, and Ellen's suggestion doesn't actually seem to touch the real issue in the other Topic ... then again, maybe I'm not really awake yet?

[Wazoo]

wow, now I know I'm confused .... one poster complaining that nothing is found in the Held Folder - http://forum.spamcop.net/forums/index.php?showtopic=1507 .. another complaining that 'everything' is being placed in the Held Folder - http://forum.spamcop.net/forums/index.php?showtopic=1510 .... and now a Held Folder won't give up any e-mail - http://forum.spamcop.net/forums/index.php?showtopic=1512

note sent to both Deputies and JT.

[Wazoo]

note sent to both Deputies and JT.

Ellen reports that her pet spammer is busy, busy, busy, and her Held Folder is working just fine. JT reports that nothing out of the ordinary seems to be afoot at his end, though repeating much the same as Merlyn's suggestion .. you've somehow managed to possibly include one of your servers to the bad side ..???

[Merlyn]

note sent to both Deputies and JT.

Ellen reports that her pet spammer is busy, busy, busy, and her Held Folder is working just fine. JT reports that nothing out of the ordinary seems to be afoot at his end, though repeating much the same as Merlyn's suggestion .. you've somehow managed to possibly include one of your servers to the bad side ..???

Thank you Wazoo

[dhanna]

dhanna, If you post the headers of one of the held messages we might be able to help you.  The only headers needed are and x-spam-* and x-spamcop-* toward the bottom of the headers.  Those were added by spamcop to show why messages were held.  Please mung any email addresses in any headers you post.

Sorry, but I was sick with a bad stomach bug and didnt get a chance to get online yesterday to see any of the responses.

Here are some of the headers mentioned...

My bank, which has always made it through without problems, was blocked...

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - orca.phasthost.com

X-AntiAbuse: Original Domain - *******

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - BankOne.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4

X-spam-Level:

X-spam-Status: hits=0.0 tests=none version=2.63

X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 68.6.19.2

X-SpamCop-Disposition: Blocked bl.spamcop.net

----------------------------------------------------------

X-AntiAbuse: Primary Hostname - orca.phasthost.com

X-AntiAbuse: Original Domain - *******

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - BankOne.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4

X-spam-Level:

X-spam-Status: hits=0.0 tests=none version=2.63

X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 68.6.19.2

X-SpamCop-Disposition: Blocked bl.spamcop.net

X-SpamCop-Whitelisted: thefinancialteam[at]bankone.com

---------------------------------------------------------------------

Yes, I whitelisted the bank one when it got blocked.

The bad part is, I threw the others away. I do have one from a friend that has never been blocked before...

X-AntiAbuse: Primary Hostname - orca.phasthost.com

X-AntiAbuse: Original Domain - *******

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - msn.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade4

X-spam-Level: *

X-spam-Status: hits=1.1 tests=FROM_ENDS_IN_NUMS,HTML_70_80,HTML_MESSAGE,

MISSING_OUTLOOK_NAME version=2.63

X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 68.6.19.2

X-SpamCop-Disposition: Blocked bl.spamcop.net

-------------------------------------------------------------------

I have a domain and it is hosted at orca.phasthost.com, but not all the blocked ones go through there, like the AV notices from my bank, go directly to my account and not through my domain. Yes, I have my domain in the mailhost setup. I do not have any of the AV notices because I have thrown them away as well.

I will post more (not going through my domain) when I get some.

[dhanna]

Nearly all my mail today was blocked by bl.spamcop.net

I mean things that have never been blocked before, like my notifications from my bank and from the national do not call list servers.  Also blocked AV notifications from my own ISP which have never been blocked before.

So what is up with that?

Maybe you have been using quick reporting without checking where the reports are going and you have added yourself to the blocklist and everything coming to you is blocked ?????

So what is up with that?

Actually, I checked and the IPs being blocked are not listed, as it says they are. My IPs are not listed either.

I have worked with Ellen with issues over my ISP blocking my reports to spamcop. When I forward an email for reporting, it never makes it. It is due to a new spam filter my ISP has put in place, my forwarded reports get marked as spam and never leave my ISP. So now I have to cut and paste all spam to the web form for reporting.

Ellen may know, maybe my ISP is using spamcop's block list and has listed one of my mailhosts as a spammer.

Most likely not, I have checked my own IP and it is not listed.

[dhanna]

One from my ISP's AV center....

Subject: Email Virus Notification

From: Cox Communications <avops[at]cox.net>

Reply-To: <avops[at]cox.net>

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6

X-spam-Level: *

X-spam-Status: hits=1.7 tests=DATE_MISSING,MSGID_FROM_MTA_HEADER version=2.63

X-SpamCop-Checked: 192.168.1.105 216.154.195.36 192.168.1.101 68.6.19.2

X-SpamCop-Disposition: Blocked bl.spamcop.net

X-SpamCop-Whitelisted: avops[at]cox.net

---------------------------------------------------------------------------

Blocked but whitelisted.

Actually, I parsed it and here is the results....

http://www.spamcop.net/sc?id=z492415476z16...465eeccf1bf20az

What is strange is that I was writing an email when it came in, I received it live, but the parser says the Message is 5 hours old.

[Wazoo]

Everyone of your samples shows the same IP with an issue ...

Query bl.spamcop.net - 68.6.19.2

68.6.19.2 is pop.west.cox.net

68.6.19.2 listed in bl.spamcop.net (127.0.0.2)

Plenty of samples at http://www.spamcop.net/w3m?action=checkblock&ip=68.6.19.2

However, will note that I've dropped a note to Deputies about the content seen there.

Not sure what all the non-parsable address stuff is all about, but the most recent look like yet another clueless anto-virus notification series ... perhaps Ellen could handle that one, but maybe it's hopeless ... still trying to sort out where your fixation on your doamin is coming from in relationship to all samples coming in through a Cox server ...???

[Wazoo]

Actually, I parsed it and here is the results....

http://www.spamcop.net/sc?id=z492415476z16...465eeccf1bf20az

Can you say "reporting your own e-mail server" ????

[dhanna]

Actually, I parsed it and here is the results....

http://www.spamcop.net/sc?id=z492415476z16...465eeccf1bf20az

Can you say "reporting your own e-mail server" ????

No, I didnt send reports, just used the parser to display the info. If you look, it says sent to canceled[at]devnull.spamcop.net

[dhanna]

still trying to sort out where your fixation on your doamin is coming from in relationship to all samples coming in through a Cox server ...???

The thing is, I have my domain forward mail to multiple addresses. You send an email to pager[at]mydomain.com and it forward to my Cox email and to my pager.

Also, I use it to forward other things. At one time I had issue where the forwarded emails )From my domain) were not being detected in my mailhosts. It took a while to get all the mailhosts for my domain listed.

[dhanna]

Plenty of samples at http://www.spamcop.net/w3m?action=checkblock&ip=68.6.19.2

I checked for all my reports on the 19th and not a single one was found going to cox.

In addition, if I had been reporting my own email server, by not paying attention to what I was reporting, would I have found the blocked email that started this topic?

Wazoo mentioned the fascination with my own domain. What happened a month or so ago was that I had reported my domain host because they used multiple domain names and some of the domain names where not in my mailhosts. I looked through, didn’t see anything that looked familiar, and because some of their domains where not listed in my mailhosts, I ended up reporting my own domain because of the mail forwards I have.

Since then, I have been very careful what I report.

[Wazoo]

As I can only go with what was provided, sorry for doing the 1+1=2 thing ... all samples were blocked based on one IP, the sample spam parse matching the contents seen on the evidence page, and nothing in he sample header data I looked at to tie in with your comments on a personally held domain ... not sure what other results might have been anticipated ...

have since heard back from one of the Deputies ... turns out the "non-parseable addresses" seem to be an issue with the database not making a graceful move to some new servers that SpamCop transitioned to yesterday. I'm thinking that the IP of the recent discussion should be moving for a de-listing based on analysis of the listing data.