Need help to get off SpamCop blacklist

[CharityChannel]

We are a 12-year-old on-line community of more than 100,000 nonprofit organizations. We are extremely careful to avoid spamming, and have the first and most copied privacy policy in the nonprofit sector. Our eNewsletters and discussion lists provide one-click unsubscribe. We employ reverse DNS lookup, have our relays closed down, and were the first in the nonprofit world years ago to institute strict double opt-in for our lists. We did once employ auto-responders for retired email addresses, but when we realized that this too was a form of spamming, we turned those off a few years back.

In making a server change including a new IP address for our mail server, we inadvertently reactivated an autoresponder and also inadvertently sent out our stored double opt-in message to subscribers who tried to subscribe some time in the past, but who didn't actually click on the coded link to subscribe. I'm guessing that these are the mistakes that landed us on the SpamCop blacklist.

After learning of our IP address being listed, we immediately found the problem with the autoresponder (notifying our subscribers of no-longer-active email addresses) and turned it off. Unfortunately, after waiting the 48 hours, we're still on the list and worse, we're getting inundated with complaints from nonprofit organizations that they aren't receiving the list postings, eNewsletters, and help-desk responses they rely on.

I've personally spent hours and hours on this, trying to figure out what in the world is causing our new IP address to be listed. Apparently we're still doing something wrong but for the life of me, I can't figure out what it is. I'd be grateful to you for any help you can be. I did just post this to the on-line page for addressing this kind of thing, but am so desparate that I'm also posting here. Hope this is appropriate.

[turetzsr]

Hi, CharityChannel!

We are a 12-year-old on-line community of more than 100,000 nonprofit organizations.  We are extremely careful to avoid spamming, and have the first and most copied privacy policy in the nonprofit sector. Our eNewsletters and discussion lists provide one-click unsubscribe.  We employ reverse DNS lookup, have our relays closed down, and were the first in the nonprofit world years ago to institute strict double opt-in for our lists.

19031[/snapback]

...Uh-oh -- "double opt-in" is spammer-speak. You should be using confirmed opt-in. For further information, please see:

• FAQ Entry: Am I Running Mailing Lists Responsibly?
  
• How Can I Manage My Mailing List Responsibly?
  
• MAPS Basic Mailing List Management Guidelines for Preventing Abuse
  
• cluelessmailers.org Best Practices
  

You should also be confirming periodically (at least annually) that those on your list wish to continue receiving your newletters.

We did once employ auto-responders for retired email addresses, but when we realized that this too was a form of spamming, we turned those off a few years back.

19031[/snapback]

...Thank you!

In making a server change including a new IP address for our mail server, we inadvertently reactivated an autoresponder and also inadvertently sent out our stored double opt-in message to subscribers who tried to subscribe some time in the past, but who didn't actually click on the coded link to subscribe.  I'm guessing that these are the mistakes that landed us on the SpamCop blacklist.

After learning of our IP address being listed, we immediately found the problem with the autoresponder (notifying our subscribers of no-longer-active email addresses) and turned it off.

19031[/snapback]

...Thank you, again!

Unfortunately, after waiting the 48 hours, we're still on the list and worse, we're getting inundated with complaints from nonprofit organizations that they aren't receiving the list postings, eNewsletters, and help-desk responses they rely on.

I've personally spent hours and hours on this, trying to figure out what in the world is causing our new IP address to be listed.  Apparently we're still doing something wrong but for the life of me, I can't figure out what it is.  I'd be grateful to you for any help you can be.

19031[/snapback]

...Without knowing your IP address, there's not much we can do. Either post it here or, if you prefer to not make it public, please send it along with an explanation of your problem to the SpamCop deputies at e-mail address deputies <at> spamcop <dot> net.

I did just post this to the on-line page for addressing this kind of thing<snip>

19031[/snapback]

...Really? What on-line page is that? I wasn't aware that there was anyplace but the SpamCop Fora for this kind of thing.

Hope this is appropriate.

19031[/snapback]

...Actually, it is appropriate to post in the SpamCop fora but not in the Mailhosts System Beta Test forum. The Help forum is the right place and, hopefully, our kindly moderator, Wazoo, will move it there. <g>

[Derek T]

We are a 12-year-old on-line community of more than 100,000 nonprofit

<huge snip>

but am so desparate that I'm also posting here.  Hope this is appropriate.

19031[/snapback]

Thanks for all the info: you missed he one bit that might enable us to help you - the IP addrerss that you claim is listed! A coplete bounce message would also help.

[Wazoo]

If I had to guess, the on-line "form" might be the contact point offered that starts at http://www.spamcop.net/fom-serve/cache/91.html ... I actually couldn't say who gets this form, though noting that it's a BL issue, so it probably ends up at the BL address ... and there have been some references that indicate that this isn't tied to anyone's personal InBox. I figure it's one of those things that either Don and/or the Deputies look at when caught up elsewhere (again, only guessing here)

Noting later that there is also a "Dispute Resolution" page at http://www.spamcop.net/fom-serve/cache/298.html

And noting even later, the web page for a BL status check appears to have been updated now with a link to "Dispute" the listing.

The 48 hour thing is the maximum time allotted for a listing, but that is predicated on when the spam/spew stops. At this point, there's nothing here yet for anyone to go on to look at the situation. An IP address would help in doing some research.

[StevenUnderwood]

Doing a little guess work here...if the top is wrong, ignore the rest as it all builds upon itself. Again, this is a guess.

DNS Lookup

Name:    charitychannel.com

Address:  216.132.135.170

Name:    charitychannel.org

Address:  216.132.135.170

charitychannel.com      MX preference = 1, mail exchanger = mail.charitychannel.

com

charitychannel.com      MX preference = 10, mail exchanger = charitychannel.com

charitychannel.com      nameserver = dns1.namesecure.com

charitychannel.com      nameserver = dns2.namesecure.com

mail.charitychannel.com internet address = 216.132.135.170

charitychannel.com      internet address = 216.132.135.170

charitychannel.net      MX preference = 0, mail exchanger = mf.namesecure.com

charitychannel.net      nameserver = dns1.namesecure.com

charitychannel.net      nameserver = dns2.namesecure.com

mf.namesecure.com       internet address = 64.62.166.104

http://mailsc.spamcop.net/w3m?action=blche...216.132.135.170

Listed for traps and reports. Other MX was not listed.

Only report found:

Submitted: Tuesday, October 19, 2004 1:28:25 AM -0400:

We Review: Cause Marketing

Senderbase...could be because of new IP being turned up but 5000% seems very large after almost a month of averaging:

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 4.9 5100%

Last 30 days 4.4 1262%

Average 3.2

Listing History

It has been listed for 2.5 days

If the spam reports have stopped, this should be dropping off shortly but the fact it is a new IP (Date of first message seen from this address 2004-09-28 ) could have extended the time for the listing. You would need to contact deputies<at>spamcop.net to find out when the listing will drop (if reports have indeed stopped).

Good luck.

[Merlyn]

It would seem at first look that you are sending email to people who did not request it because there are individual reports sent along with the spamtraps. This also is a sign that you might have perchased some lists.

spam is about conSent and not conTent. You must manage your lists properly and use confirmed opt-in.

For each manual report tens of thousands usually go unreported as these are only from individuals that use Spamcop. This is also an early warning sign for you that something is wrong.

Have you recently add or purchased any lists?

[CharityChannel]

The dispute resolution page to which I refer is linked off of http://www.spamcop.net/w3m?action=blcheck&ip=216.132.135.170. As was mentioned by a colleague here, yes, the IP address is 216.132.135.170.

We are a very high volume charity site, meaning that more than 100,000 charities rely on our discussion lists and eNewsletters to help them do their work -- curing cancer, fighting hunger, and so on. Even the thought of buying a list -- as was speculated by a colleague here -- is disgusting to me. Moreover, we have a very strict privacy policy that prevents us from selling our subscriber lists -- and we get a LOT of offers.

It sounds like our sheer size and the change to a new server/IP address has triggered our blacklisting. If so, how in the world do we get off the list? I've submitted the form but nothing has happened. This is not just hurting us, but is denying charities (thousands of them) the information that they need to make this a better world. I actually am nearly to tears over this problem.

I do feel a little better that there are colleagues here who are trying to help us.

Steve

[Wazoo]

Although the "new" might have tilted the balance a bit, this isn't the reason for the listing. Again, the evidence page is reflecting both spamtrap hits and some reports. I don't see that the actual hardware/OS/application of the new server was mentioned. Is it possible that this new server is an Exchange based system? If so, have your admin person hit the FAQ here, there, everywhere on the issues of putting an Exchange server directly onto the Interent.

[CharityChannel]

No, not an exchange server.

As I said at the outset, when we moved the server to a new machine, we inadvertently sent out an email to a group of persons who were in our confim opt-in database, but who had not confirmed their subscription and hence were never subscribed to a list. Naturally, I am sure that there were many on that list who either never tried to subscribe in the first place (i.e. someone else tried to sign them up), or who had forgotten that they tried to subscribe -- this database is years old. I am not surprised that some might have concluded they were being spammed. It's ironic, since it was our very confirmed opt-in mechanism that collected those email addresses and that we inadvertently sent to during the migration process.

What is so terribly frustrating is that a considerable amount of damage, financial and otherwise, is being done and there is no way to address it with SpamCop -- at least, my attempt to do so has thus far gotten nowhere.

There was one other spam site that listed us (none of the others has done so, btw) and it was very easy to address this with them. We were removed within minutes, and not reappeared there or anywhere else. We even are white-listed with AOL, and have been for years.

If anyone here has any way to help me, I'd be grateful! I have rarely felt so utterly helpless.

[turetzsr]

Hi, Steve!

The dispute resolution page to which I refer is linked off of http://www.spamcop.net/w3m?action=blcheck&ip=216.132.135.170.  As was mentioned by a colleague here, yes, the IP address is 216.132.135.170.

19049[/snapback]

...Ah, thanks! I've never seen that link before. Of course, I don't have much reason to visit that page. <g>

<snip>

... [W]e have a very strict privacy policy that prevents us from selling our subscriber lists -- and we get a LOT of offers.

19049[/snapback]

...Good for you! <big g>

If so, how in the world do we get off the list?  I've submitted the form but nothing has happened.

19049[/snapback]

...Well, with the link to the form does say "Because everyone wants to dispute their listing, regardless of merit, we reserve the right to ignore meritless disputes." Also, whoever reviews the submissions may be overloaded or taking the time to collect all the necessary information. You can also directly contact the SpamCop deputies at e-mail address deputies <at> spamcop <dot> net. This would be a good idea for you to do, anyway, as it is the only way you can get information on what is hitting the spamtraps from your server.

This is not just hurting us, but is denying charities (thousands of them) the information that they need to make this a better world.  I actually am nearly to tears over this problem.

19049[/snapback]

...Yep, spammers spoil the internet for everyone.

...By the way, the charities that are not receiving your messages might wish to contact their service providers to ask them to "whitelist" the e-mail address from which you send your information.

I do feel a little better that there are colleagues here who are trying to help us.

Steve

19049[/snapback]

...We're glad to help! <g>

[turetzsr]

<snip>

As I said at the outset, when we moved the server to a new machine, we inadvertently sent out an email to a group of persons who were in our confim opt-in database, but who had not confirmed their subscription and hence were never subscribed to a list.  Naturally, I am sure that there were many on that list who either never tried to subscribe in the first place (i.e. someone else tried to sign them up), or who had forgotten that they tried to subscribe -- this database is years old.  I am not surprised that some might have concluded they were being spammed.  It's ironic, since it was our very confirmed opt-in mechanism that collected those email addresses and that we inadvertently sent to during the migration process. 

<snip>

19052[/snapback]

...Umm, that doesn't explain the e-mail going to spamtraps. Some other problem may be afoot. I strongly suggest you contact the deputies at the aforementioned e-mail address.

[Merlyn]

Luckily Spamcop is dynamic and the listing will automatically be removed 48 hours after the last spam report.

[Wazoo]

I'm hoping you understand the ramifications of the following phrase;

216.132.135.170 not listed in bl.spamcop.net

<g>

[CharityChannel]

I am pleased and relieved to report that we've now had the IP address removed from the blacklist! Here is what we've been told (if it's inappropriate to post this here, I trust that the editors will remove it) by our SpamCop colleague:

"Apparently that email hit our spamtraps (nonexistent addresses) and caused the server to be listed. The 'post' was a virus message addressed to the list address. Probably from an infected spammer with some of our trap addresses on his dirty mailing list."

What I'm wondering is this: Is there anything we can do to avoid this from recurring?

Steve

[CharityChannel]

I'm hoping you understand the ramifications of the following phrase;

216.132.135.170 not listed in bl.spamcop.net

<g>

19060[/snapback]

It's beginning to dawn on me.

Steve

[Wazoo]

"Apparently that email hit our spamtraps (nonexistent addresses) and caused the server to be listed.  The 'post' was a virus message addressed to the list address.  Probably from an infected spammer with some of our trap addresses on his dirty mailing list."

What I'm wondering is this:  Is there anything we can do to avoid this from recurring?

The catch is that the above commentary is taken out of context and "we" have not seen the actual e-mail in question .... so things may be way off base in the following ..

Your original presentation of the situation gave the appearance that "you" were the originator of the outbound traffic, unfortunately including an apparent laundry list of different items. However, the Admin commentary suggests that one of your lists accepts input from anyone (?) and shoots it out, though the mechanism of adding external e-mail addresses to that outgoing list isn't identified.

If any of the above is true, there really isn't anyway you're going to prevent future listings. Access has to be controlled and the output has to be limited to only those requesting this traffic. I know you already know this, but ....

In all fairness, if you want to continue the issues of mailing-list management and such, I would requests that you start a new Topic up over in the Lounge area.

Thanks for hanging in and ending up with a good result.

[CharityChannel]

Point well-taken. Not to beat a dead horse, one of the causes that I speculated about in my opening posting was an autoresponder that was inadvertently turned on during a server migration. We haven't landed back on SpamCop's blacklist or any other, so all is well.

Thanks everybody.

Steve

[Jeff G.]

"we" have not seen the actual e-mail in question

19067[/snapback]

SpamCop reports concerning 216.132.135.170 would currently go to abuse[at]epoch.net and postmaster[at]epoch.net per http://www.spamcop.net/sc?track=216.132.135.170

[CharityChannel]

SpamCop reports concerning 216.132.135.170 would currently go to abuse[at]epoch.net and postmaster[at]epoch.net per http://www.spamcop.net/sc?track=216.132.135.170

19392[/snapback]

True, but you've lost me. We also maintain abuse[at]charitychannel.com and postmaster[at]charitychannel.com.

In any case, I'm pleased to report that we've remained off of the SpamCop blacklist.

Thanks everyone!

Steve

[Jeff G.]

SpamCop reports concerning 216.132.135.170 would currently go to abuse[at]epoch.net and postmaster[at]epoch.net per http://www.spamcop.net/sc?track=216.132.135.170

19392[/snapback]

True, but you've lost me. We also maintain abuse[at]charitychannel.com and postmaster[at]charitychannel.com.

19395[/snapback]

I meant that if you want to see the SpamCop reports about 216.132.135.170, please ask the people handling abuse[at]epoch.net and postmaster[at]epoch.net for copies of them.

In any case, I'm pleased to report that we've remained off of the SpamCop blacklist.

Thanks everyone!

19395[/snapback]

You're welcome.