Hello,
Since 3 days I send emails, and I receive an email with this text:
: host mail.domain.com[66.220.7.80] said: 451
Blocked - see http://www.spamcop.net/bl.shtml?82.223.190.20 (in reply to
RCPT TO command)
We are a software company and we send e-news to our customers. All the address are gives from our customers, and we have emails with this confirmations.
In our enews, the customer have the possibility to unsubscribe only click a link, and we always unsubscribe them. But it is curious because we only receive 1 or 2 unsubscribes every e-news (our customer database is 800 customers).
Please how I can unlock my account. We can not send email!
Regards,
Rafael del Molino
TDM Solutions;
www.VisualMillSpain.com
Full Version: My domain is in the blocklist
QUOTE
82.223.190.20 listed in bl.spamcop.net (127.0.0.2)
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately zero time.
Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
SpamCop users have reported system as a source of spam less than 10 times in the past week
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately zero time.
Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
SpamCop users have reported system as a source of spam less than 10 times in the past week
You may want to contact your provider, there seem to be spam and/or bounces to inocent an/or spamtrap addresses, or you a have a trojaned/compromized machine spewing that crap.
The Sender Base also shows a large increase in volume:
QUOTE
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day 4.9 885%
Last 30 days 4.8 808%
Average 3.9
Magnitude Vol Change vs. Average
Last day 4.9 885%
Last 30 days 4.8 808%
Average 3.9
Personally I also noticed a large increase in Spam from Spain! I know <<it rains in Spain>> but that would have to be rephrased <<it rains spam from careless ISPs in Spain>>?
As a side note there is a history of Spam and Phishers spewed from the domain for the IP you provided.
QUOTE
The largest ISP in the world with the largest staff and the biggest
budget and Rule # 1 challenged spammers can outsmart them. How sad,
how very sad indeed.
Hostdepartment.com is part of the problem. They "Shirley" aren't part
of the solution nor is horneyspace.com who also protects/shields AOL
niche spammers.
And AOL wonders why they are losing customers daily.
Sent from 217.76.128.17
inetnum: 217.76.128.0 - 217.76.128.223
netname: NET-ARSYS-EURO-1
descr: arsys.es
country: ES
admin-c: ARO12-RIPE
tech-c: ARO12-RIPE
rev-srv: atlante.servidoresdns.net
rev-srv: prometeo.servidoresdns.net
status: ASSIGNED PA
notify: r...@arsys.es
mnt-by: ARSYS-RIPE-MNT
mnt-lower: ARSYS-RIPE-MNT
changed: r...@arsys.es 20040402
source: RIPE
budget and Rule # 1 challenged spammers can outsmart them. How sad,
how very sad indeed.
Hostdepartment.com is part of the problem. They "Shirley" aren't part
of the solution nor is horneyspace.com who also protects/shields AOL
niche spammers.
And AOL wonders why they are losing customers daily.
Sent from 217.76.128.17
inetnum: 217.76.128.0 - 217.76.128.223
netname: NET-ARSYS-EURO-1
descr: arsys.es
country: ES
admin-c: ARO12-RIPE
tech-c: ARO12-RIPE
rev-srv: atlante.servidoresdns.net
rev-srv: prometeo.servidoresdns.net
status: ASSIGNED PA
notify: r...@arsys.es
mnt-by: ARSYS-RIPE-MNT
mnt-lower: ARSYS-RIPE-MNT
changed: r...@arsys.es 20040402
source: RIPE
Moved from the "Reporting" Forum to the "Blocking List" Forum.
QUOTE(Rafael @ Jan 28 2005, 04:49 PM)
Hello,
Since 3 days I send emails, and I receive an email with this text:
: host mail.domain.com[66.220.7.80] said: 451
Blocked - see http://www.spamcop.net/bl.shtml?82.223.190.20 (in reply to
RCPT TO command)
Please how I can unlock my account. We can not send email!
Since 3 days I send emails, and I receive an email with this text:
: host mail.domain.com[66.220.7.80] said: 451
Blocked - see http://www.spamcop.net/bl.shtml?82.223.190.20 (in reply to
RCPT TO command)
Please how I can unlock my account. We can not send email!
Try using my Signature file to check your computers security. That IP has been taken over and nothing on it is safe
one of our domains keeps getting this:
----- The following addresses had permanent fatal errors -----
<carrie[at]expedia.com>
(reason: 550 5.2.1 Mailbox unavailable. Your IP address 209.239.37.102 is blacklisted using SPAMCOP. Details: Blocked - see http://www.spamcop.net/bl.shtml?209.239.37.102.)
----- Transcript of session follows -----
... while talking to mail2.expedia.com.:
>>> DATA
<<< 550 5.2.1 Mailbox unavailable. Your IP address 209.239.37.102 is blacklisted using SPAMCOP. Details: Blocked - see http://www.spamcop.net/bl.shtml?209.239.37.102.
550 5.1.1 <carrie[at]expedia.com>... User unknown
<<< 503 5.5.2 Need Rcpt command.
But then when I go to the blocklist to verify we are blacklisted, it says we aren't. Whats the deal?
----- The following addresses had permanent fatal errors -----
<carrie[at]expedia.com>
(reason: 550 5.2.1 Mailbox unavailable. Your IP address 209.239.37.102 is blacklisted using SPAMCOP. Details: Blocked - see http://www.spamcop.net/bl.shtml?209.239.37.102.)
----- Transcript of session follows -----
... while talking to mail2.expedia.com.:
>>> DATA
<<< 550 5.2.1 Mailbox unavailable. Your IP address 209.239.37.102 is blacklisted using SPAMCOP. Details: Blocked - see http://www.spamcop.net/bl.shtml?209.239.37.102.
550 5.1.1 <carrie[at]expedia.com>... User unknown
<<< 503 5.5.2 Need Rcpt command.
But then when I go to the blocklist to verify we are blacklisted, it says we aren't. Whats the deal?
It could just be a timing thing.
Parsing input: 209.239.37.102
host 209.239.37.102 = host.callconceptshost.com (cached)
ISP does not wish to receive report regarding 209.239.37.102
ISP does not wish to receive reports regarding 209.239.37.102 - no date available
Routing details for 209.239.37.102
Report routing for 209.239.37.102: abuse[at]alabanza.com
[report history]
Submitted: Sunday, January 30, 2005 12:11:09 PM -0500:
Subject =?iso-8859-5?B?SG9tZSBpbmNlc3Qh?=
Submitted: Saturday, January 29, 2005 7:22:06 AM -0500:
Subject =?iso-8859-5?B?SG9tZSBJTkNFU1Qh?=
Submitted: Friday, January 28, 2005 11:51:37 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Friday, January 28, 2005 1:22:03 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Thursday, January 27, 2005 1:54:20 PM -0500:
Subject =?iso-8859-5?B?Qg==?=
Submitted: Thursday, January 27, 2005 12:51:38 PM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Thursday, January 27, 2005 10:57:46 AM -0500:
Subject =?iso-8859-5?B?Qg==?=
Submitted: Wednesday, January 26, 2005 11:28:28 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Wednesday, January 26, 2005 6:06:56 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Parsing input: 209.239.37.102
host 209.239.37.102 = host.callconceptshost.com (cached)
ISP does not wish to receive report regarding 209.239.37.102
ISP does not wish to receive reports regarding 209.239.37.102 - no date available
Routing details for 209.239.37.102
Report routing for 209.239.37.102: abuse[at]alabanza.com
[report history]
Submitted: Sunday, January 30, 2005 12:11:09 PM -0500:
Subject =?iso-8859-5?B?SG9tZSBpbmNlc3Qh?=
Submitted: Saturday, January 29, 2005 7:22:06 AM -0500:
Subject =?iso-8859-5?B?SG9tZSBJTkNFU1Qh?=
Submitted: Friday, January 28, 2005 11:51:37 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Friday, January 28, 2005 1:22:03 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Thursday, January 27, 2005 1:54:20 PM -0500:
Subject =?iso-8859-5?B?Qg==?=
Submitted: Thursday, January 27, 2005 12:51:38 PM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Thursday, January 27, 2005 10:57:46 AM -0500:
Subject =?iso-8859-5?B?Qg==?=
Submitted: Wednesday, January 26, 2005 11:28:28 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
Submitted: Wednesday, January 26, 2005 6:06:56 AM -0500:
Subject =?iso-8859-5?B?Qm95c05ldzogZ3JhbmQgb3Bl?=
So what does that mean? Why on earth was this domain blacklisted? And I can't find the place on the site where you go about getting it removed...
thanks for the help.
thanks for the help.
From the top .. the SpamCopDNSBL doesn't use "Domain" names.
As noted, the link to the SpamCopDNSBL pages shows that this IP address is not currently listed. Some timing issues could be involved as there are mirros of this database distributed around the world. On the other hand, the system that offered you the rejsected message could also have ben configured wrongly, rejecting for another reason, but pointing to the SpamCop line.
And from another view, http://www.senderbase.org/?searchBy=ipaddr...=209.239.37.102 shows a downward trend on e-mail traffic from this IP. Maybe the problem spew has been handled?
The "Why am I blocked" FAQ entry / Pinned item attempts to explain many things.
As noted, the link to the SpamCopDNSBL pages shows that this IP address is not currently listed. Some timing issues could be involved as there are mirros of this database distributed around the world. On the other hand, the system that offered you the rejsected message could also have ben configured wrongly, rejecting for another reason, but pointing to the SpamCop line.
And from another view, http://www.senderbase.org/?searchBy=ipaddr...=209.239.37.102 shows a downward trend on e-mail traffic from this IP. Maybe the problem spew has been handled?
The "Why am I blocked" FAQ entry / Pinned item attempts to explain many things.
QUOTE(callconc @ Feb 4 2005, 05:05 PM)
So what does that mean? Why on earth was this domain blacklisted? And I can't find the place on the site where you go about getting it removed...
thanks for the help.
thanks for the help.
I means that that server was spewing spam last wednesday through to sunday. That is why it was blacklisted. The spamcop list reacts quickly to blacklist current spews and then automatically de-lists after a few (typically 2-48) hours. That IP is not currently listed, if no more spam comes from it it will remain de-listed. If you control it you should have received abuse reports.
QUOTE
So what does that mean? Why on earth was this domain blacklisted? And I can't find the place on the site where you go about getting it removed...
IIUC, your computer (or one at the same IP address) has a trojan that is sending scam spam. What has happened is that a spammer has gained access to this computer and is sending scam spam through it. The spammer does it in spurts so that when you go to look it up on the blocklist, it is no longer listed on the spamcop blocklist. However, as soon as the spammer rotates back to it, it will be listed again.
There is no way to get your IP address removed from the blocklist because it is automatic. When spam is reported from an IP address, the IP address is listed. When spam is no longer reported (because the spammer stopped using that IP address or the computer was cleaned of the trojan), then the IP is delisted.
For compromised computers, spamcop is an early warning system. If you do not fix this computer, then eventually that IP address will get on other lists that are not automatic and much more difficult to get off.
And 'domains' are not listed - only IP addresses from which email comes. For trojanned computers the email does not leave through the normal method, but through 'ports' that are generally used for something else. (someone explained how to explain this in technical terms the other day, but I have forgotten already. However, since you do not seem to be technically fluent either, maybe my explanation will make more sense to you).
Miss Betsy
So how do I stop this from being hijacked?
Thanks SO much for all of your help!
Tomas
Thanks SO much for all of your help!
Tomas
A few suggestions for further research have already been suggested ... (I'm going to add another here to take a look at the "how to use ..." Forum .. under the section there for using the SpamCop Forum, there's a bit I wrote up about the various buttons used 'here' .... noting that I've edited all of your replies thus far to remove the 'quoted in full' items you've responded to)
Are you running a web-site perhaps, using an e-mail server from that host? (noting that your posting IP doesn't immediately tie to the regerenced problem IP)
02/04/05 12:06:37 IP block 209.239.37.102
Trying 209.239.37.102 at ARIN
Trying 209.239.37 at ARIN
OrgName: Alabanza, Inc.
OrgID: ALAB
Address: 10 East Baltimore St., 10th floor
City: Baltimore
StateProv: MD
PostalCode: 21202
Country: US
This is who would have received any complaints/reports. Assumedly, this is also who you'd want to ask this question of ... But again, you've not defined your connection to the system at the problem IP ....
Are you running a web-site perhaps, using an e-mail server from that host? (noting that your posting IP doesn't immediately tie to the regerenced problem IP)
02/04/05 12:06:37 IP block 209.239.37.102
Trying 209.239.37.102 at ARIN
Trying 209.239.37 at ARIN
OrgName: Alabanza, Inc.
OrgID: ALAB
Address: 10 East Baltimore St., 10th floor
City: Baltimore
StateProv: MD
PostalCode: 21202
Country: US
This is who would have received any complaints/reports. Assumedly, this is also who you'd want to ask this question of ... But again, you've not defined your connection to the system at the problem IP ....
shedding a little more light, hopefully:
The company Tomas works for is "Call & Associates" (http://www.callandassociates.com) aka "callconcepts.com" who leases a dedicated server from Alabanza, Inc. The IP cited earlier is the "host server" IP address that is used for all outgoing SMTP traffic from all of the hosting accounts on that server. This can include stuff allowed by the "popauth" feature on the server...maybe from compromised machines other than the server.
It appears that Call & Associates has one or more hosting clients on that server whose SMTP privileges were allowing the transmission of spam recently, resulting in the blacklisting. The reports were sent to Alabanza Abuse, so as a customer of Alabanza, the Call folks can simply contact Alabanza abuse and work with them regarding the details of the abuse. Or, if you've got a competent server administrator, you should be able to go through your server's logs and figure it out.
DT
(I'm involved with some accounts on machines in the Alabanza farm, and I formerly had a dedicated server there, so I know what I'm talking about)
The company Tomas works for is "Call & Associates" (http://www.callandassociates.com) aka "callconcepts.com" who leases a dedicated server from Alabanza, Inc. The IP cited earlier is the "host server" IP address that is used for all outgoing SMTP traffic from all of the hosting accounts on that server. This can include stuff allowed by the "popauth" feature on the server...maybe from compromised machines other than the server.
It appears that Call & Associates has one or more hosting clients on that server whose SMTP privileges were allowing the transmission of spam recently, resulting in the blacklisting. The reports were sent to Alabanza Abuse, so as a customer of Alabanza, the Call folks can simply contact Alabanza abuse and work with them regarding the details of the abuse. Or, if you've got a competent server administrator, you should be able to go through your server's logs and figure it out.
DT
(I'm involved with some accounts on machines in the Alabanza farm, and I formerly had a dedicated server there, so I know what I'm talking about)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.