SF's mail servers seem to keep getting listed (second time now in two weeks). Are they actually generating legit spam or is someone misreporting this?

I guess I can add their servers myself to my mail server's exclusion list.

Hard to say with no data provided. Do you have a bounce message, or perhaps an IP address that we could use to look them up?

Unfortunately, no bounce message. Only knew something was wrong because I hadn't gotten any SF.net mail in a long time. Finally they came pouring through and one of the admins on the list mentioned that SF had been listed on SpamCop.

Here's one of the IP's that appears to be the final SF SMTP server in the link... probably there are more: 66.35.250.225



And here are a couple entries from my server's mail logs:

You might want to take this up with SourceForge as that server is being used to spam many people:

Looks like regular list stuff and spam......

--------------------------------------------------------------------------------

Submitted: Thursday, March 30, 2006 5:43:57 AM -0500:
Padict-developer digest, Vol 1 #421 - 6 msgs
1704534916 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, March 27, 2006 4:22:26 AM -0500:
[Proftpd-mirrors] Borland Delphi 2005 Architect Edition
1701638643 ( http://mahaboned.com/?gmc ) To: i-shikhov#list.ru[at]devnull.spamcop.net
1701638635 ( http://mahaboned.com/?gmc ) To: info[at]in-telecom.ru
1701638632 ( http://mahaboned.com/?gmc ) To: postmaster#in-telecom.ru[at]devnull.spamcop.net
1701638623 ( http://mahaboned.com/?gmc ) To: abuse[at]relcom.net
1701638612 ( 69.55.65.181 ) To: spamcop[at]imaphost.com
1701638600 ( 69.55.65.181 ) To: abuse[at]netsville.com
1701638594 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Saturday, March 25, 2006 1:35:37 PM -0500:
[Lesstif-discuss] =?GB2312?B?0OO/zcqxydDG3M+izfjUvMT6ubLP7cqxydDc9t3N?=
1700222999 ( http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110... ) To: abuse[at]internap.com
1700222997 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net
1700222991 ( 60.177.2.241 ) To: spamcop[at]imaphost.com
1700222987 ( http://www.annshow.com ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net
1700222986 ( 60.177.2.241 ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net
1700222983 ( http://www.annshow.com ) To: master[at]dcb.hz.zj.cn
1700222981 ( 60.177.2.241 ) To: master[at]dcb.hz.zj.cn
1700222978 ( http://www.annshow.com ) To: antispam[at]dcb.hz.zj.cn
1700222977 ( 60.177.2.241 ) To: antispam[at]dcb.hz.zj.cn
1700222975 ( http://www.annshow.com ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net
1700222974 ( 60.177.2.241 ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net
1700222972 ( http://www.annshow.com ) To: anti_spam[at]mail.nbptt.zj.cn
1700222971 ( 60.177.2.241 ) To: anti_spam[at]mail.nbptt.zj.cn

--------------------------------------------------------------------------------

Submitted: Saturday, March 25, 2006 1:35:33 PM -0500:
[Lesstif-discuss] =?GB2312?B?0OO/zcqxydDG3M+izfjUvMT6ubLP7cqxydDc9t3N?=
1700222861 ( http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110... ) To: abuse[at]internap.com
1700222860 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net
1700222859 ( 60.177.2.241 ) To: spamcop[at]imaphost.com
1700222858 ( http://www.annshow.com ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net
1700222857 ( 60.177.2.241 ) To: postmaster#hz.zj.cn[at]devnull.spamcop.net
1700222856 ( http://www.annshow.com ) To: master[at]dcb.hz.zj.cn
1700222855 ( 60.177.2.241 ) To: master[at]dcb.hz.zj.cn
1700222854 ( http://www.annshow.com ) To: antispam[at]dcb.hz.zj.cn
1700222853 ( 60.177.2.241 ) To: antispam[at]dcb.hz.zj.cn
1700222852 ( http://www.annshow.com ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net
1700222851 ( 60.177.2.241 ) To: postmaster#dcb.hz.zj.cn[at]devnull.spamcop.net
1700222845 ( http://www.annshow.com ) To: anti_spam[at]mail.nbptt.zj.cn
1700222844 ( 60.177.2.241 ) To: anti_spam[at]mail.nbptt.zj.cn

--------------------------------------------------------------------------------

Submitted: Saturday, March 25, 2006 1:25:09 PM -0500:
[Lesstif-discuss] Intending Partner
1700220509 ( 84.76.172.150 ) To: spamcop[at]imaphost.com
1700220508 ( 84.76.172.150 ) To: abuse[at]ya.com
1700220507 ( 84.76.172.150 ) To: postmaster#ya.com[at]devnull.spamcop.net
1700220506 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

Submitted: Wednesday, March 22, 2006 5:50:49 AM -0500:
Padict-developer digest, Vol 1 #414 - 9 msgs
1696919883 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Tuesday, March 21, 2006 1:11:19 PM -0500:
**SPAM** ***HTML***[MiKTeX] Fw: hey
1696270215 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net
1696270214 ( 195.97.101.154 ) To: spamcop[at]imaphost.com
1696270212 ( 195.97.101.154 ) To: postmaster[at]hol.gr
1696270211 ( 195.97.101.154 ) To: abuse[at]hol.gr
1696270208 ( 12.152.184.25 ) To: abuse[at]att.net

--------------------------------------------------------------------------------

Submitted: Sunday, March 19, 2006 3:01:04 PM -0500:
Padict-developer digest, Vol 1 #410 - 2 msgs
1694501819 ( 66.35.250.225 ) To: abuse#savvis.net[at]devnull.spamcop.net

Posted a request to their support site (here if anyone is interested).

Also, this link may be of interest to those of you who use SF mailing lists.

I think its a safe bet that you won't get an exception for a Savvis IP address considering they don't accept spamcop reports at all.

It looks like sourceforge needs to figure out why they aren't receiving spamcop reports, and if they are, they need to be acting on them.

For users that they can prove subscribed to their mailing list, they can report them back to spamcop for sending false spam reports. I don't know whether they use a confirmed opt-in system or not, but that would be the only way they could prove that a user really subscribed their own email address.

Once their sure their subscription process is relatively bullet-proof, they need to make sure that they respond quickly to abuse reports that spamcop users submit.

If they have a good abuse report handling system, they shouldn't have any trouble avoiding future listings.

They should also make sure that their mail list software adds the submitting users IP address as a Received From: header so that spamcop can trace beyond the SourceForge mail server.

List members shouldn't be using SpamCop to report spam sent to the lists that they read.

However, there are also spamtrap hits in that listing so it not completely bogus:

66.35.250.225 listed in bl.spamcop.net (127.0.0.2)


If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours.

Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
SpamCop users have reported system as a source of spam less than 10 times in the past week

The crux of the problem though is that SF does not respond quickly to SpamCop complaints?

I notice that the contact addresses for this IP appear to all end up going to savvis instead of SourceForge. Maybe SourceForge isn't even being notified?

Without an IP to work with?
If a mail server is getting added to SCBL it mainly means they are not configured correctly SpamCop will on a properly configured mail sever only block the personal computer sending the spam.

Improperly configured is where a mail server bounces to Spamtrap addresses and or does not stamp the originating IP address

12.152.184.25 goes to abuse[at]att.net? the others
66.35.250.225 66.35.250.206 66.35.250.223
do not have a working abuse address.
It would help if they had a abuse address
They are also being added to other blocklists

The crux seems to be that they are not responding at all because they (or their upstream) are refusing SpamCop reports.

It would also appear that spam is being sent to and therefore through the lists and that the original sending IP is not being identified in the headers. Therefore the SpamCop algorithm stops at the last reliable link in the chain which is the listserver and identifies that as the source.

See the very long otherthread about Gmail which has the same problem.

The SpamTrap hits are a worry though as, according to the page you pointed us to, SourceForge does use confirmed opt-in. Maybe you could suggest they contact deputies[at]spamcop.net and find out what is hitting the traps.

As regards the large volume of system traffic that is being reported, there's little they can do to 'report the reporter' to SpamCop if they refuse the reports in the first place (if that makes sense )