I am new to all this, and my understanding of SpamCop is minimal, all I know is that in the last few weeks my mail has been blocked, I don't understand why?

These are the emails I get sent

host proxy-relay1.red.net [195.74.128.13]: 554 Service unavailable; Client host [83.244.130.25] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?83.244.130.25

Can somebody tell me whats happenening??

Have you taken the time to read the information contained in the link you posted here? If so, what part of it do you not understand?
People using your mailserver, or the mailserver itself, is sending bounces to forged email addresses. This is a bad practice today and is why your mailserver ends up on the SpamCopBL.

Yes I have read it thanks, but I don't understand how anybody is using my mailserver, or what I can do to stop it...?

There is a temporary slowdown of the SC system which means I cannot read the reasons provided at http://www.spamcop.net/bl.shtml?83.244.130.25 But this will give you a clue to the cause which, in turn, will suggest a resolution.

Checking other sources of information I can see that the mail server shows a significant increase in Emails in the last 24 hours.

Magnitude Vol Change vs. Average
Last day 5.0 1197%
Last 30 days 4.4 244%
Average 3.9

A 1197% increase in Email passing through the server indicates a compromised mail server currently being used by a spammer.

Since the mail server appears to be operated by an ISP based in London, my guess is that a customer of the ISP has had their machine compromised or the server has been broken into by a spammer. Either way you need to take up the issue with whatever company provides your outgoing Email service.

Having typed all the above, SpamCop is back up to speed and the following information is also available.



Again you probably need to speak to your ISP. But if you are sending automated replies to Emails then you should turn that facility off as well.

Andrew

Are you using autoresponders like "Out of Office" "On Vacation"? If you insist on using these, you must find a way to filter out the spam prior to sending out autoresponses. By sending out auto responses to spam messages you have become a spammer yourself, as most of the addresses you are sending your autoresponses to are forged (that is the ones contained in spam messages)

No I don't use auto reponders...

Do let us know what the ISP/mail server provider says.

Andrew

You do however accept messages and then later bounce then to the envelope sender. This is the cause of your listing.

OK, THANKS, BUT I DON'T QUITE UNDERSTAND WHAT THAT MEANS (SORRY) OR HOW I STOP IT??

No need to shout.

When your server is receiving messages, it is telling the remote server that everything is fine and the message will be delivered. Later, it decides that it can't actually deliver the message and since it is no longer talking to the sending server, it is sending a mail to the address that claims to have sent the mail to inform them of the failure. Since spam accounts for a high percentage of total email volume and 99.999% of spam has a forged sender address, all you end up doing is sending a copy of the spam to an innocent third party.

Read the Spamcop FAQ on misdirected bounces.

Doing some digging, it looks like your ISP accepts your mail for spam filtering purposes. After filtering, they send on clean messages to your server. However, your ISP server doesn't have a list of valid addresses for your domain and when it forwards mail to your server with an address that doesn't exist, then your server sends a bounce message. You can resolve this problem by either stopping sending bounce messages or configuring things so that your ISPs machine knows all of the valid addresses for your domain through something like an LDAP database.

Many thanks for your help

stopping sending bounce message: how?
configuring things so that your ISPs machine knows all of the valid addresses for your domain through something like an LDAP database: how?

Sorry to be a dunce

No problem. From your posts, it seems to me that you are not a technical person. You are probably better either getting your computer guy or somebody from your ISP involved and sending them a link to this thread. They will either be able to solve your problem or ask the correct questions to allow them to solve it. Simply asking "how?" can't get us anywhere as it is highly dependent on the systems involved and how they are currently configured. Sorry I can't give you anything useful.

2 Reports which are not labeled as uube:

Report History:

Display UUBE
--------------------------------------------------------------------------------

Submitted: Tuesday, September 05, 2006 8:18:47 AM -0400:
Mail delivery failed: returning message to sender
1907851917 ( 83.244.130.25 ) To: abuse[at]hastwood.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 4:14:59 PM -0400:
Project Mail !!
1879339291 ( http://www.sedb.com/ ) To: abuse#equinix.com[at]devnull.spamcop.net
1879339278 ( 83.244.130.25 ) To: relays[at]admin.spamcop.net
1879339270 ( 69.36.167.183 ) To: spamcop[at]imaphost.com
1879339261 ( 69.36.167.183 ) To: abuse[at]westhost.com

Ok I'm not particualry technical I admit, but this is a different language
What's an uube?

I just don't understand this, I don't have a 'computer' guy...

ok, I have found out what an uube is — so if they are not uubes — what are they??

Thanks in advance

They are reports from human users who are saying..."THIS IS SPAM"

Somebody received those messages in their inbox and went to the trouble of manually reporting them as spam.


Then you are likely an end user. In that case, you should be complaining to your ISP that you are not getting the service you expect for the money you are paying them. You can direct them to this thread for more information.

Thanks for this, I will speak to my ISP — do you know if I can find out who reported 'my' emails as 'spam'?

As I said previously, it is possible that it isn't your Email that is the problem but the Emails of another customer at your ISP.

Again, do let us know what they say.

Andrew

Coming in way late on this one ... I see what appear to be assumptions based on the first post's statement of "my mail" and the third post's staement of "my server" that the user was an admin of the server ... yet, all the follow-on remarks certainly indicate that running an e-mail server is something not done by the poster.

http://www.spamcop.net/w3m?action=blcheck&...p=83.244.130.25
If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 4 hours.
spamtrap hits are the only listed cause ...

as posted above, a link from that page leads one to http://www.senderbase.org/?searchBy=ipaddr...g=83.244.130.25
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day ........ 4.9 .. 1095%
Last 30 days .. 4.4 ... 245%
Average ........ 3.9

heardly down a tick from the previous posting of this data ...

but this amount of traffic ( SenderBase's "Magnitude" Explained suggesting 130,000+ e-mails a day) kind of sugeest that this probably isn't a "home compter" situation either ....

So as hinted, stated, explained a number of times in the preceding replies here ... the likelyhood of this SpamCopDNSBL listing being solely stefi's e-mail alone is rather remote. Someone at .. hmmmm ...
crystal ball is cloudy here ....

09/05/06 12:19:42 Slow traceroute 83.244.130.25
Trace 83.244.130.25 ...
4.68.101.65 RTT: 39ms TTL: 0 (ae-1-53.bbr1.Chicago1.Level3.net ok)
212.187.128.58 RTT: 105ms TTL: 0 (ae-1-0.bbr1.London1.Level3.net ok)
4.68.116.105 RTT: 114ms TTL: 0 (ge-11-1.ipcolo1.London1.Level3.net ok)
212.113.5.67 RTT: 108ms TTL: 0 (No rDNS)
83.244.134.86 RTT: 108ms TTL: 0 (transit-i-gw2.hastwood.com bogus rDNS: host not found [authoritative])
* * * failed
* * * failed

inetnum: 83.244.130.0 - 83.244.130.255
netname: UK-EENET-HASTINGS
descr: Assigned to Advantage Interactive
descr: http://www.advantage-interactive.net
descr: Advantage Interactive Ltd
descr: 10-16 Tiller Road
descr: London
descr: E14 8PX
remarks: ******************************************************************
remarks: * All reports regarding these networks should be sent to:- *
remarks: * abuse[at]ai270.net only, If you report abuse to any other address *
remarks: * you will get no response.
country: GB
admin-c: EEUK1-RIPE
tech-c: EEUK1-RIPE
status: ASSIGNED PA
mnt-by: EXPONENTIAL-E-MNT

role: Exponential-e Ltd
address: Exponential-e Ltd
address: Frazer House
address: 32/38 Leman Street
address: London E1 8EW
address: England
phone: +44 (0)20 7173 6100

However, is has to be noted that stefi is posting here from an IP address located within the block;
inetnum: 84.92.128.0 - 84.92.191.255
netname: PLUSNET-DIAL-ADSL
descr: Dial-up and ADSL pool
descr: PlusNet Technologies Ltd
country: GB
admin-c: PLUS1-RIPE
tech-c: PNET2-RIPE
status: ASSIGNED PA
mnt-by: MAINT-AS6871
source: RIPE # Filtered

role: Plusnet Hostmaster
address: PlusNet Technologies Ltd
address: Technology Building
address: Terry Street
address: Sheffield
address: S9 2BU
address: UK
phone: +44 114 2200084
remarks: trouble: abuse[at]plus.net

I'm not familiar with the linkage between these entities ....

Bottom line, I don't see that stefi has any "direct" control over the e-mail server in question.

I'm even more confused...

The reason you can't get to the address is that it appears to be an outbound server only. I tried a TCP trace to it on port 25 and got knocked back too. It reverses to out-mta2.ai270.net.

The ai270.net domain has only one registered MX at mail-scan.hostingweb.co.uk, which is why I was suggesting that it's a problem where the inbound server doesn't know what the valid accounts are on the destination server which end up doing the delayed bounces.

This is what I meant by "doing some digging" in one of my previous posts. At the time, I didn't think the information would be useful, but now there are more techies around, it is probably worth mentioning how things look to be set up.

Stefi, please talk to your ISP. This is not an issue you will be able to resolve on your own.

Then please feel free to report back what they say.

Andrew

Quoting massive things like that previous post and adding only a one-liner like this isn't good practice. You may have noticed a number of previous posts were edited a bit, things like this "fixed" ....

That you don't understand is what I was trying to say, in that the issue isn't something you have control over, nothing "you" can fix. Where I ran into issues is trying to sort out just who you need to contact. You stated you were going to contact your ISP, but ....???? You are connecting to the Internet through one ISP, but the e-mail server in question is owned/managed by a different ISP .. and those ownership details weren't very clear. If you could shed some light on why/how you are using wo ISPs to handle your outgoing e-mail, that'd help, realizing of course that this may also be a business arrangement between these two ISPs, which you may or may not know anything about ....

The "my server" thing might be addressed via the hosting of a web-site .. perhaps this is the "source of the e-mail in question" ...????

whois -h whois.nic.uk stefiorazi.co.uk ...
Domain name:
stefiorazi.co.uk

09/05/06 16:01:05 Slow traceroute stefiorazi.co.uk
Trace stefiorazi.co.uk failed, no such host

09/05/06 16:01:24 Slow traceroute www.stefiorazi.co.uk
Trace www.stefiorazi.co.uk (83.244.130.78) ...
4.68.116.105 RTT: 113ms TTL: 0 (ge-11-1.ipcolo1.London1.Level3.net ok)
212.113.5.67 RTT: 110ms TTL: 0 (No rDNS)
83.244.134.86 RTT: 120ms TTL: 0 (transit-i-gw2.hastwood.com bogus rDNS: host not found [authoritative])
83.244.130.78 RTT: 120ms TTL: 49 (www.stefiorazi.co.uk ok)

ns0.telivo.com reports the following MX records:

Preference Host Name IP Address
10 mail-scan.telivo.com 83.244.130.70

A bit more data or confusion, yet back to just "which" e-mail source still seems to be an issue for just "who" to contact ....

I am using an ISP to connect to the internet — wireless network. As I am a freelance designer it means I often have to hook up to various networks, and therefore I don't use the ISP I am connected to for my outgoing mail. My domain name is managed by Telivo, and I use that as my outgoing mail server. Hope this makes sense.

I have spoken to Telivo, who said that emails coming from their server are often seen as Spam. They said I should use my ISP as outgoing server, but this isn't always possible as I often 'hotdesk' in various companies...

I think you know the anwer to this one, given their answer. If they can't get a grip on their servers and stop the spammers using them, then they can't offer you the service you are paying for. Vote with your wallet.

Edit: telivo.com resolves to

195.82.107.237
host 195.82.107.237 = smtp.telivo.com (cached)
host 195.82.107.237 = smtp.telivo.com (cached)
[report history]
Routing details for 195.82.107.237
[refresh/show] Cached whois for 195.82.107.237 : abuse[at]mailbox.net.uk
Using abuse net on abuse[at]mailbox.net.uk
abuse net mailbox.net.uk = abuse[at]mailbox.net.uk
Using best contacts abuse[at]mailbox.net.uk
Statistics:
195.82.107.237 not listed in bl.spamcop.net
More Information..
195.82.107.237 not listed in dnsbl.njabl.org
195.82.107.237 not listed in dnsbl.njabl.org
195.82.107.237 not listed in cbl.abuseat.org
195.82.107.237 not listed in dnsbl.sorbs.net
195.82.107.237 not listed in relays.ordb.org.

Reporting addresses:
abuse[at]mailbox.net.uk

Report history shows dozens of unwanted, unsolicited bounce email

Refer telivo here to see why post-facto bounces are unacceptable in the 21st century.

Thanks for your help. I have moved my domain to another host. Hope that does it!

As a matter of interest and research, would you like to tell who you moved to so we can check their track-record?

Claranet

...Hmm, results not all good. I did the following Google search: http://groups.google.com/groups?scoring=d&...t+group:*abuse* and got several hits, including (going back to 25 August, 2006)

• Top 100 Sites identified by Ultra/Spam Hippo Despam Sep 06, 06 (ClaraNet listed as # 35)
• several others from Hippo for different dates
• [email] re:Hi
• (80.168.175.245) Your Order Receipt (#16476734)

...Can't say whether this constitutes enough to qualify ClaraNet as bad but you should be aware that they seem to have some problems controlling spew.

Going by the listings for the Claranet UK Mail Platform this seems a capable organisation: http://www.senderbase.org/search?searchBy=...Mail%20Platform

One or two assorted DNSBL listings in there but, given the volume, I've certainly seen a lot worse.

claranet good, plusnet better IMNSHO

Shown in some searches as the network owner for the big plus.com domain, examples of which cf http://www.senderbase.org/search?searchBy=...g=84.92.142.134 et al. and whom I am sure have carried users who have spammed me in the past (but that's hardly an exclusive club). Presumably you have had some good experiences with these people Derek?

Been with them for 10 years or more, very proactive, above all by UK standards cheap. Great customer service, their SMTP servers have never in 10 years been refused by anyone I've emailed.

250Mb web-space with full access to SQL, scripts etc.

From what you posted it seems they could be a lot more proactive with trojanned customers though! IFAIK none of that ASDL pool should be mailing at all - though it is possible that some customers are running their own mailservers.

So, stefi, I guess we're a tough bunch to impress, provider-wise. Notwithstanding mixed reviews there seems a fair chance you will be well pleased with Claranet, if not, Derek who knows whereof he speaks reckons plusnet. At least if *that* didn't work out you could heigh off to Kneightley of wherever he's at and demonstrate your mastery of eki-thump upon his sorry sconce.

That's Ecky-Thump for anybody who has never heard of The Goodies and is having trouble with Google.