- I run windows xp, AVG email scanner and Thunderbird email client.
- I've scanned the computer with an on-line tool. Got several cookies, no virus (apparently)

This is the message I got:


This is the AVG E-mail Scanner program.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

-------------------------------------------------------------------
lindyhomer[at]yahoo.com: Blocked - see http://www.spamcop.net/bl.shtml?84.76.47.117
-------------------------------------------------------------------

Your e-mail message is being returned to you in the next part of this
message. Try to send the message again.

Should you need assistance, please contact your administrator or your
Internet service provider.


Thank you very much for your help
t

Did you read the message at the URL you posted?

That offers some explanations - notably that the listing should end soon.

As a paying member I can see the following spam item as an example from the most recent submissions:

Submitted: 20 September 2006 13:50:29 +0100:
Hot'n'new Enhanced male power and unlimited prowess with your girl The best p...

* 1929995524 ( 84.76.47.117 ) To: abuse[at]ya.com
* 1929995523 ( 84.76.47.117 ) To: postmaster#ya.com[at]devnull.spamcop.net

Sure looks like spam to me.

My guess is that you are sending your Email through your ISP. In which case you should raise the problem with them. The person you sent an Email to has blocked incoming Emails based upon this information (or their ISP has if they are an individual). abuse[at]ya.com has been told about the problem. Is ya.com your ISP?

Andrew

Andrew,

I may look quite stupid here, because I read the link and also the FAQ.

So now I know I'm sending spam unintentionally (how and who?), I'd like to know how to stop it... for me and for my victims. I tried to contact my ISP but is holyday today.

ya.com is my ISP for connection, but the mail server is from another ISP.

Now I'm trying to find out if the problem is related to the huge amount of spam trackback I got daily because of my blog. I just don't know.

Thank you very much for confirming I'm spamming (somehow)

toni

Toni,

That's not what I said. Sorry if that's how it came over... The mail server for ya.com is distributing spam but it may not be from you. It could any of ya.com's customers. Because you share their mail server you are being blocked by the person or ISP you are writing to.

Andrew

It is not necessarily that YOU are spamming. If 84.76.47.117 is the IP address of your ISPs outgoing mailserver, then it may be that other users of the same server are spamming. Spamcop lists by IP address, as that is the smallest aggregate that can be reliably identified and blocked.

If 84.76.47.117 is your IP address at your home, then it may be that it is dynamic, and someone else had it recently and used it to spam.

If 84.76.47.117 is statically assigned to you, or is dynamic and has been assigned to you for a substantial length of time as may be the case on cable or dsl connections, then yes, it would appear that you are sending spam.

AVG is not generally considered a first tier anti-virus program. You might want to try running McAfee or Norton as they have a tendancy to pick up some things that other AV programs miss. Do you have just a single computer connected to the internet? Do you use any kind of firewall appliance between it and your cable/dsl modem?

some issues involved here. tonitt needs to ecplain exactly how he/she believes he/she is sending e-mail. What I am seeing is that the offered link (which takes on to http://www.spamcop.net/w3m?action=blcheck&...ip=84.76.47.117 happens to match the posting IP address .... as it is ready to age off, the data existing there now is;
84.76.47.117 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in a short time.

Causes of listing
SpamCop users have reported system as a source of spam less than 10 times in the past week
Additional potential problems

DNS error: 84.76.47.117 has no reverse dns

Listing History
System has been listed for less than 24 hours.
Other hosts in this "neighborhood" with spam reports
84.76.46.131 84.76.46.173 84.76.46.182 84.76.46.190 84.76.46.191 84.76.46.230 84.76.46.249 84.76.47.83 84.76.47.84 84.76.47.114 84.76.47.118 84.76.47.126 84.76.47.141 84.76.47.145 84.76.47.153 84.76.47.182 84.76.47.184 84.76.47.189 84.76.47.196 84.76.47.212 84.76.47.221 84.76.47.234 84.76.47.246

http://www.senderbase.org/?searchBy=ipaddr...ng=84.76.47.117
Volume Statistics for this IP
Magnitude Vol Change vs. Average
Last day ......... 4.1 .. 18958%
Last 30 days ... 2.3 ..... 246%
Average ......... 1.8

Date of first message seen from this address 2006-09-20 (wondering how the above statistics were derived?)

Real-time blacklists
bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=84.76.47.117
cbl.abuseat.org http://cbl.abuseat.org/lookup.cgi?ip=84.76.47.117

Wondering how it's headed for delisteing, other than making the assumption that the flood of new traffic has the ratio of reported spew buried ....

telnet 84.76.47.117 25 got me a "no connection"

09/22/06 10:00:48 Slow traceroute 84.76.47.117
Trace 84.76.47.117 ...
212.187.128.233 RTT: 158ms TTL:192 (so-3-0-0.mp1.Madrid1.Level3.net ok)
4.68.115.230 RTT: 154ms TTL:192 (ge-1-1.car1.Madrid1.Level3.net ok)
213.242.71.54 RTT: 144ms TTL:192 (No rDNS)
84.76.4.147 RTT: 148ms TTL:192 (No rDNS)
* * * failed
* * * failed

I'd say that there's more to the story ....

...Might that not be an indication that Toni's ISP is doing what we here fault (incorrectly, as of now, according to DT) Yahoo for not doing, that is to use the IP address of the actual originator of the spam rather than the provider's outgoing server?

Toni,
...More information (although I can't vouch for its accuracy) at http://cbl.abuseat.org/lookup.cgi?ip=84.76...;.submit=Lookup.

That's possible, but we'd really need to see the headers of a message that he sent to draw any conclusion about that.

@tonitt: If you can send yourself a message to a yahoo or hotmail account, and post the headers here, that would tell us a lot about the path the message is taking, and might answer some of these questions.

To be clear, my statements don't involve all of Yahoo mail, but rather only the messages sent *through* the Yahoo!Groups servers by subscribers to those groups. However, that topic isn't particularly relevant here, except that it does appear that something odd is happening with the attribution of the source of at least some of Toni's emails.

DT

Hi,
finally I talked to someone at Ya.com, but he didn't seem to understand what I was saying. He said that, since my Ip is dynamicaly assigned, maybe it wasn't me who sent the spam. I told him that I had that IP for months (he said that was really weird). He "reset" something and told me to connect again, so I've got a new Ip and the problem was over.

I scanned my computer with the Panda online scanner, which was recommended to me.


This is the full header of the very first message I had that warning. I don't know if it helps. I my "sent" folders there are no spam messages...


AVG E-mail Scanner program.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

-------------------------------------------------------------------
xxxxxx[at]gmail.com: Blocked - see http://www.spamcop.net/bl.shtml?84.76.47.117
-------------------------------------------------------------------

Your e-mail message is being returned to you in the next part of this
message. Try to send the message again.

Should you need assistance, please contact your administrator or your
Internet service provider.



Subject:
Re: cartelico
From:
Tonix <xxxx[at]xxanspop.com>
Date:
Fri, 22 Sep 2006 02:18:30 +0200
To:
xxxxxxx <xxxxxxx[at]gmail.com>
Received:
from 127.0.0.1 (AVG SMTP 7.0.405 [268.12.4/449]); Fri, 22 Sep 2006 02:18:30 +0200
Message-ID:
<45132BD6.2040809[at]xxanspop.com>
User-Agent:
Mozilla Thunderbird 1.0.2 (Windows/20050317)
X-Accept-Language:
en-us, en
References:
<4cde7aa70609201428n29a3745av393ed7a16263a2e6[at]mail.gmail.com>
In-Reply-To:
<4cde7aa70609201428n29a3745av393ed7a16263a2e6[at]mail.gmail.com>
MIME-Version:
1.0
Content-Transfer-Encoding:
8bit
Content-Type:
text/plain; charset=ISO-8859-1; format=flowed

<Here was the body of the message>


Thanks again

Like Steve said earlier 84.76.47.117 is still listed in the CBL see http://cbl.abuseat.org/lookup.cgi?ip=84.76.47.117

Most IP's that get listed in there are from trojaned machines.

...Well, maybe. If you have some kind of bad program running on your PC, you may find that your new IP address is on the blacklist. Please come back in about a month or so and let us know if everything is still okay. Thanks!

...And also free Yahoo!Mail accounts, as you showed in one of your posts on September 23 in thread "My ISP isn't using reverse DNS for its DSL servers".