hipshot49
Mar 26 2004, 08:48 AM
I was forced to disable the Korea Net blacklist from my account, as it suddenly and for no apparent reason, began blacklisting mailings from State of Alaska sites of which I am a member of their mailing lists.
I am having a hard time understanding why any official state government email would end up on anyone's blacklist.
Merlyn
Mar 26 2004, 09:16 AM
Why would The State of Alaska be using Korean IP's?
An example header would be nice to see.
Your questions are way to general to answer.
What List?
Where does the listserver reside (IP Address)?
Does it use a confirmed opt-in?
Does it have a history of spam?
Is it sharing a spammy server?
Just way too many variables to answer without anything to go on.
Miss Betsy
Mar 26 2004, 12:18 PM
Far be it from me to suggest that government employees could make a mistake, but one guess could be that their servers are compromised.
Miss Betsy
Keithj
Mar 26 2004, 07:03 PM
The short version: Spamcop seems to think Bigfoot is a Korean spammer.
The long version:
It may or may not be relevant to this issue, but I just "reactivated" a long-dormant e-mail address that I have at bigfoot.com. A couple of years ago that address was being spammed badly, so I turned it off. I've now turned it back on and set it to forward to my Spamcop.net address.
I had plans about what I might do with it if it's no longer being spammed to death - but as it turns out, all mail from it gets blacklisted by Spamcop with the message "Blocked korea.services.net"
Maybe bigfoot is in Korea (I always thought it was US-based), but otherwise, is there a symptom somewhere in there to explain the problem above?
I'm not concerned about the Bigfoot address - that can go. But if the diagnosis can help someone else, that's great.
Wazoo
Mar 26 2004, 09:29 PM
Actually, the WHOIS at the moment says:
Organization:
Bigfoot Communications Ltd.
Bigfoot Communications Limited
F. Ramos Street
Cebu City, PH 6000
PH
Phone: 63 32 4118811
hipshot49
Mar 27 2004, 03:58 AM
In reply to Merlyn.
The State of Alaska IS NOT using Korean IP's. They, like pretty much every government entity, have their own system. Email addresses are in the form of whoever[at]whateverdepartment.state.ak.us.
korea.services.net is one of the available DNS blacklists one can select for SpamCop email accounts.
I originally selected the korea.services.net DNS blacklist because of the high volume of junk emails originating from Korean IP's. My question was why would their DNS blacklist be flagging mail originating from Alaska State servers? Because the list continued to flag such emails, I was forced deselect it and thus, once again am observing a higher volume of junk emails originating from Korean servers.
As an aside, the cn.rbl.cluecentral.net China DNS blacklist must be completely useless, as probably 90% of the junk I receive and report originates from that country.
Wazoo
Mar 27 2004, 05:18 AM
hipshot49, you started this Topic off with complaint about the use of a "country-based" dnsBL. Then you ask question based on a domain-name "location" ... You been asked to provide some additional data (to help us help you) ... but it doesn't seem to have happened.
QUOTE
The State of Alaska IS NOT using Korean IP's. They, like pretty much every government entity, have their own system. Email addresses are in the form of whoever[at]whateverdepartment.state.ak.us.
E-mail addresses don't help here, especially if you're going to make them up. That they run their own systems doesn't answer any questions, as there is still the question as to where they get their upstream service. As you're the one seeing the newsletter that started all this off, how about getting around to including some header data that includes the source IP address?
hipshot49
Mar 27 2004, 07:29 AM
Enough information? Or would you like their shoe size?
OrgName: State of Alaska
OrgID: STATEO-18
Address: Department of Administration
Address: Network Services
Address: 333 Willoughby Street 5th Fl
City: Juneau
StateProv: AK
PostalCode: 99811
Country: US
NetRange: 146.63.0.0 - 146.63.255.255
CIDR: 146.63.0.0/16
NetName: NETALASKA
NetHandle: NET-146-63-0-0-1
Parent: NET-146-0-0-0-0
NetType: Direct Assignment
NameServer: ESPRESSO.STATE.AK.US
NameServer: DOGWOOD.STATE.AK.US
Comment:
RegDate: 1991-01-21
Updated: 2002-04-15
TechHandle: LT307-ARIN
TechName: Talley, Larry
TechPhone: +1-907-465-2220
TechEmail: hostmaster[at]state.ak.us
# ARIN WHOIS database, last updated 2004-03-26 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
Wazoo
Mar 27 2004, 07:54 AM
Not really enough, and especially not specific enough. Waht has now been asked for twice .. the specific IP address that allegedly sources the stuff you say is blocked. Bluntly, there's nothing in the WHOIS data you provided that says the first thing about your mailing list item.
checked a couple of known KoreaBL's and don't see this IP range listed.
http://www.blackholes.us/zones/country/korea.txt141.223.0.0-141.223.255.255 141.223.0.0/16 kr
143.248.0.0-143.248.255.255 143.248.0.0/16 kr
147.6.0.0-147.6.255.255 147.6.0.0/16 kr
147.43.0.0-147.43.255.255 147.43.0.0/16 kr
147.46.0.0-147.47.255.255 147.46.0.0/15 kr
http://korea.services.net/146.63.25.25 is not in korea.services.net
http://www.moensted.dk/spam/?addr=146.63.25.25&Submit=Submit[<<|<] 146.63.25.25 [>|>>] was found in 2 lists (of 258 tested)
note: You are ALWAYS listet on three or more lists. This do not indicate that you are a SPAMmer, or that anyone is actualy using the list to block mail from you!
But again, you're forcing "us" to guess at stuff that only you've got the specific data for. So for the third time, how about some specific data from the headers of the problem mailing?
Miss Betsy
Mar 27 2004, 08:26 AM
Maybe you should explain to hipshot49 how to get headers? And ask Keith for headers also?
And maybe there is a bug somewhere that is using Korea as the scapegoat for the reason for blocking?
Miss Betsy
Merlyn
Mar 27 2004, 11:04 AM
I believe know what has happened but like explained already there is not enough info.
The States website and mail servers are USA IP's.
I believe you have signed up for some info, newsletters (whatever) from Alaskan Info sites. But some of these sites run mail servers in third world countries. Why? Probably because they are spammers or do not run clean lists. We could find this out if we know the IP's of the mail being blocked. I think the state site is actually not part of any of this.
If someone is blocked by the Korean blocklist it is because their servers are run out of Korean IP space.
IMHO Korea deservers to be blocked.
Jeff G.
Mar 27 2004, 12:41 PM
ALL of bigfoot.com's mailservers are in Korean netspace:
QUOTE
bigfoot.com MX (Mail Exchanger) Priority: 10 mail-kr.bigfoot.com
bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr5.bigfoot.com
bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr4.bigfoot.com
bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr3.bigfoot.com
bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr2.bigfoot.com
bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr1.bigfoot.com
bigfoot.com MX (Mail Exchanger) Priority: 40 mail2.bigfoot.com
mail-kr.bigfoot.com A (Address) 211.115.216.222
mail-kr.bigfoot.com A (Address) 211.115.216.226
mail-kr.bigfoot.com A (Address) 211.115.216.228
mail-kr.bigfoot.com A (Address) 211.115.216.225
mail-kr.bigfoot.com A (Address) 211.115.216.252
mail-kr5.bigfoot.com A (Address) 211.115.216.252
mail-kr4.bigfoot.com A (Address) 211.115.216.228
mail-kr3.bigfoot.com A (Address) 211.115.216.226
mail-kr2.bigfoot.com A (Address) 211.115.216.225
mail-kr1.bigfoot.com A (Address) 211.115.216.222
mail2.bigfoot.com A (Address) 211.115.216.222
mail2.bigfoot.com A (Address) 211.115.216.225
mail2.bigfoot.com A (Address) 211.115.216.226
mail2.bigfoot.com A (Address) 211.115.216.252
mail2.bigfoot.com A (Address) 211.115.216.228
QUOTE
03/27/04 12:33:25 whois 211.115.216.222[at]whois.nic.or.kr
whois -h whois.nic.or.kr 211.115.216.222 ...
Çѱ¹ÀÎÅͳÝÁ¤º¸¼¾ÅÍ¿¡¼ Á¦°øÇÏ´Â µµ¸ÞÀÎÀ̸§ µî·ÏÁ¤º¸ Á¶È¸(WHOIS) ¼ºñ½º ÀÔ´Ï´Ù.
query: 211.115.216.222
# ENGLISH
KRNIC is not ISP but National Internet Registry similar with APNIC.
Please see the following end-user contacts for IP address information.
IP Address : 211.115.216.0-211.115.216.255
Network Name : GNG-IDC-IHEART
Connect ISP Name : ENTERPRISENET
Connect Date : 20031007
Registration Date : 20031010
[ Organization Information ]
Orgnization ID : ORG215444
Org Name : IHEART
State : SEOUL
Address : 5F Hongeun 824-22 Yeoksam-Dong Kangnam-Gu
Zip Code : 135-080
[ Admin Contact Information]
Name : Jinsung Yoon
Org Name : IHEART
State : SEOUL
Address : 5F Hongeun 824-22 Yeoksam-Dong Kangnam-Gu
Zip Code : 135-080
Phone : +82-2-2105-6205
Fax : +82-2-2105-6208
E-Mail : support[at]i-heart.co.kr
[ Technical Contact Information ]
Name : Jinsung Yoon
Org Name : IHEART
State : SEOUL
Address : 5F Hongeun 824-22 Yeoksam-Dong Kangnam-Gu
Zip Code : 135-080
Phone : +82-2-2105-6205
Fax : +82-2-2105-6208
E-Mail : support[at]i-heart.co.kr
--------------------------------------------------------------------------------
If the above contacts are not rechable, please see the following ISP contacts
for relevant information or network abuse complaints.
[ ISP IP Admin Contact Information ]
Name : Hyo-Sun, Chang
Phone : +82-2-2105-6082
Fax : +82-2-2105-6100
E-Mail : ip[at]epnetworks.co.kr
[ ISP IP Tech Contact Information ]
Name : IP
Phone : +82-2-2105-6016
Fax : +82-2-2105-6100
E-Mail : ip[at]epnetworks.co.kr
[ ISP Network Abuse Contact Information ]
Name : Postmaster
Phone : +82-2-2105-6016
Fax : +82-2-2105-6100
E-Mail : abuse[at]epnetworks.co.kr
# KOREAN
[snipped]
As I have mentioned before:
QUOTE
I am using all the blacklists except South Korea (korea.services.net, only because I can't whitelist bigfoot.com's mailservers in that country).
Wazoo
Mar 28 2004, 11:07 AM
That's the answer to Keithj's issue, but "we're" still looking for data from hipshot49 on the source data on the specific mailing list items.
Merlyn
Mar 28 2004, 07:25 PM
QUOTE(Wazoo @ Mar 28 2004, 11:07 AM)
That's the answer to Keithj's issue, but "we're" still looking for data from hipshot49 on the source data on the specific mailing list items.
I agree!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.