business email has been blocked

[basement]

some time ago, I was agressively fighting spam via my spamcop acoc**t. One day I started to get a lot of undeliverable emails and discovered that a spammer had started using my email address to send spam. I discontinued that email address (kev[at]) and started using another within our company's domain. Today I find that my domain has been blocked, so I can't send emails to one of our biggest clients and one of our biggest suppliers - this is not acceptable. I am no spammer and need to email these people...it doesn't look good for me to have to tell a client we've been blocked by spamcop! We still get 20-30 or so undeliverable emails every day that come from who knows where (in response to emails we did not send) that I have to manually delete from our mailserver. I don't know how to stop this, but cannot change our domain as it is our business name. There is no way it comes from here as only myself and my wife have access.

How can I clear my domain from your blacklist???????

[turetzsr]

Hi, basement!

...Please start by having a look at the following:

• SpamCop - Help for spam report recipients
  
• Pinned: FAQ Entry: Why is my email blocked?
  
• Who appointed you the "cop" of the internet? Where do you get off?
  
• How can I be de-listed
  
• Pinned: Why Am I Blocked FAQ
  
• Pinned: Cost of spam
  

If you still have questions after reviewing these, please do return here to post follow-ups.

[StevenUnderwood]

Please reply with an IP address or the error message you are receiving in order to better answer your questions.

Without an IP address to compare against this is simply generic information. Please see the Pinned entries, specifically Why am I Blocked?

We still get 20-30 or so undeliverable emails every day that come from who knows where (in response to emails we did not send) that I have to manually delete from our mailserver.

Are they on your mailserver because your server is trying to bounce them to incorrect addresses? Do you bounce undeliverable messages or viruses to the Return-Path: address? These things can get your IP added to the blocklist if one of the spamcop spamtrap addresses was forged into the sender fields. Again, without an IP, nobody can tell if that is a possibility.

I don't know how to stop this, but cannot change our domain as it is our business name.

Spamcop does not list domains, it lists IP addresses. Even if you change your IP address, unless you find the root cause, it is likely to happen again.

There is no way it comes from here as only myself and my wife have access.

You would be surprised how many servers are istalled with their default username/passwords or unsecure passwords. It could be that someone has figured out one of your passwords and is sending "authorized" messages from your server. Again, without an IP address, we can not help you.

How can I clear my domain from your blacklist

When the spam stops being reported from that address (if that is why you were listed) or when the spamtraps stop receiving messages from your server (if that is why you were listed) or any other of a number of possiblities, your IP (again, not domain) will drop off the list automatically.

[Miss Betsy]

While you are sorting out the problems, you should set up a web email address so that you can email your clients and they can email you. The most familiar are yahoo and hotmail, but there are others.

It is a good opportunity for you to educate your supplier and clients about the value of getting a head's up so that you can be a responsible server administrator and eliminate any problem that spammers cause. Even if it is a false alarm (see the guy whose headers are constantly being forged), pretty soon it could happen to them just as everyone is having their email addresses forged in the From: of spam.

Miss Betsy

[basement]

thanks for the responses - I don't know how to find out my mailserver IP address - and am wary of listing anything specific on here. I send email through Cogeco.ca and incoming mail comes through my domain hosts email server, so maybe it's a Cogeco.ca thing (my highspeed service provider). We tried changing passwords/log ins a few weeks back. All the responses we get are in the following vein (I set an autoreply to people using the now closed email address hoping they'd realize it's not us spamming them):

Date: Tue, 13 Apr 2004 06:50:03 -0400

From: Mail Delivery System <Mailer-Daemon[at]server797.dnslive.net>

To: [mydomain name][at]server797.dnslive.net

Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its

recipients. This is a permanent error. The following address(es) failed:

  myefqysgma[at]hotmail.com

    SMTP error from remote mailer after RCPT TO:<myefqysgma[at]hotmail.com>:

    host mx1.hotmail.com [65.54.252.99]: 550 Requested action not taken:

    mailbox unavailable

------ This is a copy of the message, including all the headers. ------

Return-path: <[mydomain name][at]server797.dnslive.net>

Received: from basement by server797.dnslive.net with local (Exim 4.24)

        id 1BDLTK-0007t6-HS

        for myefqysgma[at]hotmail.com; Tue, 13 Apr 2004 06:48:54 -0400

To: "Maritza R. Peoples" <myefqysgma[at]hotmail.com>

X-Autorespond: Homeowners - Get more money in your pocket. Here is how

X-Loop: "Maritza R. Peoples" <myefqysgma[at]hotmail.com>

From: "noreply[at][mydomain name]" <kev[at][mydomain name]>

Content-type: text/plain; charset=us-ascii

Subject: no such address

Message-Id: <E1BDLTK-0007t6-HS[at]server797.dnslive.net>

Date: Tue, 13 Apr 2004 06:48:54 -0400

Because we were receiving extremely high amounts of spam emails, we have had to close access to this email address.

As does everyone, we abhore spam. We recently closed down one of our email addresses due to the fact that spammers were not only sending 100+ emails to it per day, but also seemed to have started using it as the return address for some of their spam. If you received one of these that was supposedly from kev[at][mydomain name], please be assured it did not originate from us. Check the headers and please report it to the appropriate authorities. Our apologies - we have done what we can to stop it at this end.

[Merlyn]

I don't know how to find out my mailserver IP address

If you are running a mail server and you don't know how to find the IP address then you should not be running a mail server.

[Miss Betsy]

You will have to find out the IP address before anyone can help figure out the problem.

Contact your ISP. He may be able to fix the problem for you. If not, he will tell you what your IP address is.

Part of the problem may be the automatic messages that you are using which may be going to spam traps since they were addressed by spammers or viruses.

No one will think your domain is involved with any spam if your domain name is in the spam return path or From except someone who is so clueless you wouldn't want them for a customer.

But contact Cogeco.ca and see what they say. Then report back here that it was solved or with the IP address.

Miss Betsy

[Spambo]

myefqysgma[at]hotmail.com

    SMTP error from remote mailer after RCPT TO:<myefqysgma[at]hotmail.com>:

    host mx1.hotmail.com [65.54.252.99]: 550 Requested action not taken:

    mailbox unavailable

It appears to me that the bounce DOES NOT state that the email bounced because of a SCBL listing (or any other blocklist listing), in fact it says the "mailbox" is "unavailable". This could be due to the recipient closing their Hotmail account or their inbox being over quota.

And, AFAIK, Hotmail doesn't use the SCBL anyway.

[Wazoo]

Your query and the dancing around / not providing specifics, but tossing in so many general statements is just way too confusing to try to give you any specific answer.

send email through Cogeco.ca and incoming mail comes through my domain hosts email server, so maybe it's a Cogeco.ca thing (my highspeed service provider). We tried changing passwords/log ins a few weeks back. All the responses we get are in the following vein

an issue with outgoing e-mail not goin gthrough would seem to only involve the cogeco.ca account, but .... you have people e-mail "you" at "your domain / e-mail host server" but answer via cogeco.ca and "they" don't see this as a bit confusing?

and trying to guess as to which server in question you changed account data on is a game I don't need to play.

myefqysgma[at]hotmail.com

    SMTP error from remote mailer after RCPT TO:<myefqysgma[at]hotmail.com>:

    host mx1.hotmail.com [65.54.252.99]: 550 Requested action not taken:

    mailbox unavailable

This says nothing about a SpamCop issue ... e-mail was sent to a closed/non-existent account. How do you track that message back to SpamCop?

Because we were receiving extremely high amounts of spam emails, we have had to close access to this email address.

and what is this account doing now ... bouncing back to other forged "From:" addresses?

X-Autorespond: Homeowners - Get more money in your pocket. Here is how

X-Loop: "Maritza R. Peoples" <myefqysgma[at]hotmail.com>

From: "noreply[at][mydomain name]" <kev[at][mydomain name]>

Content-type: text/plain; charset=us-ascii

Subject: no such address

Yep, almost one of those too funny situations ... you bounced an e-mail to a closed mailbox back to HotMail, but using someone else's forged "From:" lines that sent you to an account probablt closed for the same reasons you cite .... almost funny, but it points to poor management decisions by whoever is actually handling your e-mail server configuration.

I don't know how to find out my mailserver IP address

Send an e-mail from one account to another on the other server, read the headers.

am wary of listing anything specific on here

and yet you'd like answers to your situation offering not a clue as to what to look up? Sorry, can't help without some IP addresses being identified. If your mail servers are actually registered properly, the info is already "out there"

[basement]

To Merlyn.

Remarks like that are not helpful.

My web host runs the mail server. I Receive mail through that and send through cogeco.ca

[basement]

Helpful comments are gratefully accepted.

I send email through cogeco and receive through my web host, but this is not something anyone can see, so how could it be confusing? The emails say they are from my domain and don't mention cogeco. I won't give specifics because I don't want any spammers to see what I write, I'm having enough trouble as it is!!! Are these forums open so anyone can see what is written or do you have to be a member to see anything?

I supplied one of the responses I get to my "it wasn't me" autoreplies, these are what I get around 50-100 of every day. The thing I get that told me about spamcop is below.

One other thing, I cannot send emails from my [myname][at]cogeco.ca account either, I get the same response, so maybe it is a Cogeco thing.

thanks again for your help.

-----------------------------------------------------------------------------

This is the Postfix program at host fep4.cogeco.net.

I'm sorry to have to inform you that the message returned

below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can

delete your own text from the message returned below.

The Postfix program

<james[at]rivernet.net>: host spamblock.rivernet.net[216.94.106.6] said: 554

Service unavailable; Client host [216.221.81.25] blocked using

bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.221.81.25

(in reply to RCPT TO command)

[Wazoo]

I send email through cogeco and receive through my web host, but this is not something anyone can see, so how could it be confusing? The emails say they are from my domain and don't mention cogeco.

By "sending" via cogeco, cogeco's IP addresses are in the headers ... and this takes us right to your rejection notice;

bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.221.81.25

Query bl.spamcop.net - 216.221.81.25

216.221.81.25 is smtp.cogeco.net

216.221.81.25 listed in bl.spamcop.net (127.0.0.2)

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been detected sending mail to spam traps

In the past 7.8 days, it has been listed 5 times for a total of 24 hours

So please note, there is nothing there to say you or your "company" is involved in spamming, but your outgoing e-mail is going through a cogeco server that is "guilty" of sending out spam spew in addition to "your" e-mail. There is a bit of a math formula to handle the listing and delisting of an IP, and it certainly looks as if this server has been doing a bit of dancing around, apparently sending enough "non-reportable as spam" e-mail to keep dropping it off the list for a while, but sending enough bad stuff (especially note the spamtrap issues which carry a hih weighting factor in that formula) that it gets added back in every now and then.

Are these forums open so anyone can see what is written

Anyone can read, need to register to post in other than the Test Forum. But again, identifying an IP doesn't translate to "let's send this guy some spam" .... At this point, your issue seems to be cogeco's handling of their spam spew problem.

One other thing, I cannot send emails from my [myname][at]cogeco.ca account either, I get the same response, so maybe it is a Cogeco thing.

As stated above, yes, a definite Cogeco issue ... but from the way you phrased that remark, does this imply that Cogeco is also hosting your web/e-mail server? If so, you've not been provided a "real" e-mail server, you're just using their resources and they're mapping your domain stuff to "your" account ... which would explain the above issues .. you're actually using a "shared" server, so your e-mail is mixed in with everyone else's ... this would explain your "no difference" statement, as it's actually the same server being used.

[Merlyn]

To Merlyn.

Remarks like that are not helpful.

My web host runs the mail server. I Receive mail through that and send through cogeco.ca

Then I misunderstood you. It looked/sounded like you ran your mail server. If you did, those would have been words of wisdom not criticism.

[turetzsr]

To Merlyn.

Remarks like that are not helpful.

My web host runs the mail server. I Receive mail through that and send through cogeco.ca

Then I misunderstood you. It looked/sounded like you ran your mail server. If you did, those would have been words of wisdom not criticism.

thanks for the responses - I don't know how to find out my mailserver IP address - and am wary of listing anything specific on here. I send email through Cogeco.ca and incoming mail comes through my domain hosts email server, so maybe it's a Cogeco.ca thing (my highspeed service provider). We tried changing passwords/log ins a few weeks back. All the responses we get are in the following vein (I set an autoreply to people using the now closed email address hoping they'd realize it's not us spamming them):

<snip>

...The text above that I changed to red may be the cause of Merlyn's "confusion" .... It certainly confused me!

[Merlyn]

Thanks, Turetzsr.

[basement]

thanks everyone - sorry if I wasn't clear, this is a frustrating thing to go through and I was typing as fast as my fat little fingers would allow which often results in pure nonsense!

[yourbuddy]

216.221.81.25 is now only listed in spam.wytnij.to

[turetzsr]

Thanks, Turetzsr.

Hi, Merlyn,

...Steve (or Steve T), please -- turetzsr is just my user id.

[Merlyn]

Ok Steve

Thanks again!