Jump to content

mark

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About mark

  • Rank
    Member
  1. Dnsstuff.com reports that our IP is not listed at SpamCop as of roughly 11am est, Feb 1st. SpamCop website shows the following information for our ip. ~~~~~~~~ 66.241.135.153 not listed in bl.spamcop.net Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 94.7 days. In the past 2.9 days, it has been listed once for a total of 2.8 days In the past week, this system has: Been reported as a source of spam less than 10 times Been witnessed sending mail about 280 times A sample sent sometime during the 24 hours beginning Wednesday, January 28, 2004 7:00:00 PM -0500: Received: from -.-.com (-.-.com [66.241.135.153])- by -.-.-.- (-.-.-.-.-) with - id - for <-[at]-.com>- Thu, - Jan 2004 - - Subject: business - specialists - id - From: de.. at ..li.fr ~~~~~~~~ I have been asked to interpret the information above. Please correct me if I have it wrong. My interpretation of the text above is indicated by the 3 >>> characters. >>>my comment here. ***********START OF TRANSLATION************** 66.241.135.153 not listed in bl.spamcop.net. >>>IP address 66.241.135.153 is not blocked by subscribers to SpamCop. Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. >>>IP address 66.241.135.153 has been reported to SpamCop >>>less than 10 times, from less than 10 recipients of spam. It has been sending mail consistently for at least 94.7 days. >>>IP address 66.241.135.153 was first reported to SpamCop 94.7 days ago. In the past 2.9 days, it has been listed once for a total of 2.8 days >>>IP address 66.241.135.153 was reported to SpamCop >>>once in the past 2.9 days. ????????for a total of 2.8 days?????????? ( Please clarify) In the past week, this system has: Been reported as a source of spam less than 10 times >>>IP address 66.241.135.153 was reported to SpamCop less than 10 times >>>in the past 7 days. Been witnessed sending mail about 280 times >>>IP address 66.241.135.153 has 280 spam reports logged at SpamCop >>>in the past 7 days. A sample sent sometime during the 24 hours beginning Wednesday, January 28, 2004 7:00:00 PM -0500: >>>IP address 66.241.135.153 sent the following smtp header information >>>between Wednesday, January 28, 2004 7:00:00 PM -0500: >>>AND >>>Thursday, January 29, 2004 7:00:00 PM -0500: Received: from -.-.com (-.-.com [66.241.135.153])- by -.-.-.- (-.-.-.-.-) with - id - for <-[at]-.com>- Thu, - Jan 2004 - - Subject: business - specialists - id - From: de.. at ..li.fr >>>The smtp header above has been stripped of all information except the IP >>>address being tested. The "Received from" indicates the actual sender IP. ************END******************* Corrections Welcome. Thanks in advance.
  2. Michaell, I appreciate the reply. Also, thanks to all for the attention to this matter. I must congratulate all involved, in providing excellent resources to assist me in resolving this issue. If I had some assurance that all the necessary steps have been taken to have this IP removed from the spamcop database, I would stop bothering everyone. Access to the date and time of the last abuse report would prove helpful. Is this information available anywhere?
  3. Thanks again for the links. Are you seeing some reason why our ip is still listed at spamcop. The only place our ip is listed from the links provided is spamcop. The only information provided with any reference to date is below. ~~~~ A sample sent sometime during the 24 hours beginning Wednesday, January 28, 2004 7:00:00 PM -0500: ~~~~~ This appears to be the same information, and is not being updated. Are you seeing something I don't? I have sent mail to the address you suggested, asking for assistance in determining if we are queued for delisting, or if new reports are being added. I am unable to update the abuse contact info, as the link fails. http://www.abuse.net/addnew.html You did provide a me with header information that allowed me to find the cause of the listing in the first place. Do you have any additional headers indicating our ip address is still routing spam? Thanks.
  4. Jeff, Below is the only information SPAMCOP is providing. Can you tell me how often this posted information is updated.? http://www.spamcop.net/w3m?action=checkblo...=66.241.135.153 A sample sent sometime during the 24 hours beginning Wednesday, January 28, 2004 7:00:00 PM -0500: Received: from -.-.com (-.-.com [66.241.135.153])- by -.-.-.- (-.-.-.-.-) with - id - for <-[at]-.com>- Thu, - Jan 2004 - - Subject: business - specialists - id - From: de.. at ..li.fr
  5. Ok Jeff, Can you provide a contact who can assist me further? Thanks again.
  6. JeffG, I just wanted to say thanks for your dedication to this thread. I'm sure you can appreciate our situation as a result of this issue. Our users cannot sent to spamcop subscribers, and its affecting the normal business activity. I need to report to our management why this happened, and when it will be resolved. Is there any way I can determine the status of our ip address in the database.? If new reports are occuring, then I am not being notified from the arin address you provided. The link to edit the arin entry doesn't appear to work for me. I must insure this issue will be resolved asap. I expect if new reports are occuring, then I will need the full headers to analyse and determine the cause. If no new reports are occuring, then since when? How much of the 48 hour period has lapsed, or is the counter being reset? Thanks.
  7. Is there anything I can do to expedite the removal from this list? How can I report on when I will be delisted.?
  8. Can you tell me if I am scheduled to be removed from this database, and when? Are you still receiving new reports of spam from this addres?
  9. How can I check to if reports of UCE are still occuring?
  10. Jeff, The information you provided was correct. That external address, 142.176.128.51 was accepting inbound mail, and relaying over our internal network. The header information was key in finding this problem. Can you also confirm the open relay is now closed?
  11. Can I confirm that no new reports are being added? If not, can I expect the IP to be removed after the 48 hour period?
  12. Mail server is running Exchange 2000 sp3. Can you tell me why the address, Reporting addresses: postmaster[at]thtel.ca <mailto:postmaster[at]thtel.ca> -----Original Message----- From: Mark Munro Sent: Thursday, January 29, 2004 6:21 PM To: 'noc[at]thtelecom.ca' Subject: spamcop http://www.spamcop.net/sc?track=66.241.135.153
  13. Thanks Jeff, I did see this page. If I understand this correctly, then the page states that some domain in .fr is highjacking our IP address? Can you offer any suggestions on how this is possible? I have tested for open relays on a number of test sites. I have also submitted our ip to the ordb.org site, and I dont see how the .fr domain highjacked our address. Please help.
  14. That's simply not correct. The SpamCop parser completely and totally ignores any email addresses found in the headers of the spam. So, when email is sent with forged From: or sender addresses, that's not a problem since we ignore those anyway. SpamCop also mostly ignores the domain names found in the headers of the message. It does use the domain names, but only to double-check the IP address found in the headers. The IP address is always considered the authoritative reference for where the email was each step of the way on its travels. Spammers can't forge IP addresses into spam as they are automatically recorded by the receiving mail server, based on the IP address that connects to the mail server. We can settle this pretty easily. What is the IP address that is on the blacklist? JT I have no idea why this is listed, I see no evidence indicating I am relaying, and I am recieving numerous reports that the spamcop database is the cause. Can you please get this IP removed immediately! -----Original Message----- From: System Administrator Sent: Friday, January 30, 2004 12:54 PM To: lmenary[at]roots.com Subject: Undeliverable: RE: Delivery Status Notification (Failure) Your message did not reach some or all of the intended recipients. Subject: RE: Sent: 1/30/2004 12:53 PM The following recipient(s) could not be reached: lmenary[at]roots.com on 1/30/2004 12:53 PM You do not have permission to send to this recipient. For assistance, contact your system administrator. <webmail1.allianceatlantis.com #5.7.1 smtp;550 5.7.1 Rejected: 66.241.135.153 listed at bl.spamcop.net>
  15. It appears any spoofed address can report a domain a a source of spam, crippling the domain for 48 hours, as stated in the FAQ. Consider removing SPAMCOP as a method of blocking spam, as it appears the system may prevent legitimate mail. Below is a response from the ISP, stating that they are not the reporting source. http://www.spamcop.net/sc?track=66.241.135.153 ~~~~~~~ We are not sure why our email address is listed although we are certain that we did not report this to Spamcop. If we where to receive spam from you we would contact you first. If there is any thing else we can help you with please feel free to give us a call or email. Regards, Dennis Network Operations Centre Toronto Hydro Telecom Inc. 185 The West Mall, Suite 500 Toronto, Ontario, M9C 5L5 Tel: (416) 542-2525 Backup Tel: (416) 626-0450 Fax: (416) 626-5419 Email: noc[at]thtelecom.ca -----Original Message----- From: Mark Munro [mailto:Mark.Munro[at]AllianceAtlantis.com] Sent: Friday, January 30, 2004 3:01 PM To: NOC [at] thtelecom; Mark Munro Subject: RE: spamcop Thanks, Dennis, Can you explain why your email address is listed at SPAMCOP as the address that reported us as a source of spam? -----Original Message----- From: NOC [at] thtelecom [mailto:noc[at]thtelecom.ca] Sent: Friday, January 30, 2004 2:59 PM To: 'Mark Munro' Subject: RE: spamcop Hi Mark, There is nothing we can do on our side to resolve this issue with Spamcop. I do suggest that you contact Spamcop directly and resolve this issue with them. It seems that you have been put on their blocking list and you must convince them to take you off. If you have any questions you can contact our NOC.
×