Jump to content

Wintermute

Members
  • Content Count

    9
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Wintermute

  • Rank
    Newbie
  1. Wintermute

    Malicious Reporting of a message..

    Its a catch 22 situation, without knowing the email address of the reporter, I cant confirm with the list owner that the reporter correctly went through Yahoo's confirmation process. I have asked the owner of the list and he has confirmed that no one has been added to the list using Yahoo's automatic signup process, I agree this is a poorly thought out feature and it is something that is deliberately not used on any of the Yahoo groups which I moderate. However, in this case, the list owner says it hasnt been used, short of paranoia, thats good enough for me.
  2. Wintermute

    Malicious Reporting of a message..

    I agree absolutely, I am perfectly willing to accept that this may be an honest mistake on the part of the spamcop reporter, I am just looking for clarification. I have now contacted the reporter using the form suggested - we will see what they say. My main point throughout this has been to figure out precicely what happened, not with a view to attributing blame and being all letigious. The end goal has got to be that this doesnt happen again. I can see that the ISP is going to have to have a little education in using spamcop reports properly.
  3. Wintermute

    Malicious Reporting of a message..

    Its a SOHO office whose acceptable use policy pretty much clearly states that staffs usage of internet during lunchtime or out of hours is pretty much their own business. We do not monitor the email or internet usage of the 3 staff that work there during the day. The fact that this office is also my home and the work PC is also my home PC further explains the situation.
  4. Wintermute

    Malicious Reporting of a message..

    okay, Eclipse forwarded this - [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. Email from 82.152.28.237 / 27 Apr 2004 15:50:26 -0000 http://www.spamcop.net/w3m?i=z950047427zec...17dec095888f97z Seems to be one of yours after all - and now I have the answer to the question I asked originally - can Spamcop reporters hide behind anonymity. It's clear to me that the user who submitted this report at the very least needs to explain their reasoning, and provide some assurance that they have not simply indulged in a little religious prejudice. The FAQ here http://www.spamcop.net/fom-serve/cache/167.html seems to indicate the address to direct complaints to is blproblem[at]admin.spamcop.net Is this the best way to procced, or do staffers read these forums? back and forth, I guess. We'll get to the bottom of this. Ian.
  5. Wintermute

    Malicious Reporting of a message..

    Okay, update from the ISP - this is the report that triggered the block on our IP. "fullalbumtorrents" (guess what that does then) is the name of the yahoo group - 82.152.28.237 is (as mentioned) our static IP address. All email into the wintermute-ltd.com domain is handled by an MS Exchange 2003 box at that IP - all outbound mail is similarly sent from this IP - we don't use an ISP's upstream relay server. I see a couple of ID numbers in the subject - an "id" of 950047427 and a second number = 042204. Do those have any significance to someone in the know? I'm noting as well that it does say SpamCop pretty clearly on the subject line - are we still sure that this didn't originate from spamcop.net? I wonder, is it possible that someone simply faked an email from spamcop? pretty sloppy on behalf of Eclipse if that's the case I guess, but it would help to know. I. Subject: FW: [spamCop (82.152.28.237) id:950047427][fullalbumtorrents] Re: 042204 - ALL IMPORTANT PRETEST Date: Tue, 11 May 2004 15:02:26 +0100 From: "Neil Caborn" <NCaborn[at]eclipse.net.uk> To: i_lowe[at]yahoo.com [ Offending message ] Status: U Return-Path: x Received: from spf7.us4.outblaze.com ([205.158.62.41]) by pickering.mail.mindspring.net (EarthLink SMTP Server) with ESMTP id 1biuTE7j63Nl3p20 for <x>; Tue, 27 Apr 2004 11:53:22 -0400 (EDT) Received: from n19.grp.scd.yahoo.com (n19.grp.scd.yahoo.com [66.218.66.74]) by spf7.us4.outblaze.com (Postfix) with SMTP id 8D6E12AC7B for <x>; Tue, 27 Apr 2004 15:52:59 +0000 (GMT) X-eGroups-Return: sentto-10157034-722-1083081028-rcuteri=email.com[at]returns.groups.yahoo.co m Received: from [66.218.66.30] by n19.grp.scd.yahoo.com with NNFMP; 27 Apr 2004 15:50:28 -0000 X-Sender: ian[at]wintermute-ltd.com X-Apparently-To: x Received: (qmail 89902 invoked from network); 27 Apr 2004 15:50:26 -0000 Received: from unknown (66.218.66.216) by m24.grp.scd.yahoo.com with QMQP; 27 Apr 2004 15:50:26 -0000 Received: from unknown (HELO n15.grp.scd.yahoo.com) (66.218.66.70) by mta1.grp.scd.yahoo.com with SMTP; 27 Apr 2004 15:50:26 -0000 Received: from [66.218.67.167] by n15.grp.scd.yahoo.com with NNFMP; 27 Apr 2004 15:49:16 -0000 To: x Message-ID: <c6lv___khg3[at]eGroups.com> In-Reply-To: <001401c428a0$b125f630$6700a8c0[at]wacko1> User-Agent: eGroups-EW/0.82 X-Mailer: Yahoo Groups Message Poster X-eGroups-Remote-IP: 66.218.66.70 From: "Ian Lowe" <ian[at]wintermute-ltd.com> X-Originating-IP: 82.152.28.237 X-Yahoo-Profile: i_lowe MIME-Version: 1.0 Mailing-List: list x; contact fullalbumtorrents-owner[at]yahoogroups.com Delivered-To: mailing list x Precedence: bulk List-Unsubscribe: <mailto:fullalbumtorrents-unsubscribe[at]yahoogroups.com> Date: Tue, 27 Apr 2004 15:49:16 -0000 Subject: [fullalbumtorrents] Re: 042204 - ALL IMPORTANT PRETEST Reply-To: x Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-ELNK-AV: 0 <html><body> <tt> Be kind - he has a mental illness and needs your help.<BR> <BR> God is a fantasy, a myth. People with an over-active temporal lobe <BR> in their brain sometimes cannot tell the difference between the <BR> fantasy world of dreams and childish stories and the real world. <BR> <BR> Perhaps someday he'll come to understand that it's all just a <BR> fantasy story to scare kids with - more likely, he'll die deluded <BR> that he's about to meet his mystical maker... but that's something <BR> to be pitied, not something to flame him for.<BR> <BR> Best solution for weak minded fools with imaginary best friends? <BR> never acknowledge their hallucinations as being anything other than <BR> mental illness, and just ignore them when they froth at the mouth - <BR> they will soon become bored and find someone else to annoy.<BR> <BR> I.<BR> <BR> </tt> </body> </html> 0
  6. Wintermute

    Malicious Reporting of a message..

    Thanks for the continued input folks - On the unallocated IP address issue... that's strange, but outwith my scope I guess - Eclipse are a major UK ISP, and one of the best regarded on the usual metrics of customer care, performance, reliability and so on - not the folks you expect to be doing fly-by-night stuff. I have asked for some clarification from them - I'd like to see the original alert that prompted the issue, and yes, I fear there's possibly a "generic" use of the word spamcop. Spambo - I can see what you are saying, however, this was a reply to a yahoo discussion group, not a direct mailing. Given Yahoo's use of a specific ID, action requried to join a group and a confirmation message being required, I'd consider it a fairly safe assumption that a reply directly to the list wasn't spam. The investigation continues...
  7. Wintermute

    Malicious Reporting of a message..

    Well... A lot of statements that may well describe the desired process don't unfortunately marry well with the facts. I would agree that one report *shouldn't* list you, but it certainly seems to have done so in this case (or possibly the same post being reported multiple times) When I entered our IP address into the spamcop checker, I got the same information you have posted here. It certainly isn't listed here now. However, our IP address *was* blocked as a result of being blacklisted - Eclipse claim because of a notification by spamcop. An Open relay is simply something that we checked for internally - I wasn't implying that spamcop is a list of open relays. Of course, a lack of reverse DNS may cause problems with strict RFC1912 mailservers, however, In practice, we have a delivery rate of around 99.8%. At this point, I suspect that eclipse are in fact using another RBL service, or are otherwise confused. As our IP does not appear to be listed (how did you tell that it had never been listed, incidentally?) there must be another explanation. Thanks for helping to unravel this part of the problem.
  8. Wintermute

    Malicious Reporting of a message..

    I'm not too concerned about it being in the public domain - the IP address in question is: 82.152.28.237
  9. Hi there. This morning, we have been troubleshooting a pretty nasty Internet outage in our office... only to find that our ISP had withdrawn service due to us being listed on the Spamcop blacklist. Fair enough, I support Spamcop's efforts, and was more concerned to quickly plug any problem. This turned to anger as soon as I realised that there was no open relay on our site, nor in fact had any spam originated here. We have up to date AV, spyware scanners, and a firewall that logs all port 25 connections. We appear to have been blacklisted due to a single message which was posted (by me) to Yahoo Groups. As I'm sure everyone is aware, Yahoo groups are opt-in discussion lists that users have to subscribe to, so recieving the list mails is hardly unsolicited. On seeing a copy of the suspect email from my ISP, it's blindingly apparent that the message was properly sent through Yahoo Groups, and is not IN ANY WAY a spam message. It's also apparent that the true reason for the complaint is that the reporter simply did not like the CONTENT of the email, which expressed my opinion about an off topic religious message sent to the group. So, the next question - do spam reporters have anonymity to hide behind, or do I have a path to hold someone to account for causing my office several hours of downtime by a malicious, false report? (not to mention that I don't really appreciate having my freedom of speech stomped on in this way) Ian.
×