In the past we have gotten very useful reports from spamcop when a user spams. We have tried to react to the customers very quickly.
However, recently something appears to have changed (if I'm wrong about this, I'm sure I'll be corrected).
http://www.spamcop.net/sc?id=z280296275z84...7f5a52b72f0de9z
This is the "logic" behind this report being generated.
Specifically...
Received: from mshweihat (ppp120.f1.56k.execulink.com [209.239.31.120]) by gouda.execulink.net (8.11.6/8.11.6) with SMTP id i11MKbw15574; Sun, 1 Feb 2004 17:20:37 -0500
host 209.239.31.120 = ppp120.f1.56k.execulink.com (cached)
host ppp120.f1.56k.execulink.com (checking ip) = 209.239.31.120
199.166.6.56 not listed in dnsbl.njabl.org
199.166.6.56 not listed in cbl.abuseat.org
199.166.6.56 not listed in dnsbl.sorbs.net
199.166.6.56 is not an MX for nas.net
199.166.6.56 is not an MX for gouda.execulink.net
199.166.6.56 is not an MX for gouda.execulink.net
199.166.6.56 is not an MX for nas.net
199.166.6.56 not listed in dnsbl.njabl.org
Possible spammer: 209.239.31.120
209.239.31.120 is not an MX for ppp120.f1.56k.execulink.com
host ppp120.f1.56k.execulink.com (checking ip) = 209.239.31.120
host gouda.execulink.net (checking ip) = 199.166.6.56
199.166.6.56 not listed in dnsbl.njabl.org
199.166.6.56 not listed in cbl.abuseat.org
199.166.6.56 not listed in dnsbl.sorbs.net
199.166.6.56 is not an MX for nas.net
199.166.6.56 is not an MX for gouda.execulink.net
199.166.6.56 is not an MX for gouda.execulink.net
199.166.6.56 is not an MX for nas.net
199.166.6.56 not listed in dnsbl.njabl.org
Possible spammer: 209.239.31.120
209.239.31.120 is not an MX for ppp120.f1.56k.execulink.com
host ppp120.f1.56k.execulink.com (checking ip) = 209.239.31.120
host gouda.execulink.net (checking ip) = 199.166.6.56
199.166.6.56 not listed in dnsbl.njabl.org
199.166.6.56 not listed in cbl.abuseat.org
199.166.6.56 not listed in dnsbl.sorbs.net
Chain test:gouda.execulink.net =? gouda.execulink.net
gouda.execulink.net and gouda.execulink.net have same hostname - chain verified
Possible relay: 199.166.6.56
199.166.6.56 not listed in relays.ordb.org.
199.166.6.56 has already been sent to relay testers
Received line accepted
209.239.31.120 discarded as a forgery, using 199.166.6.56
In fact, this message did originate from this IP, relayed through our mail server as is the norm (I assume it is still prefered that users relay mail through their local ISP rather then direct.)
I'm not sure how this decision was made, but it has resulted in our server being listed (quite annoying).
Is there something that I'm missing here or has something changed that caused this IP address to be discarded as a forgery?