Jump to content

Derek T

Memberp
  • Content Count

    602
  • Joined

  • Last visited

Everything posted by Derek T

  1. Derek T

    Email hosting

    Being an 'innocent bystander' is a real bummer. Some other customer's lack of security is tainting you with the same brush. If you post an un-munged rejection notice with the IP in question we may be able to give you a bit more information about the nature of the problem. Can you ask the refusenik to whitelist you? Can't really advise on email hosting without knowing where you are and what volume we are talking about. Could you host your own sever in the cloud, for example?
  2. This must be very frustrating. I notice that it's another one of those badly-formed rejections like the first one you posted last time, which doesn't help. FWIW the trace on the 34sp IP says this: Parsing input: 80.82.124.221 No recent reports, no history available Routing details for 80.82.124.221 [refresh/show] Cached whois for 80.82.124.221 : daniel[at]34sp.com postmaster[at]34sp.com bounces (6 sent : 6 bounces) Using best contacts No reporting addresses found for 80.82.124.221, using devnull for tracking. Statistics: 80.82.124.221 not listed in bl.spamcop.net More Information.. 80.82.124.221 not listed in cbl.abuseat.org 80.82.124.221 not listed in dnsbl.sorbs.net No valid email addresses found, sorry! There are several possible reasons for this: The site involved may not want reports from SpamCop. SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing. SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address. There may be no working email address to receive reports. So there are no reports on that IP at all (that doesn't rule out spamtrap hits) but even if there were reports no-one would see them because no abuse address has been registered. No record of SpamCop being involved at all, apart form the mal-formed rejection. Sorry. As you can see, not listed in SpamCop, cbl or dnsbl. Suggest you: 1. Contact the recipient by other means and ask to be white-listed. (And ask them to fix the broken rejection notice) 2. Contact 34SP and ask them to register an abuse address
  3. As I understand it, it's not so much how many complaints as what the proportion of spam is to genuine mail, so a large-volume server (e.g. yahoo, gmail) will need more complaints (and spam-trap hits, which carry more weight as these addresses have never sent mail to anyone) than a low-volume server. A good spam-spew can increase email from a server by a factor of 10 or more (ie 90% or more spam). De-listing requests should only be made by the owner of the server AFTER they are sure that the problem is solved. It does say so on the de-listing page. Whose fault? Ultimately the spammers who take over machines, Microsoft who make such easily-hacked operating systems and ISPs who don't take quick and proactive enough action to keep the spam sources off their servers. Spamcop is one of the most forgiving of blocklists, listing only in response to active spam spews and quick to delist after they stop. There are many less-forgiving lists out there and if o2 don't take action they may soon end up on those too. You are their customer and o2 should be asked to provide the service that you have paid for. Also note that Spamcop does NOT recommend using their list in blocking mode, on the contrary Spamcop recommends using it to filter to a hold/quarantine folder. However, some admins choose to block completely: their server, their rules. But some of the fault does, therefore, lie at the receiving end.
  4. Yes, that's a great help, thank you. 82.132.130.151 is one of o2's mail-servers (I see four, named after starwars characters, this one is 'yoda') and you will be sharing that with tens of thousands (at least) of o2's other customers. Looking at the senderbase records it would appear that a spam-run from that server (probably a zombied customer) has recently ended (traffic is down 42% today) so it would appear that o2 have taken action to remove the source. The server is NOT currently listed (SpamCop is very quick to de-list once the spam stops) and so the rejections should stop, unless the receiving servers are using out-of-date lists. Chances are your mail is assigned to the four servers at random. At present none is on the SpamCop blacklist so all should be well. Something was broken, o2 seem to have fixed it You were an innocent bystander and need do nothing (apart, of course, from keeping your own anti-malware up to date so that you don't become the next zombie) EDIT: I've just noticed that the 'vader' server (82.132.130.150) IS now listed for the next 23 hours so you MIGHT get a rejection if your mail gets sent out through this one. Again, O2 seem to have stopped the spew (falling volume). Good luck! For your information: IP Address 82.132.130.151 Fwd/Rev DNS Match Yes First Seen Help 2007-05-23 Email Reputation Help Good Web Reputation Help Neutral Last Day Last Month Email Magnitude Help 4.2 4.3 Volume Change Help -44% ↓ Hostname yoda.london.02.net Domain 02.net Network Owner Telefonica O2 UK Blacklists bl.spamcop.net Not Listed cbl.abuseat.org Not Listed dnsbl.sorbs.net Not Listed pbl.spamhaus.org Not Listed sbl.spamhaus.org Not Listed
  5. Your address is not on the blocklist. No email address is ever on the blocklist. See the FAQ. The IP address through which your mail goes out is on a blocklist and that's probably due to its owner (o2?) not being proactive in kicking off abusers. Essential information is either missing or munged. A properly-formed rejection message SHOULD contain the IP address of the rejected sending server: something like Email rejected because 173.203.116.233 is listed by bl.spamcop.net - See http://www.spamcop.net/w3m?action=checkblo...173.203.116.233 It is that IP (xxx.xxx.xxx.xxx) that we need in order to help you. As you say email addresses are not important. And no, the previous issue would not get your IP onto the blocklist, this is most likely an O2 problem and you an innocent bystander, but without the IP to look up I really can't help you resolve this. Sorry.
  6. Sorry, which part of 'unaltered' did you not understand? You have removed the information we need in order to help you. The previous problems were caused by content filtering and have nothing to do with spamcop or your present problems.
  7. SpamCop does not list email addresses but IP addresses. None of us can help without the IP address that is having problems. Please see the FAQs for more information and please post an unaltered rejection notice for more help.
  8. Hi David and welcome, 1. Technically spamcop blocks nothing - the receiving server happens to be using the SCBL in blocking mode - not recommended but their server, their rules. 2. Spamcop is very dynamic - when the spam stops it delists automatically. It's quite likely that the IP was delisted by the time you checked. 3. You munged the one piece of information that I need to help further - the IP address.
  9. Derek T

    Help, is my email address defind as spam?

    Well, if you can get a copy of the mail that ended up in the junk folder WITH ALL ITS HEADERS, there may be clue there as to why it was considered suspect. There may be a header such as 'X-spam-disposition' with a message like 'IP xxx.xxx.xxx.xxx appears on |<someblocklist>', or it may refer to some bayesian scoring system being used by the recipient 'spam score = 9' or such-like. If you could get the recipient to send you back the blocked message WITH ALL HEADERS INTACT, you might get a clue as to what went wrong. Avoiding it the future is a different matter
  10. Derek T

    Help, is my email address defind as spam?

    Welcome. But with the greatest of respect, what brings you here? What evidence do you have of SpamCop's involvement? You have given us nothing to go on, really, so help will be extremely limited. To answer the question in your title, NO, no email address is EVER defined as spam. spam is defined by content and consent and this and other listing services list only server addresses, not email addresses. There are numerous 'read this before posting' pointers to this all over this forum.
  11. I am having much the same problem, I use Thunderbird and IMAP. When I select (in the reporting web interface) Release and Whitelist sender the email remains in Held Mail but now gains a yellow star. This started two or three days ago, before that it worked perfectly. Oh, and the sender doesn't get whitelisted either.
  12. not listed in bl.spamcop.net Nothing whatsoever to do with spamcop. apews is down the hall ------->
  13. First, thank you very much for your efforts to clean up your server and reduce the amount of spam in the world. It really is very much appreciated. As regards spamtrap hits, don't blame your ISP - NO REPORTS ARE SENT! This is to protect the security of the spamtraps. Lastly, this from the FAQ, but I don't know if it helps as it refers only to summary reports: How can I get SpamCop reports about my network? Report routing Anyone may receive summary reports about any netspace they specify. To receive reports, first create an ISP account. Once you have logged in with your new account, use the "Request Reports" menu item to specify which networks you would like to receive reports about. At any time, you may use the "show routes" menu item to view which networks you are configured to receive reports about. In addition, your ISP account allows you to spot-check any IP address for recent reports.
  14. Using the opt-out simply confirms to the spammers that they have a 'live' address. If you never opted in then NEVER opt out. Simply report all such crap to spamcop as spam.
  15. First, SpamCop blocks/rejects NOTHING, see FAQs. It is the receiving server that rejects, based on a SpamCop listing. Second, the dirty outgoing server is a Yahoo server, nothing to do with the hotel. Does that help?
  16. Unfortunately you have removed the one piece of information we need to be able to help you - the IP address.
  17. May I echo Steve's appreciation of the work you have done. Unfortunately that IP is back on the blacklist (0718 UTC). That IP is shared with many other RR customers so you are, in all likelihood, an 'innocent bystander'. Not clear from what you wrote who actually gets your $USs. Whoever it is, that's whose case you should be on as they are not providing the service you are paying for
  18. It would appear that the BL that the recipient is using uses the SpamCop BL as a resource and (possibly) doesn't react to de-listings as quickly as it does to listings. There's nothing anyone here can do about that. Recipient's server, recipient's rules. Maybe your contact could ask their admin to whitelist you? Regrettably, many servers are configured to cite SpamCop's BL even when it is quite another BL that has the listing. Again their server, their rules and SpamCop can do nothing about it. You might like to put your IP into one of the many 'Composite Blocklist' sites to see if it is still listed elsewhere. You might also ask RR to route your mail through a different (non-listed) server. After all, it's them you have the contract and commercial relationship with. Money talks.
  19. There are quite a few spam reports dated yesterday and today from that IP. My (educated) guess is that that IP was listed for a while and is now de-listed. Spamcop acts very rapidly to list when spam starts and to de-list when it stops. In other words, spamcop is working fine, nothing to see, move along please. Another educated guess is that RoadRunner pulled the spamming account that was sharing that IP with you as soon as they got the reports. Again, this is just how it should be. Sorry that you were an innocent bystander who got caught up in it, but everything should now be back to normal.
  20. Derek T

    [Resolved] Release 204.181.52.250

    You will have to provide more information before anyone here can help. Which IP do you believe to be on the SCBL?
  21. Derek T

    Is this a true email?

    The latter. Probably a phishing or malware attempt.
  22. http://www.spamcop.net/fom-serve/cache/94.html (the fine faq)
  23. Derek T

    Why block NASA?

    I very much doubt that 'spamcop got it wrong'. Spamcop is entirely automatic and lists IPs on the basis of the amount of spam as a percentage of total traffic (among other factors). Without knowing the IP from which NASA attempted to send the message none of us on this side of the screen can investigate further. It's quite possible that: 1. There is a compromised machine on their network 2. There is no proper check on the validity of email addresses on their list and a spamtrap has been added 3. The rejection message is malformed and is citing a SpamCop listing when the reason for rejection is quite other (you'd be amazed how often this happens) What we need is a rejection message containing the sending IP so that we can check if it is now, or ever has been on the Spamcop list. Please also note that SpamCop does NOT recommend using its list to reject email outright (it should only be used to flag mail as possible spam) you may want to take this up with the admin of Monmouth Alumni. I very much doubt that 'spamcop got it wrong'. Spamcop is entirely automatic and lists IPs on the basis of the amount of spam as a percentage of total traffic (among other factors). Without knowing the IP from which NASA attempted to send the message none of us on this side of the screen can investigate further. It's quite possible that: 1. There is a compromised machine on their network 2. There is no proper check on the validity of email addresses on their list and a spamtrap has been added 3. The rejection message is malformed and is citing a SpamCop listing when the reason for rejection is quite other (you'd be amazed how often this happens) What we need is a rejection message containing the sending IP so that we can check if it is now, or ever has been on the Spamcop list. Please also note that SpamCop does NOT recommend using its list to reject email outright (it should only be used to flag mail as possible spam) you may want to take this up with the admin of Monmouth Alumni.
  24. No suggestions but here is some further information. Two 'human' reports from yesterday. Submitted: Thu, 16 Feb 2012 23:16:15 GMT: Oh my, Christian! College nude run made me wanna show my nudity in public! #... 5708078627 ( http://www.subota.kz/Edward ) To: tatyana.kalacheva[at]telecom.kz 5708078626 ( http://www.subota.kz/Edward ) To: akushner[at]online.kz 5708078625 ( http://www.subota.kz/Edward ) To: onekrasova#online.kz[at]devnull.spamcop.net 5708078624 ( http://www.subota.kz/Edward ) To: bilyarov[at]online.kz 5708078623 ( http://www.subota.kz/Edward ) To: nic#online.kz[at]devnull.spamcop.net 5708078622 ( http://www.subota.kz/Edward ) To: dzhusipbek[at]online.kz 5708078621 ( http://www.subota.kz/Edward ) To: natalya.petrova[at]telecom.kz 5708078619 ( http://www.subota.kz/Edward ) To: dsuranchin#online.kz[at]devnull.spamcop.net 5708078616 ( http://www.subota.kz/Edward ) To: lserebryanik#online.kz[at]devnull.spamcop.net 5708078615 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net 5708078614 ( 208.68.90.156 ) To: support[at]spdnetwork.net Submitted: Thu, 16 Feb 2012 12:26:14 GMT: =?utf-8?Q?=D0=BF=D1=80=D0=B8=D0=B2=D0=B5=D1=82=D1=83=D0=BB=D1=8C=D0=BA=D0=B8=... 5708103194 ( 208.68.90.156 ) To: [concealed user-defined recipient] 5708103193 ( 208.68.90.156 ) To: abuse[at]spdnetwork.net 5708103192 ( 208.68.90.156 ) To: support[at]spdnetwork.net Which looks like good old-fashioned spam rather than vacation bounces. Looks like you have an infected machine somewhere on your network.
×