Jump to content

Derek T

Memberp
  • Content Count

    602
  • Joined

  • Last visited

Everything posted by Derek T

  1. Available to those who pay for a spamcop account. The best US$30 per year that I spend. All my email addresses either forwarded to or POPped by the one filtered address. Greylisting, personal white and blacklisting. Easy spam reporting. Don't get mad, get even.
  2. It would seem that there was a recent spam-run from that IP Report History: Submitted: Tue, 23 Mar 2010 14:14:23 GMT: President's Day Sale for x - Up To 70% Off! 4861211547 ( 204.244.212.10 ) To: gary.dunn[at]nisgaa.net 4861211544 ( 204.244.212.10 ) To: abuse[at]entel.ca Submitted: Mon, 22 Mar 2010 07:53:49 GMT: dcelcon! Spring Sale! Up To 76% Off! 4859180508 ( 204.244.212.10 ) To: gary.dunn[at]nisgaa.net 4859180507 ( 204.244.212.10 ) To: abuse[at]entel.ca Submitted: Mon, 22 Mar 2010 07:01:14 GMT: Up to 73% off + extra 30% off 4859126764 ( 204.244.212.10 ) To: gary.dunn[at]nisgaa.net 4859126763 ( 204.244.212.10 ) To: abuse[at]entel.ca Submitted: Sun, 21 Mar 2010 21:24:10 GMT: RE: SALE 70% OFF on PFIZER! 4858672390 ( 204.244.212.10 ) To: gary.dunn[at]nisgaa.net 4858672389 ( 204.244.212.10 ) To: abuse[at]entel.ca Submitted: Sun, 21 Mar 2010 19:39:00 GMT: Up to 77% off + extra 30% off 4858592598 ( 204.244.212.10 ) To: gary.dunn[at]nisgaa.net 4858592596 ( 204.244.212.10 ) To: abuse[at]entel.ca Submitted: Sun, 21 Mar 2010 17:53:14 GMT: Jump in, ctgreybeard, 70% discounts all week 4858498336 ( 204.244.212.10 ) To: gary.dunn[at]nisgaa.net 4858498334 ( 204.244.212.10 ) To: abuse[at]entel.ca SpamCop is very quick to list/de-list so it may have been breifly listed and de-listed ny the time you checked.
  3. Derek T

    spam traps and how to circumvent most

    You clearly have no idea how SpamCop works or what a SpamTrap is. Read the FAQ and come back with a sensible question, if you still have any. What part of 'read before posting' did you not understand?
  4. Derek T

    Where is my email going?? is it me or my ISP??

    OK the test email ended up in my held-mail folder. "Listed on cbl.abuseat.org." SpamCop v 4.6.0.031 © 1992-2010 Cisco Systems, Inc. All rights reserved. Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z3667757746za540779b56a6173aaa426467492b5cccz Skip to Reports Return-Path: <paul[at]staffbook.co.uk> Delivered-To: cesmail-net-x Received: (qmail 6690 invoked from network); 20 Jan 2010 17:47:46 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on filter7 X-spam-Level: X-spam-Status: hits=0.0 tests=HTML_MESSAGE version=3.2.4 Received: from unknown (192.168.1.108) by filter7.cesmail.net with QMQP; 20 Jan 2010 17:47:46 -0000 Received: from web099.gen2host.com (89.151.77.58) by mx71.cesmail.net with SMTP; 20 Jan 2010 17:47:36 -0000 Received: from web099.gen2host.com (unknown [127.0.0.1]) by web099.gen2host.com (Postfix) with ESMTP id 5A1971B6637 for <x>; Wed, 20 Jan 2010 16:55:23 +0000 (UTC) Received: from acer47cbe8a5ed (unknown [82.132.248.160]) by web099.gen2host.com (Postfix) with ESMTP for <x>; Wed, 20 Jan 2010 16:55:21 +0000 (UTC) From: "Paul Esherwood" <paul[at]staffbook.co.uk> To: <x> Subject: Spamcop forum Date: Wed, 20 Jan 2010 16:55:25 -0000 Message-ID: <0016_______________________0e0$[at]co.uk> MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_NextPart_000_0017_01CA99F1.625005A0" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcqZ8VyA9npl6yatT8GTrD8MhH7t8Q== Content-Language: en-gb X-SpamCop-Checked: 89.151.77.58 82.132.248.160 X-SpamCop-Disposition: Blocked cbl.abuseat.org View entire message Parsing header: 0: Received: from unknown (192.168.1.108) by filter7.cesmail.net with QMQP; 20 Jan 2010 17:47:46 -0000 Internal handoff at SpamCop 1: Received: from web099.gen2host.com (89.151.77.58) by mx71.cesmail.net with SMTP; 20 Jan 2010 17:47:36 -0000 Hostname verified: web099.gen2host.com SpamCop received mail from sending system 89.151.77.58 2: Received: from web099.gen2host.com (unknown [127.0.0.1]) by web099.gen2host.com (Postfix) with ESMTP id 5A1971B6637 for <x>; Wed, 20 Jan 2010 16:55:23 +0000 (UTC) Internal handoff or trivial forgery 3: Received: from acer47cbe8a5ed (unknown [82.132.248.160]) by web099.gen2host.com (Postfix) with ESMTP for <x>; Wed, 20 Jan 2010 16:55:21 +0000 (UTC) No unique hostname found for source: 82.132.248.160 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header Tracking message source: 89.151.77.58: Routing details for 89.151.77.58 [refresh/show] Cached whois for 89.151.77.58 : spencer[at]asuk.com craig[at]dedipower.com Using last resort contacts spencer[at]asuk.com craig[at]dedipower.com Yum, this spam is fresh! Message is 1 hours old 89.151.77.58 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 89.151.77.58 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 89.151.77.58 not listed in cbl.abuseat.org 89.151.77.58 not listed in dnsbl.sorbs.net 89.151.77.58 not listed in accredit.habeas.com 89.151.77.58 not listed in plus.bondedsender.org 89.151.77.58 not listed in iadb.isipp.com Finding links in message body Recurse multipart: Recurse multipart: Parsing text part Parsing HTML part No html links found, trying text parse Ignored image/png part Ignored image/png part Resolving link obfuscation http://schemas.microsoft.com/office/2004/12/omml Tracking link: http://schemas.microsoft.com/office/2004/12/omml No recent reports, no history available ISP does not wish to receive report regarding microsoft.com Resolves to 207.46.232.182 Routing details for 207.46.232.182 [refresh/show] Cached whois for 207.46.232.182 : abuse[at]hotmail.com Using best contacts report_spam[at]hotmail.com ISP does not wish to receive reports regarding http://schemas.microsoft.com/office/2004/12/omml - no date available http://schemas.microsoft.com/office/2004/12/omml has been appealed previously. Please make sure this email IS spam: From: "Paul Esherwood" <paul[at]staffbook.co.uk> (Spamcop forum) This is a multi-part message in MIME format. ------=_NextPart_000_0017_01CA99F1.625005A0 View full message Report spam to: Re: 89.151.77.58 (Administrator of network where email originates) To: craig[at]dedipower.com (Notes) To: spencer[at]asuk.com (Notes)
  5. Derek T

    Where is my email going?? is it me or my ISP??

    Andrews bit shows attempts to reach your server: it doesn't seem to be set up very well (to say the least!) Edit: Sorry, Wazoo's bit... My bit simply means that the mail address you sent to is spam-trapped. Part of that process is called a 'grey-list' where mail waits to be confirmed as genuine. I just short-circuited that and am expecting the SpamCop servers to deliver it any time now. Courage, Camile it's safely on its way! As Chris Tarrant would say, It's good in here isn't it? And we're all unpaid!
  6. Derek T

    Where is my email going?? is it me or my ISP??

    It's got as far as my greylist and I have just released from there. Should arrive in the next 30 mins. (the spamcop greylist holds mail until the server tries five resends - drive-by trojans only send it once, a genuine mailserver will keep trying)
  7. Derek T

    Where is my email going?? is it me or my ISP??

    Much as I sympathise, it's almost impossible to tell from that info what is going on. We need to check the IP of the SMTP server through which your mail goes. What is the setting for your outgoing mail in your email client, please? Is it the same both at home and at work? You can send me an email at frderek[at]cesmail.net and I'll try to trace the route (if it gets here!)
  8. Then what are you doing in a SpamCop forum? (Apart from SHOUTING that is.)
  9. Derek T

    Orange webmail is blocked

    According to Senderbase that domain maps to 63 smtp servers. Without the specific IP there is very little any of us can do. The rejection message is malformed (in that it should contain the IP). Do you have another example from a different recipient, perhaps?
  10. Not without an IP to work with, no. The one in the rejection has never sent email so that can't be it. First guess: a badly configured server blaming scbl when the error is 'no such address'
  11. OK I'm guessing that the 'notify sender' setting caused a flood of 'non-deliverable' messages to the forged 'From' fields of spam your server received. You have now corrected this and are now using 5xx during the SMTP conversation instead. Your system no longer sends out ANY non-deliverables, over-quotas or vacation messages? If ALL the above is true then I suggest a grovelling email to deputies[at]spamcop.net and they MAY de-list you early, providing that the spew really has stopped. Actually I've just checked and you're not currently listed so maybe a deputy already read this! Edit: there are no human reports for this IP' which indicates spamtrap hits, which in turn supports my earlier suppositions. Shalom.
  12. Your first sentence makes no sense at all There is no way to speed up the process. What have you done to fix the problem? Exactly which IP is listed? We need this IP to be able to offer any real help.
  13. Derek T

    Wrongful Block list

    What part of "Read the FAQs before making silly assertions" do you not understand?
  14. Derek T

    Blacklisted twice can find no cause

    You are not currently listed and there are no 'human' reports in the last 90 days so yes, spamtraps are the most likely culprits. NEVER send a new 'undeliverable' message. Reject with a 5xx during the SMTP transaction: that way the true sender gets the notice, not an innocent third party or spamtrap. Drop an email to deputies[at]spamcop.net
  15. Derek T

    Removal from blacklist

    In a word, Windows. And the fact that 95%+ of all Windows installations in India are pirated copies. The solution? GNU/Linux.
  16. Derek T

    Removal from blacklist

    1. Fix the problem 2. Wait - delisting is entirely automatic when the spam stops.
  17. Derek T

    Cause for IP to be listed

    All our psychics are out. Which IP? Did you fix the problem before de-listing? More info on spamtraps in the FAQ.
  18. Derek T

    remove IP from Blist

    As Telarin says you don't, you just have to wait, it's entirely automatic. Did you fix the problem with misdirected bounces?
  19. Derek T

    I'm an ISP, respect please!

    If your customer is in breach of your Terms and Conditions then disconnect him/her immediately. S/he hasn't a leg to stand on.
  20. Derek T

    ip block 67.159.26.192

    What makes you think there have been no more incidents? what have you done to stop the spew from that server? SpamCop is working as it should, adding hours with each new report/spamtrap hit. Requesting delisting without solving the problem did not help. Get a clue.
  21. Oh dear! Submitted: 07 May 2009 09:21:39 +0100: Renew your virility for yourself,for her and for your love. * 4116004757 ( 196.11.146.71 ) To: nomaster[at]devnull.spamcop.net Submitted: 04 May 2009 19:47:11 +0100: Newsletter_12:_Making_money_with_SMS_SHORT_CODES * 4106883551 ( 196.11.146.71 ) To: nomaster[at]devnull.spamcop.net Submitted: 04 May 2009 13:58:23 +0100: [ipc] LATEST IPC CONNECT * 4106132192 ( 196.11.146.71 ) To: nomaster[at]devnull.spamcop.net Submitted: 04 May 2009 07:00:03 +0100: GOLD_DUST_and_GOLD_NUGGETS * 4104789442 ( 196.11.146.71 ) To: nomaster[at]devnull.spamcop.net Submitted: 04 May 2009 05:39:19 +0100: GOLD_DUST_and_GOLD_NUGGETS * 4104537549 ( 196.11.146.71 ) To: nomaster[at]devnull.spamcop.net Submitted: 03 May 2009 19:01:40 +0100: GOLD_DUST_and_GOLD_NUGGETS * 4103343570 ( 196.11.146.71 ) To: nomaster[at]devnull.spamcop.net Submitted: 03 May 2009 19:01:28 +0100: Newsletter_12:_Making_money_with_SMS_SHORT_CODES * 4103342733 ( http://www.payprofit.net/payprofit/unsubscribe.... ) To: abuse[at]navigata.net * 4103342617 ( 196.11.146.71 ) To: nomaster[at]devnull.spamcop.net and Parsing input: 196.11.146.71 [report history] Routing details for 196.11.146.71 [refresh/show] Cached whois for 196.11.146.71 : risk[at]vodacom.co.za spampolice[at]vodamail.co.za bounces (241 sent : 121 bounces) Using best contacts No reporting addresses found for 196.11.146.71, using devnull for tracking. Statistics: 196.11.146.71 listed in bl.spamcop.net (127.0.0.2) More Information.. 196.11.146.71 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 196.11.146.71 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 196.11.146.71 not listed in cbl.abuseat.org 196.11.146.71 not listed in dnsbl.sorbs.net No valid email addresses found, sorry! * There are several possible reasons for this: The site involved may not want reports from SpamCop. * SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing. * SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address. * There may be no working email address to receive reports. Houston, we have a problem
  22. 1. AIUI mail is sent from an SMTP server and received from a POP3, so I am, to say the least, puzzled. 2. That IP seems to have a good reputation and I can find no reports against it. If there were they would have been sent to abuse[at]mtnns.za, is that you? Who checks that mailbox? 3. You get the error message when trying to send to anyone? Are you using the SCBL and if so is it configured correctly? Could you post the full text of a rejection please? It just doesn't add up as you have presented it.
  23. Derek T

    Blacklisted but IP is not in database

    All our psychics are on holiday. What bloody IP?
  24. Derek T

    Server blocked 66.96.251.170

    There are FAQs a-plenty that will tell you how spamcop works. Your server is not on the SCBL and there are no rteports (either human or spamtraps) listed against it. Please post the text of the email from your ISP: it may be that SpamCop is not involved at all.
  25. Derek T

    Email blocked???

    The important factoid in the message is that your mail is sent out from a server at IP 67.212.91.2. You may be sharing that with loads of other clients of your ISP. That sever was spewing spam Saturday through Monday. It seems that the problem has been solved by your ISP, the volume of mail is down and the IP is no longer listed. It seems you have a responsible ISP who pulled the plug on an infected customer. I wish they were all so clued up. The IP is not on any of the common blacklists AFAICT. All should now (or soon, when caches are refreshed) be back to normal. I don't think there's anything you need to do apart from the usual malware precautions (assuming that you are using Windows). By the way, why did you think that SpamCop was involved, it's not mentioned in your rejection message!
×