Jump to content
Sign in to follow this  
pirco

Apparent Blocking of 1&1 by SORBS

Recommended Posts

74.208.4.194 = mout.perfora.net is one of 1and1's main mail servers. That group of servers have been flagged as main mail handlers in our system and have been removed from our blocking list. The SpamCop parse will now push past those servers and go after the user IP that is the actual source of the spam.

Our blocking list clients who have been refusing to accept mail from 74.208.4.194 should start allowing it now, or very soon.

hopefully this gets someone attention but it seems that the same server is being blocked again.

1&1 server 74.208.4.194

can this be taken off the black list?

thanks

Share this post


Link to post
Share on other sites
hopefully this gets someone attention but it seems that the same server is being blocked again.

1&1 server 74.208.4.194

can this be taken off the black list?

http://www.spamcop.net/w3m?action=checkblo...ip=74.208.4.194

74.208.4.194 not listed in bl.spamcop.net

http://www.senderbase.org/senderbase_queri...ng=74.208.4.194

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ....... 5.6 .. -27%

Last month .. 5.7

Share this post


Link to post
Share on other sites

http://www.spamcop.net/w3m?action=checkblo...ip=74.208.4.194

74.208.4.194 not listed in bl.spamcop.net

http://www.senderbase.org/senderbase_queri...ng=74.208.4.194

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ....... 5.6 .. -27%

Last month .. 5.7

hmm. what does that mean? I got

554 5.7.1 Service unavailable; Client host [74.208.4.194] blocked using dnsbl.sorbs.net; Currently Sending spam See: http://www.sorbs.net/lookup.shtml?74.208.4.194

after all...!

Share this post


Link to post
Share on other sites
554 5.7.1 Service unavailable; Client host [74.208.4.194] blocked using dnsbl.sorbs.net; Currently Sending spam See: http://www.sorbs.net/lookup.shtml?74.208.4.194

That indicates that the IP is flagged as bad in the SORBS database, which has nothing to do with SpamCop. If you go the the SORBS site, there's an option to request that the IP be delisted....here's a link:

https://www.dnsbl.us.sorbs.net/cgi-bin/support

DT

Share this post


Link to post
Share on other sites

one more question: this is my bounce back:

SMTP error from remote server after RCPT command:

host mailin.berlin.de[85.183.245.168]:

554 5.7.1 Service unavailable; Client host [74.208.4.194] blocked using

dnsbl.sorbs.net; Currently Sending spam

1&1 now says it's the receiving end that's causing the trouble.

does that make sense?

thanks!

Share this post


Link to post
Share on other sites
That indicates that the IP is flagged as bad in the SORBS database, which has nothing to do with SpamCop.

<snip>

...Thanks, DT. Assuming we're agreed this inquiry is not about the SpamCop blacklist, I shall split it off and move it to the "SpamCop Lounge" forum.

Note: split off from 1and1, one of the world's largest hosts.

one more question: this is my bounce back:

1&1 now says it's the receiving end that's causing the trouble.

does that make sense?

Hi, pirco!

...If your question is: "does my interpretation seem consistent with the bounce message," I would say, yes, in the sense that the receiving end (host mailin.berlin.de) is doing the blocking, allegedly based on information gleaned from SORBS.

Share this post


Link to post
Share on other sites
...1&1 now says it's the receiving end that's causing the trouble.

does that make sense?

Yes, mailin.berlin.de, the receiving server, doesn't want mail from 74.208.4.194 because mailin.berlin.de uses a SORBS blocklist and SORBS says mout.perfora.net [74.208.4.194] is a server sending spam to spamtrap addresses and therefore belongs on the blocklist. It is always the receiving end that uses the blocklist. They don't want spam coming into their network and, unlike many, reject messages 'upfront' (instead of silently), giving the sending network an opportunity to do something about the problem on their network. So, the problem is 1&1's end (spam is being sent through 74.208.4.194) and the networks of some intended recipients are causing trouble for the hopeful senders behind 1&1's server by refusing to accept anything from that server in case it is spam. It has nothing to do with SpamCop.

Share this post


Link to post
Share on other sites
So, the problem is 1&1's end (spam is being sent through 74.208.4.194) and the networks of some intended recipients are causing trouble for the hopeful senders behind 1&1's server by refusing to accept anything from that server in case it is spam. It has nothing to do with SpamCop.

thank you for the explanation. so what is a user like me to do next?

1&1 support tells me to support spamcop to "have them unblock our IP address or add your email address into their whitelist".

?

Share this post


Link to post
Share on other sites
thank you for the explanation. so what is a user like me to do next?

1&1 support tells me to support spamcop to "have them unblock our IP address or add your email address into their whitelist".

...First thing is to see if you can find someone at 1&1 who can read and comprehend that SORBS is not SpamCop! :) <g>

...Next thing is to encourage 1&1 to learn more about spam and how and why blacklists work. Generally, blacklists list servers (in SpamCop's case, by IP address) that have been seen to have sent spam. They generally will not (or, at least, should not) remove a server from the blacklist without some evidence that the spamming has stopped (in SpamCop's case, this "delisting" is automatically done within several hours of the spam having seen to have stopped). So, 1&1 have to stop the spam.

...One other thing you can try is to contact via some other means whomever you are trying to send e-mail and ask them to try to whitelist you.

Share this post


Link to post
Share on other sites
...Generally, blacklists list servers (in SpamCop's case, by IP address) that have been seen to have sent spam. They generally will not (or, at least, should not) remove a server from the blacklist without some evidence that the spamming has stopped (in SpamCop's case, this "delisting" is automatically done within several hours of the spam having seen to have stopped). So, 1&1 have to stop the spam. ...
And, while I reiterate that it is nothing to do with SpamCop, I confirm that the SORBS blocklists are based on IP addresses and I consider the last thing Matthew Sullivan (proprietor of SORBS though I think he is Michelle Sullivan these days) is going to do is remove an IP that is still spamming his spamtraps. Well, (s)he might - but that would be an expensive way to go for the ISP because removal is not automatic, nor is it necessarily free, and and the whole process would start again with the next spamtrap hit. And (s)he has demonstrated no compunction about listing a network's trunk servers.

DavidT (earlier post) gave you (pirco) the link to a SORBS delisting form. That is the process that 1&1's administrator needs to go through to get delisted.

Share this post


Link to post
Share on other sites
1&1 support tells me to support spamcop to "have them unblock our IP address or add your email address into their whitelist".

ok, here's another message from 1&1:

"It is our responsibility to make sure that our mail servers

are not being blocked however we do not have a control to the level of

security imposed by hosting providers which sometimes block our mail

servers or IP address. As much as we would like to assist you with this

but you need to contact them since they are the only person who can

unblock the mail servers and please do ask them to have your email

address on their whitelist."

so it sounds like I need to contact the host that blocked 1&1's mail server (and my email).

does that sound right?

thanks for your help.

Share this post


Link to post
Share on other sites
...so it sounds like I need to contact the host that blocked 1&1's mail server (and my email).

does that sound right?

One approach is to ask that host to whitelist you. Another is to ask the people you are trying to e-mail to ask their host to whitelist you (that might have more influence). It may not even be possible to whitelist you.

1&1 are treating the SORBS blocklist with contempt. If they have a spam problem they should fix it. And delist themselves. Until they do, they are treating the entire internet with contempt. And especially you and their other customers. That shows in their reply to you - it is preposterous. SORBS is not well liked for various reasons but there should be no argument when it comes to their spam detection. You should think about finding another service provider.

PM to O/P to confirm new topic.

Share this post


Link to post
Share on other sites
...One other thing you can try is to contact via some other means whomever you are trying to send e-mail and ask them to try to whitelist you.

thank you. I've asked my father (!) to try just that...

meantime, I told 1&1 that it should be THEIR responsibility to unblock THEIR mailservers.

because I'm paying monthly hosting fees that include proper email service.

but they said that they can't possibly follow all hosts around the world and ask them to unblock.

I then said that they need to track their spammer and they said they are doing that...

DavidT (earlier post) gave you (pirco) the link to a SORBS delisting form. That is the process that 1&1's administrator needs to go through to get delisted.

oh. well, I just submitted a request (I think. it's a bit confusing although I'm an internet "professional") because it seems that 1&1's not going to do it for their (paying) customers. a bit frustrating.

thanks everyone and all for shedding light on this for me. much appreciated!

Share this post


Link to post
Share on other sites
but they said that they can't possibly follow all hosts around the world and ask them to unblock.

I then said that they need to track their spammer and they said they are doing that...

You still have not reached somebody who fully understands the issue. They don't need to go around the world to all the servers using the blocklist. They need to go to the people who run the blocklist, find out what exactly is causing the lising an dfix it, then ask for a delisting.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×