Jump to content
Sign in to follow this  
kenwood

Yahoo Group Mail Server Blocked by Spamcop.net

Recommended Posts

I had to stop using SpamCop and alter my sendmail.cf file because of the following partial entry in my maillog file.

ruleset=check_relay, arg1=n44a.bullet.mail.sp1.yahoo.com, arg2=127.0.0.2, relay=n44a.bullet.mail.sp1.yahoo.com [66.163.168.138], reject=550 5.7.1 Rejected: 66.163.168.138 listed at bl.spamcop.net

A lot of list mail from various Yahoo Groups comes from this IP address. If it is blocked, a lot of legitimate list mail will not be delivered to list/group members.

It is like throwing the baby out with the bath water.

Has anybody else run into this?

Share this post


Link to post
Share on other sites
Has anybody else run into this?

your can find all sorts of previous occirrences by ising the various search tools provided. Yes, this has gone on for years. Yrs, some people decide that receiving the spam is more important than blocking the 'alleged important' stuff .. noting that the Yahoo Groups thing is also has a web-based interface.

As you've stated, you made a decision based on your opinion. The question would be whether you're providing support to anyone else and whether they feel the same way.

Share this post


Link to post
Share on other sites
your can find all sorts of previous occirrences by ising the various search tools provided. Yes, this has gone on for years. Yrs, some people decide that receiving the spam is more important than blocking the 'alleged important' stuff .. noting that the Yahoo Groups thing is also has a web-based interface.

You are right. Between being upset about this and not using the right search terms, I missed a lot of past postings. My apologies

As you've stated, you made a decision based on your opinion. The question would be whether you're providing support to anyone else and whether they feel the same way.

Yes, I did. I had been using 4 different DNSBLs in my sendmail.cf and SpamCop was the third in the chain. Since 99% of my spam is filtered by the first two, mostly the first one, and SpamCop was the only one blocking Yahoo Group mail after passing through the first two, it was a pretty easy decision.

I don't think I would happy if I was told those are the breaks and go read your Yahoo group mail by logging in and using the web interface.

Thanks for taking the time to reply.

Share this post


Link to post
Share on other sites

It does seem a little odd though

http://www.spamcop.net/w3m?action=blcheck&...=66.163.168.138

66.163.168.138 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

* IP is listed in SpamCop exclusion list

Because of the above problems, express-delisting is not available

Listing History

In the past 23.8 days, it has been listed 3 times for a total of 4.4 days

Other hosts in this "neighborhood" with spam reports

66.163.168.55 66.163.168.132 66.163.168.134 66.163.168.136 66.163.168.137 66.163.168.139 66.163.168.140 66.163.168.141 66.163.168.142 66.163.168.143 66.163.168.147 66.163.168.148 66.163.168.151 66.163.168.152 66.163.168.153 66.163.168.154 66.163.168.155 66.163.168.156 66.163.168.157 66.163.168.159 66.163.168.160 66.163.168.183 66.163.168.186 66.163.168.189 66.163.168.190

Spamtraps? How did they get into the mailings? http://www.senderbase.org/senderbase_queri...=66.163.168.138 - high volume, not much except spamtraps are ever going to get it listed. http://multirbl.valli.org/dnsbl-lookup/66.163.168.138.html - nothing much of significance there apart from SC and Project Honeypot (which latter could be fooled by legitimate sending to a large number of similar addresses). The middle third or so of the 'neighbourhood' servers are the only ones currently listed - almost like a rotation of servers is occurring to duck around the listings to some degree. One of those others listed is http://www.spamcop.net/w3m?action=checkblo...=66.163.168.151 but again (due to volume), seems to be spamtrap hits only that would be tripping the entry.

Looks to me like the/some group lists have been poisoned. Is SC being 'used' and thus a mere nuisance? Is that possible? Since Yahoo Groups can easily be whitelisted by many/most of the recipients, that would seem to be a fruitless exercise - yet here is a case where a SCbl user finds the more effective option is to drop the SCbl and that can't be good.

[edit] Nope, a bit more of a look and some interpretation - it looks like spamtraps are getting into the mailings the same old way - through spammers latching on to bogus lists and using the system (perhaps through unmoderated groups or from rogue group owners) to pump out 'regular' spam. In that context, Yahoo has a special SC mailservices reporting address which presumably/hopefully receives extra attention. If group members are not receiving spam, dropping the SCbl is well and good - but if (when) they do get spammed, the SCbl will often be the fastest-reacting means to shunt the stuff aside. The recommended use of the SCbl is to filter, not to reject - one can imagine false positives become likely in specific scenarios such as this.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×