Jump to content
Sign in to follow this  
Marktech

Spamcop keeps re-listing my email server

Recommended Posts

My dedicated email server at Godaddy keeps getting re-listed. I have checked all on-site computer with a virus scan and came up with nothing. I also checked netstat an all computers and did not see any foreign addresses on port 25. Also, I don't have any auto-replies going.

Here are the blocked messages:

Connected to 13.1.64.93 but sender was rejected.

Remote host said: 554 Refused from 208.109.80.58 Blocked - see http://www.spamcop.net/bl.shtml?208.109.80.58

Remote host said: 550 5.7.1 Mail from 208.109.80.60 refused due to black-listing in bl.spamcop.net

217.11.48.123 does not like recipient.

Remote host said: 550 5.7.1 ... Mail from

208.109.80.59 refused due to black-listing in bl.spamcop.net

Giving up on 217.11.48.123.

I have contacted Godaddy and they pointed me to contact Spamcop. Does anyone have suggestions?

Thanks,

-M

Share this post


Link to post
Share on other sites

Hi Marktech,

Yes, currently listed (spamtraps and reporters):

http://www.spamcop.net/w3m?action=checkblo...p=208.109.80.59

Express-delisting is not available

Listing History

In the past 15.7 days, it has been listed 6 times for a total of 7.4 days

Reports on reporter submissions (but not spamtrap hits) would have gone to fblreports[at]godaddy.com and it looks like they (or someone) may have attempted delisting before the spam stopped - which possibly triggered the "Express-delisting is not available" Which would be naughty of them if that's what has happened - they have actually received information which would have helped you.

In those reports they would also have been directed to (something like) http://www.spamcop.net/bl.shtml?208.109.80.59 which has some guesses about possible causes. Another to look at is mailing list maintenance (guessing you use e-mail distribution lists). See

http://members.spamcop.net/fom-serve/cache/108.html

Unfortunately, the neat "double opt-in" resources link under http://members.spamcop.net/fom-serve/cache/406.html is DEAD (SC Staff, please!) and not on the web archive. Anyway, "best practice" for list building and list maintenance is well-documented elsewhere I'm sure.

Finally, some of the actual evidence from those reports which might have helped might be found from other DNSbls - feed 208.109.80.59 into a multi-list lookup like http://multirbl.valli.org/dnsbl-lookup/ and follow any of the links from lists referencing your IP address, like http://www.backscatterer.org/?ip=208.109.80.59 to see any hints about what triggered that listing.

One thing SC will never tell godaddy (or you) is how to "listwash" specific reporters out to clean up your lists, if that is the cause. And they will never uncover their spamtraps. It goes back to "best practice" and spamming people until they crack is no part of that. If, however, you can demonstrate double opt-in compliance (in which case there would be no spamtrap hits) it would be the errant reporters who would be pulled into line.

Any help?

Share this post


Link to post
Share on other sites

My dedicated email server at Godaddy keeps getting re-listed. I have checked all on-site computer with a virus scan and came up with nothing. I also checked netstat an all computers and did not see any foreign addresses on port 25. Also, I don't have any auto-replies going.

Here are the blocked messages:

Connected to 13.1.64.93 but sender was rejected.

Remote host said: 554 Refused from 208.109.80.58 Blocked - see http://www.spamcop.net/bl.shtml?208.109.80.58

Remote host said: 550 5.7.1 Mail from 208.109.80.60 refused due to black-listing in bl.spamcop.net

217.11.48.123 does not like recipient.

Remote host said: 550 5.7.1 ... Mail from

208.109.80.59 refused due to black-listing in bl.spamcop.net

Giving up on 217.11.48.123.

I have contacted Godaddy and they pointed me to contact Spamcop. Does anyone have suggestions?

Thanks,

-M

You are listed in a number of blacklists (12)

http://multirbl.valli.org/lookup/208.109.80.58.html

Spamcop is getting it's spam traps hit

Not sure what dedicated means but I do know a spammer is sending spam though that IP

The subject line has (or had)

:SPAM10: You can have satisfaction 5 times a night

Are you in control of that email server or is godaddy?

Share this post


Link to post
Share on other sites

If 208.109.80.58 = p3plsmtps2ded01.prod.phx3.secureserver.net is your dedicated server, and you are the only one who uses it to send email. then you are sending span to our system.

Please stop!

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Share this post


Link to post
Share on other sites

Hi Marktech,

Yes, currently listed (spamtraps and reporters):

http://www.spamcop.net/w3m?action=checkblo...p=208.109.80.59

Express-delisting is not available

Listing History

In the past 15.7 days, it has been listed 6 times for a total of 7.4 days

Reports on reporter submissions (but not spamtrap hits) would have gone to fblreports[at]godaddy.com and it looks like they (or someone) may have attempted delisting before the spam stopped - which possibly triggered the "Express-delisting is not available" Which would be naughty of them if that's what has happened - they have actually received information which would have helped you.

In those reports they would also have been directed to (something like) http://www.spamcop.net/bl.shtml?208.109.80.59 which has some guesses about possible causes. Another to look at is mailing list maintenance (guessing you use e-mail distribution lists). See

http://members.spamcop.net/fom-serve/cache/108.html

Unfortunately, the neat "double opt-in" resources link under http://members.spamcop.net/fom-serve/cache/406.html is DEAD (SC Staff, please!) and not on the web archive. Anyway, "best practice" for list building and list maintenance is well-documented elsewhere I'm sure.

Finally, some of the actual evidence from those reports which might have helped might be found from other DNSbls - feed 208.109.80.59 into a multi-list lookup like http://multirbl.valli.org/dnsbl-lookup/ and follow any of the links from lists referencing your IP address, like http://www.backscatterer.org/?ip=208.109.80.59 to see any hints about what triggered that listing.

One thing SC will never tell godaddy (or you) is how to "listwash" specific reporters out to clean up your lists, if that is the cause. And they will never uncover their spamtraps. It goes back to "best practice" and spamming people until they crack is no part of that. If, however, you can demonstrate double opt-in compliance (in which case there would be no spamtrap hits) it would be the errant reporters who would be pulled into line.

Any help?

Thank you for your reply. The information is very helpful. At a quick glance, I'm not seeing our IPs or domain in this DNSbls lookup. I will keep using this tool as a reference in future blacklistings.

You are listed in a number of blacklists (12)

http://multirbl.valli.org/lookup/208.109.80.58.html

Spamcop is getting it's spam traps hit

Not sure what dedicated means but I do know a spammer is sending spam though that IP

The subject line has (or had)

:SPAM10: You can have satisfaction 5 times a night

Are you in control of that email server or is godaddy?

I am not entirely sure what is meant by "control". I mean, we pay Godaddy for a yearly dedicated server which hosts our website and we send email through it. I can create and edit email accounts through Plesk. However, the server is not at our work-site and is at a Godaddy server warehouse. So I would say Godaddy is in control of it and we just use it.

If I am correct and not in control of the server, is this a Godaddy issue?

If 208.109.80.58 = p3plsmtps2ded01.prod.phx3.secureserver.net is your dedicated server, and you are the only one who uses it to send email. then you are sending span to our system.

Please stop!

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

I have never heard of "secureserver.net". We do not use any type of service from this domain. That is not me. Thank you for the input.

-M

Share this post


Link to post
Share on other sites

If I am correct and not in control of the server, is this a Godaddy issue?

I have never heard of "secureserver.net". We do not use any type of service from this domain. That is not me. Thank you for the input.

-M

http://www.spamcop.net/w3m?action=checkblo...p=208.109.80.59

If the spam is not coming from you or no computer using it is compromised then

Whats most likely happening is "your" email server is not dedicated it is shared by other GoDaddy users.

There is also enough "backscatter" meaning bounces from non-existent email addresses

http://www.backscatterer.org/

So there is a lot of heavy spam flow coming from that IP

As apparently you don't run this mail server it is a Godaddy problem

Perhaps you may wish to try a better email provider like

http://davidvielmetter.com/tricks/use-gmai...email-for-free/

Gmail do "datamine" (electronically read) email passing through it's servers

The reason I'm suggesting Gmail is it's spam control is legendary

Better still if you pay for a good one like a SpamCop email one

http://www.cesmail.net/corporate.php

I am only a user of SpamCop from Sydney Australia

Edited by petzl

Share this post


Link to post
Share on other sites

So I decided to submit another problem ticket for second opinion. Here is what I got back:

"Thank you for bringing this to our attention. The issue you have been experiencing with our relay server being blacklisted is being worked on by our technicians. Service will return to normal as soon as possible. We are unable to give a specific time frame for this resolution. We appreciate your patience and understanding in this matter and we apologize for any inconvenience.

Please contact us if you have any further issues. "

So, it now appears that the problem is on Godaddy's side. Even though I was told on the phone support that I would have to contact Spamcop. Not getting clear answers from either sides official channels :(

-M

Share this post


Link to post
Share on other sites

The answers coming from here are as clear as they can be, given the detail you have provided. If you have the IP address for the origin of the messages being blocked you can quickly check whether or not it is currently on the SpamCop blocklist on http://www.spamcop.net/bl.shtml - and get further information and advice if it is. Or even, to some extent, if it is not.

You have quoted notices which implicate both p3plsmtps2ded01.prod.phx3.secureserver.net (208.109.80.58) and p3plsmtps2ded02.prod.phx3.secureserver.net (208.109.80.59). Those are godaddy servers. The server names imply they might be dedicated ones. Are you using either or both or something else again? Do you know how to tell?

Whatever, you have the information and methods (outlined above) to get more information once you know the IP address(es) allocated.

I suspect godaddy might be changing your address whenever or sometimes when you complain of being blocked. If so, that is "immediate gratification" but counter-productive - they really know better than that. That little shuffle-dance (if that is what is happening) could go on for quite a while or until the sun cools, whichever comes first, with nothing changing. Or you could work out where the offending messages are coming from (the ones causing listing - not only on the SCbl but other DNSBLs as well) and, if from you, stop sending them. If not from you (or from some machine of yours taken over by malware and part of a botnet), your dedicated server does not have a dedicated address and if that is what you are paying for then you would have a real beef with your provider.

So far the picture is not clear. Well, not to me anyway.

Share this post


Link to post
Share on other sites

I have been fighting this issue for over a week-- some of the replies here are close to the truth, but none are exactly correct.

I am the IT Officer at a small community bank in rural Kansas. We have a virtual dedicated server hosted with goDaddy. It is completely administered by me. We are not sending any spam through our server.

Spamcop is receiving spam reports from godaddy's SMTP relay system (xx.secureserver.net). EVERY server and email system they host must be pointed to and relay through a secureserver.net smart host. Godaddy's network architecture is set up in such a way that they block any outgoing mail which is configured to be sent directly from the hosted server's IP directy or directed to an alternative SMTP relay or smart host. We attempted to start relaying our email through a different smart host that we have access to, but after spending several hours over two days on the phone with network engineers at goDaddy, it proved impossible.

secureserver.net is a massive relay, covering several subnets, including 208.109.80.xxx . I am not sure why goDaddy is having so much trouble tracking down the specific host(s) responsible for the spam, but it is affecting every server hosted with them.

Things looked like they'd cleared up last night, but I'm starting to see bounces again. Our only option at this point is to take our hosting elsewhere. 1&1.com is looking pretty good right now, and their engineers assure me I can relay my email wherever I want.

Edited by BankerTech

Share this post


Link to post
Share on other sites

Thanks BankerTech - that explains the difficulty the O/P has been having.

Good luck with your hunt for a more amenable provider. I don't think godaddy's policies are at all unusual, being intended as a tight rein for tight control, but obviously that tight rein becomes a liability for all users when they can't actually gain and maintain control.

As you say, hard to figure why not - except with daily throughput of 200,000 messages or more on each active secureserver.net server/smart host, most of it being legitimate, they might find it cheaper to simply route around the affected IP addresses (retire/rest them) once those become blocked. Sounds like that's not working so well right now if it is the plan.

Godaddy really has to put some resource into winkling out the abusers in their network. Some of their servers have already lost their "good" Reputation Scores (SenderBase, etc.) and could be on the verge of dropping down to "poor" and then the message rejections will REALLY start kicking in.

Preaching to the choir ...

Share this post


Link to post
Share on other sites

Yes, thank you Bankertech :)

That seems like the issue we are having. I may temporarily change our outgoing to gmail or something just so we get around the issue. I agree, this issue has caused us to re-think hosting services to another provider. It's annoying that we just renewed with Godaddy two weeks before this issue.

-M

Share this post


Link to post
Share on other sites

GoDaddy's Outbound Mail Servers are *STILL* blacklisted.

My situation is very much like BankerTech's -- I have a low-volume virtual dedicated server at GoDaddy as well. I just use mine for hobbying purposes -- I send out on average 20 e-mails a month. I'm another victim of GoDaddy's ineffective operations.

I'm a network engineer and can confirm BankerTech's assessment -- GoDaddy has IP-based ACL's restricting your ability to relay your own mail and force you to use their outbound mail servers. If they properly managed their mail relays, this would be fine -- I would be ok with delegating a margin of control and management to them for the goal of ensuring that they protect their relays from being abused -- whether the abuse is intentional (explicit customer-initiated maillings) or unintentional (exploit/virus-driven mails).

However, their mail servers suffer from several problems:

  1. They're often down and your outbound mail has to queue on your own server until their relay comes back online. An hour wait is not uncommon.
  2. They do not employ any kind of encryption support, so your outbound mail to TLS-enabled mail servers is not encrypted.
  3. Ineffective management: Since they are forcing all of their customers to funnel all outbound mail through their outbound mail relays, they absolutely should know where the problem mails are coming from, but they refuse to properly manage their network. They probably haven't even looked at the logs.
  4. Poor reactive-based incident response and relying upon Spamcop's Timeouts to resolving their customer support issues. (And, since they're ineffectively managing their network, they'll just continue to be listed.)

Go Daddy should be ashamed of themselves to let this problem go on for so long and provide such terrible service to their customers. Go Daddy has the infrastructure and logs to solve their performance issues as well as their management issues. Go Daddy should consider outsourcing their e-mail services to a company that knows how to do it effectively.

I had to set up my own encrypted tunnel so I can relay my mail and bypass their crappy mail relays.

I have my tunnel-based provider set as my primary smarthost, but I set up one of my domains via a sendmail mailertable entry that allows me to send recurring outbound mails for that one domain only through the GoDaddy mail relays so I can keep up-to-date on the status of their spam blacklist problem -- I am recording the IP addresses of their edge relays and DNSBL status of those edge mail relays. Currently, they're 100% listed.

This tunnel will at least buy me some time to find a different provider while monitoring GoDaddy's level of mail server management incompetence.

Share this post


Link to post
Share on other sites

Hi all, interesting read about this - I am experiencing the same issues with GoDaddy.

doctorrquack, your post is spot on. The simple fact that a company as large as GoDaddy can allow this to happen to ALL of their customers is unbelieveable.

I had to set up my own encrypted tunnel so I can relay my mail and bypass their crappy mail relays.

Is this easy to do? If possible, can you point me in the right direction to implement this on my server? Thanks.

Share this post


Link to post
Share on other sites

Yes, I would be interested in implementing a encrypted tunnel to bypass the relays as well. My IP has been relisted everyday for three straight weeks now. :(

-M

Share this post


Link to post
Share on other sites

After having read all the previous valid comments, maybe they should remove this type of junk:

hxxp:// tradeeverest . com / - typical 419 spam mailer!

If all the mails get channeled via common SMTP server, take a guess what's going to happen? Exactly what we are seeing what the OP complains about.

IP Address 97.74.215.107

Status Succeed

Country USA - Arizona

Network Name GO-DADDY-COM-LLC

Owner Name GoDaddy.com, LLC

From IP 97.74.0.0

To IP 97.74.255.255

Allocated Yes

Contact Name GoDaddy.com, LLC

Address 14455 N Hayden Road

Suite 226

Scottsdale

Email noc[at]godaddy.com

Abuse Email abuse[at]godaddy.com

Phone +1-480-624-2505

Fax

Whois Source ARIN

Host Name tradeeverest.com

Resolved Name p3nlh262.shr.prod.phx3.secureserver.net

Seems like this one may also use Godaddy:

hxxp:// erpa.co /xmlrpc.php

And another:

hxxp:// faithhappenings.org /

etc etc

As long as these exist, you have no hope of Godaddy ever getting off blacklists.

Edited by DerekS

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×