Marktech Posted June 8, 2012 Share Posted June 8, 2012 My dedicated email server at Godaddy keeps getting re-listed. I have checked all on-site computer with a virus scan and came up with nothing. I also checked netstat an all computers and did not see any foreign addresses on port 25. Also, I don't have any auto-replies going. Here are the blocked messages: Connected to 13.1.64.93 but sender was rejected. Remote host said: 554 Refused from 208.109.80.58 Blocked - see http://www.spamcop.net/bl.shtml?208.109.80.58 Remote host said: 550 5.7.1 Mail from 208.109.80.60 refused due to black-listing in bl.spamcop.net 217.11.48.123 does not like recipient. Remote host said: 550 5.7.1 ... Mail from 208.109.80.59 refused due to black-listing in bl.spamcop.net Giving up on 217.11.48.123. I have contacted Godaddy and they pointed me to contact Spamcop. Does anyone have suggestions? Thanks, -M Link to comment Share on other sites More sharing options...
Farelf Posted June 9, 2012 Share Posted June 9, 2012 Hi Marktech, Yes, currently listed (spamtraps and reporters): http://www.spamcop.net/w3m?action=checkblo...p=208.109.80.59 Express-delisting is not available Listing History In the past 15.7 days, it has been listed 6 times for a total of 7.4 days Reports on reporter submissions (but not spamtrap hits) would have gone to fblreports[at]godaddy.com and it looks like they (or someone) may have attempted delisting before the spam stopped - which possibly triggered the "Express-delisting is not available" Which would be naughty of them if that's what has happened - they have actually received information which would have helped you. In those reports they would also have been directed to (something like) http://www.spamcop.net/bl.shtml?208.109.80.59 which has some guesses about possible causes. Another to look at is mailing list maintenance (guessing you use e-mail distribution lists). See http://members.spamcop.net/fom-serve/cache/108.html Unfortunately, the neat "double opt-in" resources link under http://members.spamcop.net/fom-serve/cache/406.html is DEAD (SC Staff, please!) and not on the web archive. Anyway, "best practice" for list building and list maintenance is well-documented elsewhere I'm sure. Finally, some of the actual evidence from those reports which might have helped might be found from other DNSbls - feed 208.109.80.59 into a multi-list lookup like http://multirbl.valli.org/dnsbl-lookup/ and follow any of the links from lists referencing your IP address, like http://www.backscatterer.org/?ip=208.109.80.59 to see any hints about what triggered that listing. One thing SC will never tell godaddy (or you) is how to "listwash" specific reporters out to clean up your lists, if that is the cause. And they will never uncover their spamtraps. It goes back to "best practice" and spamming people until they crack is no part of that. If, however, you can demonstrate double opt-in compliance (in which case there would be no spamtrap hits) it would be the errant reporters who would be pulled into line. Any help? Link to comment Share on other sites More sharing options...
petzl Posted June 9, 2012 Share Posted June 9, 2012 My dedicated email server at Godaddy keeps getting re-listed. I have checked all on-site computer with a virus scan and came up with nothing. I also checked netstat an all computers and did not see any foreign addresses on port 25. Also, I don't have any auto-replies going. Here are the blocked messages: Connected to 13.1.64.93 but sender was rejected. Remote host said: 554 Refused from 208.109.80.58 Blocked - see http://www.spamcop.net/bl.shtml?208.109.80.58 Remote host said: 550 5.7.1 Mail from 208.109.80.60 refused due to black-listing in bl.spamcop.net 217.11.48.123 does not like recipient. Remote host said: 550 5.7.1 ... Mail from 208.109.80.59 refused due to black-listing in bl.spamcop.net Giving up on 217.11.48.123. I have contacted Godaddy and they pointed me to contact Spamcop. Does anyone have suggestions? Thanks, -M You are listed in a number of blacklists (12) http://multirbl.valli.org/lookup/208.109.80.58.html Spamcop is getting it's spam traps hit Not sure what dedicated means but I do know a spammer is sending spam though that IP The subject line has (or had) :SPAM10: You can have satisfaction 5 times a night Are you in control of that email server or is godaddy? Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted June 9, 2012 Share Posted June 9, 2012 If 208.109.80.58 = p3plsmtps2ded01.prod.phx3.secureserver.net is your dedicated server, and you are the only one who uses it to send email. then you are sending span to our system. Please stop! - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - Link to comment Share on other sites More sharing options...
Marktech Posted June 9, 2012 Author Share Posted June 9, 2012 Hi Marktech, Yes, currently listed (spamtraps and reporters): http://www.spamcop.net/w3m?action=checkblo...p=208.109.80.59 Express-delisting is not available Listing History In the past 15.7 days, it has been listed 6 times for a total of 7.4 days Reports on reporter submissions (but not spamtrap hits) would have gone to fblreports[at]godaddy.com and it looks like they (or someone) may have attempted delisting before the spam stopped - which possibly triggered the "Express-delisting is not available" Which would be naughty of them if that's what has happened - they have actually received information which would have helped you. In those reports they would also have been directed to (something like) http://www.spamcop.net/bl.shtml?208.109.80.59 which has some guesses about possible causes. Another to look at is mailing list maintenance (guessing you use e-mail distribution lists). See http://members.spamcop.net/fom-serve/cache/108.html Unfortunately, the neat "double opt-in" resources link under http://members.spamcop.net/fom-serve/cache/406.html is DEAD (SC Staff, please!) and not on the web archive. Anyway, "best practice" for list building and list maintenance is well-documented elsewhere I'm sure. Finally, some of the actual evidence from those reports which might have helped might be found from other DNSbls - feed 208.109.80.59 into a multi-list lookup like http://multirbl.valli.org/dnsbl-lookup/ and follow any of the links from lists referencing your IP address, like http://www.backscatterer.org/?ip=208.109.80.59 to see any hints about what triggered that listing. One thing SC will never tell godaddy (or you) is how to "listwash" specific reporters out to clean up your lists, if that is the cause. And they will never uncover their spamtraps. It goes back to "best practice" and spamming people until they crack is no part of that. If, however, you can demonstrate double opt-in compliance (in which case there would be no spamtrap hits) it would be the errant reporters who would be pulled into line. Any help? Thank you for your reply. The information is very helpful. At a quick glance, I'm not seeing our IPs or domain in this DNSbls lookup. I will keep using this tool as a reference in future blacklistings. You are listed in a number of blacklists (12) http://multirbl.valli.org/lookup/208.109.80.58.html Spamcop is getting it's spam traps hit Not sure what dedicated means but I do know a spammer is sending spam though that IP The subject line has (or had) :SPAM10: You can have satisfaction 5 times a night Are you in control of that email server or is godaddy? I am not entirely sure what is meant by "control". I mean, we pay Godaddy for a yearly dedicated server which hosts our website and we send email through it. I can create and edit email accounts through Plesk. However, the server is not at our work-site and is at a Godaddy server warehouse. So I would say Godaddy is in control of it and we just use it. If I am correct and not in control of the server, is this a Godaddy issue? If 208.109.80.58 = p3plsmtps2ded01.prod.phx3.secureserver.net is your dedicated server, and you are the only one who uses it to send email. then you are sending span to our system. Please stop! - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - I have never heard of "secureserver.net". We do not use any type of service from this domain. That is not me. Thank you for the input. -M Link to comment Share on other sites More sharing options...
petzl Posted June 10, 2012 Share Posted June 10, 2012 If I am correct and not in control of the server, is this a Godaddy issue? I have never heard of "secureserver.net". We do not use any type of service from this domain. That is not me. Thank you for the input. -M http://www.spamcop.net/w3m?action=checkblo...p=208.109.80.59 If the spam is not coming from you or no computer using it is compromised then Whats most likely happening is "your" email server is not dedicated it is shared by other GoDaddy users. There is also enough "backscatter" meaning bounces from non-existent email addresses http://www.backscatterer.org/ So there is a lot of heavy spam flow coming from that IP As apparently you don't run this mail server it is a Godaddy problem Perhaps you may wish to try a better email provider like http://davidvielmetter.com/tricks/use-gmai...email-for-free/ Gmail do "datamine" (electronically read) email passing through it's servers The reason I'm suggesting Gmail is it's spam control is legendary Better still if you pay for a good one like a SpamCop email one http://www.cesmail.net/corporate.php I am only a user of SpamCop from Sydney Australia Link to comment Share on other sites More sharing options...
Marktech Posted June 11, 2012 Author Share Posted June 11, 2012 So I decided to submit another problem ticket for second opinion. Here is what I got back: "Thank you for bringing this to our attention. The issue you have been experiencing with our relay server being blacklisted is being worked on by our technicians. Service will return to normal as soon as possible. We are unable to give a specific time frame for this resolution. We appreciate your patience and understanding in this matter and we apologize for any inconvenience. Please contact us if you have any further issues. " So, it now appears that the problem is on Godaddy's side. Even though I was told on the phone support that I would have to contact Spamcop. Not getting clear answers from either sides official channels -M Link to comment Share on other sites More sharing options...
Farelf Posted June 12, 2012 Share Posted June 12, 2012 The answers coming from here are as clear as they can be, given the detail you have provided. If you have the IP address for the origin of the messages being blocked you can quickly check whether or not it is currently on the SpamCop blocklist on http://www.spamcop.net/bl.shtml - and get further information and advice if it is. Or even, to some extent, if it is not. You have quoted notices which implicate both p3plsmtps2ded01.prod.phx3.secureserver.net (208.109.80.58) and p3plsmtps2ded02.prod.phx3.secureserver.net (208.109.80.59). Those are godaddy servers. The server names imply they might be dedicated ones. Are you using either or both or something else again? Do you know how to tell? Whatever, you have the information and methods (outlined above) to get more information once you know the IP address(es) allocated. I suspect godaddy might be changing your address whenever or sometimes when you complain of being blocked. If so, that is "immediate gratification" but counter-productive - they really know better than that. That little shuffle-dance (if that is what is happening) could go on for quite a while or until the sun cools, whichever comes first, with nothing changing. Or you could work out where the offending messages are coming from (the ones causing listing - not only on the SCbl but other DNSBLs as well) and, if from you, stop sending them. If not from you (or from some machine of yours taken over by malware and part of a botnet), your dedicated server does not have a dedicated address and if that is what you are paying for then you would have a real beef with your provider. So far the picture is not clear. Well, not to me anyway. Link to comment Share on other sites More sharing options...
BankerTech Posted June 12, 2012 Share Posted June 12, 2012 I have been fighting this issue for over a week-- some of the replies here are close to the truth, but none are exactly correct. I am the IT Officer at a small community bank in rural Kansas. We have a virtual dedicated server hosted with goDaddy. It is completely administered by me. We are not sending any spam through our server. Spamcop is receiving spam reports from godaddy's SMTP relay system (xx.secureserver.net). EVERY server and email system they host must be pointed to and relay through a secureserver.net smart host. Godaddy's network architecture is set up in such a way that they block any outgoing mail which is configured to be sent directly from the hosted server's IP directy or directed to an alternative SMTP relay or smart host. We attempted to start relaying our email through a different smart host that we have access to, but after spending several hours over two days on the phone with network engineers at goDaddy, it proved impossible. secureserver.net is a massive relay, covering several subnets, including 208.109.80.xxx . I am not sure why goDaddy is having so much trouble tracking down the specific host(s) responsible for the spam, but it is affecting every server hosted with them. Things looked like they'd cleared up last night, but I'm starting to see bounces again. Our only option at this point is to take our hosting elsewhere. 1&1.com is looking pretty good right now, and their engineers assure me I can relay my email wherever I want. Link to comment Share on other sites More sharing options...
Farelf Posted June 12, 2012 Share Posted June 12, 2012 Thanks BankerTech - that explains the difficulty the O/P has been having. Good luck with your hunt for a more amenable provider. I don't think godaddy's policies are at all unusual, being intended as a tight rein for tight control, but obviously that tight rein becomes a liability for all users when they can't actually gain and maintain control. As you say, hard to figure why not - except with daily throughput of 200,000 messages or more on each active secureserver.net server/smart host, most of it being legitimate, they might find it cheaper to simply route around the affected IP addresses (retire/rest them) once those become blocked. Sounds like that's not working so well right now if it is the plan. Godaddy really has to put some resource into winkling out the abusers in their network. Some of their servers have already lost their "good" Reputation Scores (SenderBase, etc.) and could be on the verge of dropping down to "poor" and then the message rejections will REALLY start kicking in. Preaching to the choir ... Link to comment Share on other sites More sharing options...
Marktech Posted June 12, 2012 Author Share Posted June 12, 2012 Yes, thank you Bankertech That seems like the issue we are having. I may temporarily change our outgoing to gmail or something just so we get around the issue. I agree, this issue has caused us to re-think hosting services to another provider. It's annoying that we just renewed with Godaddy two weeks before this issue. -M Link to comment Share on other sites More sharing options...
doctorquack Posted June 21, 2012 Share Posted June 21, 2012 GoDaddy's Outbound Mail Servers are *STILL* blacklisted. My situation is very much like BankerTech's -- I have a low-volume virtual dedicated server at GoDaddy as well. I just use mine for hobbying purposes -- I send out on average 20 e-mails a month. I'm another victim of GoDaddy's ineffective operations. I'm a network engineer and can confirm BankerTech's assessment -- GoDaddy has IP-based ACL's restricting your ability to relay your own mail and force you to use their outbound mail servers. If they properly managed their mail relays, this would be fine -- I would be ok with delegating a margin of control and management to them for the goal of ensuring that they protect their relays from being abused -- whether the abuse is intentional (explicit customer-initiated maillings) or unintentional (exploit/virus-driven mails). However, their mail servers suffer from several problems: They're often down and your outbound mail has to queue on your own server until their relay comes back online. An hour wait is not uncommon. They do not employ any kind of encryption support, so your outbound mail to TLS-enabled mail servers is not encrypted. Ineffective management: Since they are forcing all of their customers to funnel all outbound mail through their outbound mail relays, they absolutely should know where the problem mails are coming from, but they refuse to properly manage their network. They probably haven't even looked at the logs. Poor reactive-based incident response and relying upon Spamcop's Timeouts to resolving their customer support issues. (And, since they're ineffectively managing their network, they'll just continue to be listed.) Go Daddy should be ashamed of themselves to let this problem go on for so long and provide such terrible service to their customers. Go Daddy has the infrastructure and logs to solve their performance issues as well as their management issues. Go Daddy should consider outsourcing their e-mail services to a company that knows how to do it effectively. I had to set up my own encrypted tunnel so I can relay my mail and bypass their crappy mail relays. I have my tunnel-based provider set as my primary smarthost, but I set up one of my domains via a sendmail mailertable entry that allows me to send recurring outbound mails for that one domain only through the GoDaddy mail relays so I can keep up-to-date on the status of their spam blacklist problem -- I am recording the IP addresses of their edge relays and DNSBL status of those edge mail relays. Currently, they're 100% listed. This tunnel will at least buy me some time to find a different provider while monitoring GoDaddy's level of mail server management incompetence. Link to comment Share on other sites More sharing options...
mrickert Posted June 22, 2012 Share Posted June 22, 2012 Hi all, interesting read about this - I am experiencing the same issues with GoDaddy. doctorrquack, your post is spot on. The simple fact that a company as large as GoDaddy can allow this to happen to ALL of their customers is unbelieveable. I had to set up my own encrypted tunnel so I can relay my mail and bypass their crappy mail relays. Is this easy to do? If possible, can you point me in the right direction to implement this on my server? Thanks. Link to comment Share on other sites More sharing options...
Marktech Posted June 26, 2012 Author Share Posted June 26, 2012 Yes, I would be interested in implementing a encrypted tunnel to bypass the relays as well. My IP has been relisted everyday for three straight weeks now. -M Link to comment Share on other sites More sharing options...
DerekS Posted June 27, 2012 Share Posted June 27, 2012 After having read all the previous valid comments, maybe they should remove this type of junk: hxxp:// tradeeverest . com / - typical 419 spam mailer! If all the mails get channeled via common SMTP server, take a guess what's going to happen? Exactly what we are seeing what the OP complains about. IP Address 97.74.215.107 Status Succeed Country USA - Arizona Network Name GO-DADDY-COM-LLC Owner Name GoDaddy.com, LLC From IP 97.74.0.0 To IP 97.74.255.255 Allocated Yes Contact Name GoDaddy.com, LLC Address 14455 N Hayden Road Suite 226 Scottsdale Email noc[at]godaddy.com Abuse Email abuse[at]godaddy.com Phone +1-480-624-2505 Fax Whois Source ARIN Host Name tradeeverest.com Resolved Name p3nlh262.shr.prod.phx3.secureserver.net Seems like this one may also use Godaddy: hxxp:// erpa.co /xmlrpc.php And another: hxxp:// faithhappenings.org / etc etc As long as these exist, you have no hope of Godaddy ever getting off blacklists. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.