paolothehoo Posted January 30, 2004 Share Posted January 30, 2004 I learned that we have been blacklisted after one of my users tried to send e-mail to a client and it bounced. We are 65.171.76.80. I double-checked our server and it can't be used to relay. How could mail from us hit a "spam trap"? Would a user have to do this or could this have been caused by the MyDoom virus (we got hit on one machine before the new definition was released)? HELP! I don't even know where to look to determine the cause for this! Thanks, in advance. Link to comment Share on other sites More sharing options...
jmclusky Posted January 30, 2004 Share Posted January 30, 2004 Hi, If you send mail that could potentially hit a spamtrap address (e.g. mailing lists that do not use confirmed-opt in), this could be the cause. In this case, your only course of action is to sort out your lists. Spamtraps are email addresses that are never used to sign up to anything - they may be seeded on web pages or seeded in other ways - I don't know for sure. They would never have sent 'real' email, though. It is possible that the machine compromised with MyDoom could have been the cause of the problem - if this is the case (and the machine is now secured), you will drop from the list in a maximum of 48 hours from when you were listed. If you cannot wait, drop a line to deputies at admin.spamcop.net with the IP address - they will be able to check to see if the mail was indeed a MyDoom mail. Hope this helps! Link to comment Share on other sites More sharing options...
Merlyn Posted January 30, 2004 Share Posted January 30, 2004 I learned that we have been blacklisted after one of my users tried to send e-mail to a client and it bounced. We are 65.171.76.80. I double-checked our server and it can't be used to relay. How could mail from us hit a "spam trap"? Would a user have to do this or could this have been caused by the MyDoom virus (we got hit on one machine before the new definition was released)? HELP! I don't even know where to look to determine the cause for this! Thanks, in advance. Did you check the link out? http://www.spamcop.net/w3m?action=checkblock&ip=65.171.76.80 It looks like more than 1 spamtrap and there are also spam reports. The one shown on the page definately looks like spam. You might have an open proxy or an bad formmail scri_pt that is being abused on this machine as you are listed in a couple of the other lists. Seems as if this machine is not as locked down as you think and someone is abusing it. Link to comment Share on other sites More sharing options...
Jeff G. Posted January 30, 2004 Share Posted January 30, 2004 "65.171.76.80 was found in 12 lists (of 259 tested)" according to drbcheck at http://moensted.dk/spam/?addr=65.171.76.80 Please see the "Pinned: FAQ Entry: Why is my email blocked?" Topic at http://forum.spamcop.net/forums/index.php?showtopic=35 for more information. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.