Jump to content
Sign in to follow this  
paolothehoo

How did we get listed?

Recommended Posts

I learned that we have been blacklisted after one of my users tried to send e-mail to a client and it bounced. We are 65.171.76.80. I double-checked our server and it can't be used to relay. How could mail from us hit a "spam trap"? Would a user have to do this or could this have been caused by the MyDoom virus (we got hit on one machine before the new definition was released)? HELP! I don't even know where to look to determine the cause for this!

Thanks, in advance.

Share this post


Link to post
Share on other sites

Hi,

If you send mail that could potentially hit a spamtrap address (e.g. mailing lists that do not use confirmed-opt in), this could be the cause. In this case, your only course of action is to sort out your lists.

Spamtraps are email addresses that are never used to sign up to anything - they may be seeded on web pages or seeded in other ways - I don't know for sure. They would never have sent 'real' email, though.

It is possible that the machine compromised with MyDoom could have been the cause of the problem - if this is the case (and the machine is now secured), you will drop from the list in a maximum of 48 hours from when you were listed.

If you cannot wait, drop a line to deputies at admin.spamcop.net with the IP address - they will be able to check to see if the mail was indeed a MyDoom mail.

Hope this helps!

Share this post


Link to post
Share on other sites
I learned that we have been blacklisted after one of my users tried to send e-mail to a client and it bounced. We are 65.171.76.80. I double-checked our server and it can't be used to relay. How could mail from us hit a "spam trap"? Would a user have to do this or could this have been caused by the MyDoom virus (we got hit on one machine before the new definition was released)? HELP! I don't even know where to look to determine the cause for this!

Thanks, in advance.

Did you check the link out? http://www.spamcop.net/w3m?action=checkblock&ip=65.171.76.80

It looks like more than 1 spamtrap and there are also spam reports. The one shown on the page definately looks like spam.

You might have an open proxy or an bad formmail scri_pt that is being abused on this machine as you are listed in a couple of the other lists.

Seems as if this machine is not as locked down as you think and someone is abusing it.

Share this post


Link to post
Share on other sites

"65.171.76.80 was found in 12 lists (of 259 tested)" according to drbcheck at http://moensted.dk/spam/?addr=65.171.76.80

Please see the "Pinned: FAQ Entry: Why is my email blocked?" Topic at

http://forum.spamcop.net/forums/index.php?showtopic=35 for more information.

Thanks!

Edited by JeffG

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×