Jump to content
Sign in to follow this  
andrenth

Blocked for mail to SpamCop spam traps

Recommended Posts

Hello

I am a network admin for a web hosting provider. Recently (since about 2 weeks ago), we started having servers blocklisted for sending mail to SpamCop spam traps (eg. http://www.spamcop.net/w3m?action=blcheck&...=187.73.32.164).

We've never had SpamCop problems before, and we're trying to find out how to fix this, but since there's no report for this kind of blocking, it becomes hard to find who is the misbehaving customer.

Is there any way I can find more info about the reasons for these IPs being blocked?

Last night we added a new server (187.73.32.201) and this morning it was already blocked (although it doesn't show as blocked right now).

Thanks in advance,

Andre

Share this post


Link to post
Share on other sites

Hi, Andre,

...Thank you for being concerned enough to ask about pursuing the spamming.

...The Deputies are, I understand, rather busy, so it may take a day or three before you see a reply. If you still don't have one by then, you might try again, being brief and not asking for details about the spamtrap hits, which SpamCop will not provide so as to maintain the integrity of the spamtraps. Also include some evidence that you are an admin responsible for the IP address being identified as the spam source. You may also include in the "To" list of your e-mail "service[at]admin.spamcop.net," which is the e-mail address monitored by one of the key SpamCop Deputies, Don D'Minion.

...In the meantime, to find more information about what you can do about finding the spammers, please navigate to the "SpamCop FAQ," links to which appear near the top left of each SpamCop Forum page, and look for articles under the titles "Help for abuse-desks and administrators" and "Assistance stopping spam."

...Good luck!

Share this post


Link to post
Share on other sites

Hello Andre,

Your servers listed at some time recently (but mostly not right now) are shown to be:

187.73.31.210 187.73.32.128 187.73.32.140 187.73.32.152 187.73.32.158 187.73.32.164 187.73.32.165 187.73.32.166 187.73.32.171 187.73.32.172 187.73.32.188 187.73.32.195 187.73.32.196 187.73.32.198 187.73.32.201

In all of those, you currently have no CBL listings (usually a good source of specific information and assistance) - that is unusual, as you say it must be individual "misbehaving" customers rather than zombies using your network. While you are waiting for response from the SpamCop staff, have you looked at SenderScore information? There may be clues there (you need a free account to see much). For instance most - but not all - sending domains using your servers have SPF authentication. Is there anything significant about those few that do not?

Share this post


Link to post
Share on other sites

For instance most - but not all - sending domains using your servers have SPF authentication. Is there anything significant about those few that do not?

Thanks for reporting this. We enforce default reject policies in SPF, DKIM and DMARC for all our customers by default, and while they can change the policies, they shouldn't be able to remove the SPF records.

I'll investigate what happened to those.

Just for the record, the 187.73.31.210 address is not ours.

Thanks,

Andre

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×