Jump to content
Sign in to follow this  
Zaradlas

Am I doing this right?

Recommended Posts

Hi all,

I have been reading all FAQs and searched the forums thoroughly but I could not find an answer for my problem.

I have a yahoo.com account and today I sent an email an got it back saying that my email is blacklisted in Spamcop. (I copy the email at the end).

I cannot find the IP address to check if it is really blacklisted and understand why, I tried the 3 IPs near the top of the bounced email but they didn't trigger anything. I also tried the IP from my home connection but it didn't trigger either.

I've found many information of what do do for administrators, but since my problem is with a web based email I am not sure how to proceed.

I am currently running antivirus on my 2 computers to check if there is anything, but I have found nothing so far.

I believe I gave all the information I have, but if I should add any more info please let me know. I deleted my email address and the receiver, to avoid spamers tracking it, but if it is needed I can post it too.

Thanks to all for your help.

------------------------------

Sorry, we were unable to deliver your message to the following address.

<xxx[at]gvcgaesco.es>:

Remote host said: 550 Rule imposed as xxx[at]yahoo.com is blacklisted on SpamCop (see www.spamcop.net) [RCPT_TO]

--- Below this line is a copy of the message.

Received: from [98.139.212.149] by nm10.bullet.mail.bf1.yahoo.com with NNFMP; 30 Aug 2013 09:30:48 -0000

Received: from [98.139.212.198] by tm6.bullet.mail.bf1.yahoo.com with NNFMP; 30 Aug 2013 09:30:48 -0000

Received: from [127.0.0.1] by omp1007.mail.bf1.yahoo.com with NNFMP; 30 Aug 2013 09:30:48 -0000

X-Yahoo-Newman-Property: ymail-3

X-Yahoo-Newman-Id: 411203.56525.bm[at]omp1007.mail.bf1.yahoo.com

Received: (qmail 16500 invoked by uid 60001); 30 Aug 2013 09:30:48 -0000

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1377855048; bh=0J7UHxPANWr5XUCILAeXOUQUDMi7FtWSk+UJpRkZJMI=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=Cz0DNHhyQferM5rgbDTxy1CoRfIxwcJKCLPCuc/bbWyuS9dWO/dcEriRLoXMePvQ1GJM2bHXPm2bu7mQ9/FYteSg9XCGwQTriXLBzcvOa4dAK4bG2u4LwK0HUDqUVZQpfMF/5F76M90WH6avbm0bOijj0nM50rIPo0g63Mda5fU=

DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;

s=s1024; d=yahoo.com;

h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type;

b=EsyO/5svj7dXcW4T6KHDezYXNXjNLfJon68qGOgtgCCWlJc68+u/0ZEVkcm6a8deIHdX0wkqgw3nv+gr7FGnThbRieWV7XhpKl8gu3Mco0Hm2rRLgog74Vi1zG61ZitEwU9c0+QRdRSwVyXDHFBl0yoqdfhmITfVqwQGLrodzpk=;

X-YMail-OSG: 3LFaa4wVM1lRxBX7bzqIZrF3LoY4oAphIwcIViHO1CHy.G0

.ZL50BFSSbH_x.qVW7gVoLFJq8SifxeRskI3rA3MogOF4W4S9CTkfFXVbyzP

NotCsd40r_9KjZhYIn_6F8ck9vb1in6g.JFMgYiFW0F6oHz11s9m0jFxYcya

FusLLaxOKtY6tOkPLqffU3BrbgjiDhuZS3XTMJHRMg_OaV0uC7DQG.AjH4f2

N8vvtB6HsaiA1BVQAqv97B.S7plF2SMryAtCEXWxRmI4.umRnSXwCMPsDUV5

p7toCX68b09Pv2ptH57QNnellXsg4yf4m6X9FAKaMDReiLjLkJwdrQUTcDbo

SWwPhrgBqBbdXad4LoE2A2PcaU2r33ju2PzNLSVypM1KUdPBVbH86Jr5R_rl

Odwlzjbvbw5fA849WqXzx2eE4oFEKwIRGAMnA1_0LfJPsn6GzvFZBryTJzDm

pURohKEKIsxrMHObyQJZAgR2kqB28o6Q7rH91vq6T49_6FgK5Xc0Vl_aTUVe

D0Otnn6kRV5nDYX.i95FLzjKVB4gZiw55mk5iHnysUjLfvKPPRtd_.1fHnlZ

yNwtx_PPRAFlezzZZ1VX5AOr5tFHsq4yf8D2f6v1eMmUlJ4i2GYvlaGaio_O

uzzv8Z6B46BMYXAScIphR63I0uTsDwHtN9k7z.VPJRwL.afWtJS0guCJtUX7

kGG1PTSYOwE.zExSh3nRNAQCKLji2Bkm0QBM7c59SJ7Lhtygf62.v.3ZwLRe

r5NpAmsirGpU8A9A2HZ.Fevj4BId3FOgyEh8vMc50yM5dUu1j.T9ANaenprV

lsPZmDrQugbnFOi0eKgo8ShvcbpZaXGc0jDGr2LQqmkn8eHJhNs9CB1OYNvQ

zQaLqOCDDPj7Je3rXPx_mb26CrwWnYXWv3oaTquRF2nibaiR0mfPIHB0YoDe

6nvo2N5n2duL8LHy.z4_0Tl7G.icPWY0BPhAy_Yqvlf90gNx0rE7NccINsE0

3SH1i12qM9lIFQWqMucjFuhQJUXToXGO.MuDMiE8W30r7jt2Ms5sQ6DuTEu9

OCRy4EyC22ctRuXN94glDh9HewKLe5MRbCFmJ35Y52Qa_QLxYVaHNv5cU

Received: from [88.15.234.76] by web162406.mail.bf1.yahoo.com via HTTP; Fri, 30 Aug 2013 02:30:47 PDT

X-Rocket-MIMEInfo: 002.001,CgoKCkVzdMOgIGLDqSwgdGlyZW0taG8gZW5kYXZhbnQuClVuIHBhcmVsbCBkZSBkdWJ0ZXMgcmVmZXJlbnRzIGEgbGEgUkYuIFBhc3NhIGFsZ28gYW1iIFBldWdlb3QgcGVycXXDqCBkb25ndWluIGFxdWVzdHMgdGlwdXM_IENvbSB2ZWlldSBlbCB0ZW1hIGRlIGJvbnMgZGUgbGEgZ2VuZXJhbGl0YXQ_IFRlbmludCBlbiBjb21wdGUgdG90IGVsIHRlbWEgZGUgbGEgaW5kZXBlbmTDqG5jaWEgaSB0YWwgY29tIHBvdCBhZmVjdGFyPwoKTWVyY2kuCgpDb20gZGVpYSBobyB0aXJlbSBlbmRhdmFudC4KCkFicmHDp2EBMAEBAQE-

X-Mailer: YahooMailWebService/0.8.156.576

References: <1377689651.63061.YahooMailNeo[at]web162401.mail.bf1.yahoo.com> <294B6AC11C367548A741F3EB472A6C540DE43FAE[at]svrexchange.langaesco.com> <1377854528.55982.YahooMailNeo[at]web162402.mail.bf1.yahoo.com>

Message-ID: <1377855047.16453.YahooMailNeo[at]web162406.mail.bf1.yahoo.com>

Date: Fri, 30 Aug 2013 02:30:47 -0700 (PDT)

From: xxx <xxx[at]yahoo.com>

Reply-To: xxx <xxx[at]yahoo.com>

Subject: Fw: Cartera mixta

To: =?utf-8?B?VmljZW7DpyBGZXJyZXI=?= <xxx[at]gvcgaesco.es>

In-Reply-To: <1377854528.55982.YahooMailNeo[at]web162402.mail.bf1.yahoo.com>

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="-747684034-982923511-1377855047=:16453"

---747684034-982923511-1377855047=:16453

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable

=0A=0A=0A=0AEst=C3=A0 b=C3=A9, tirem-ho endavant.=0AUn parell de dubtes ref=

erents a la RF. Passa algo amb Peugeot perqu=C3=A8 donguin aquests tipus? C=

om veieu el tema de bons de la generalitat? Tenint en compte tot el tema de=

Share this post


Link to post
Share on other sites

Hi Zaradlas,

You are correct, there is no current or recent public record of those two Yahoo IP addresses, nor of your own RIMA address, on the SCbl. (127.0.0.1 does not count, that is an internal address only). We are starting to hear of a number of non-delivery messages with the same non-specific reference to SpamCop. Maybe there are some poorly-configured servers that attribute all blocking to the SpamCop list when it is not listed by SC at all, This has certainly happened in the past.

In that event, it might be useful to note the receiving domain in this instance as gvcgaesco.es, which you have kindly supplied.

You might like to consult multiple blocklist lookups to see any that really list your IP address (but some lists will have no significance). I find http://multirbl.valli.org/dnsbl-lookup/ useful for such purposes. If you have a dynamically-allocated IP address then absolutely anyone could be responsible for the abuse which lead to the listing(s).

Share this post


Link to post
Share on other sites

Something doesn't look right to me about that bounce message. If I have read it correctly, the machine rejecting the email has attributed its blocking an email address to a listing in spamcop. The last time I checked, spamcop lists IP addresses, not email addresses.

Share this post


Link to post
Share on other sites

Oh wow, you're right, that IS how it reads, therefore totally bogus. More like a MailWasher fake bounce then?

Share this post


Link to post
Share on other sites

I tried the website you provided and it effectively reports a few positives. 7 our of 240.

I have a few followup questions:

- Which one of the different IPs in the bounce email I am supposed to check? I do not understand what each of them means. After trying them in that website they get different results each.

- What next steps should I do if I want to be removed from that blacklists?

- Is it possible that the email address and not the IP is blocked? Some times I have received spam emails where my email address appears as sender... Is it possible? Does it mean I am infected? Could it be sent from another site and they make it that my address appear as sender?

- You say that it seems that it is not really SpamCop, how and why are this guys reporting that Spamcop is responsible for something it is not? Isn't it damaging Spamcop image?

- And the final question: What next steps do you recommend me to take to try to solve my address being blacklisted? Should I speak with SpamCop, or who or where should I direct my attention an efforts?

Thanks a lot again for your time ans answers.

Regards.

Share this post


Link to post
Share on other sites

There are complexities that are inescapable and I don't necessarily understand it well enough myself - and there is some "informed gueusswork" involved. But, my best attempt to explain:

It is not possible to say for certain what is being objected to, the "bounce message" only implicates your yahoo e-mail address and that is not proper. The bounce message does not appear to return/confirm the actual outgoing IP address from yahoo from which the recipient's network (gvcgaesco.es) received the message but that probably does not matter (except to confirm the impression it is not a proper network bounce). It seems most likely it is your individual/specific recipient who has rejected the message, in which case he is probably only accepting mail from known addresses.

I think it will be pointless chasing delisting from blocklists - the only IP addresses that would count would be the outgoing addresses of yahoo, over which you have no control. Wait 5 minutes and send your mail again and yahoo will most likely use another outgoing address - and almost certainly it is not any public blocklist which is causing the problem anyway. Those could cause problems sending to other networks or to other individuals - but that is all yahoo's responsibility, your only "control" is to accept their service or to walk away from it. You are one user amongst millions.

When blocklists are used, it would usually be the last IP address of the sending network (on entry to the receiving network) that is examined - certainly that is the only one the receiving network can be sure of. That is the topmost yahoo address in your case. That is shown as 98.139.212.149 in the bounce but, as said, that bounce omits at least one further "Received:" line showing the entry into gvcgaesco.es netspace and the yahoo outgoing server address**. The essential "missing" line I would be expecting would be something like:

Received: from [98.139.212.169] by mail.gaesco.com with ESMTP; 30 Aug 2013 09:30:48 -0000

where 98.139.212.169 is an outgoing yahoo server and mail.gaesco.com [213.229.156.154] is gaesco.es's mail exchange (and there would be further lines - higher up in the headers - for further hand-offs within gaesco.es which would be of no consequence in this discussion).

For what it is worth, "your" IP address is/was 76.Red-88-15-234.dynamicIP.rima-tde.net [88.15.234.76] however that is dynamically-allocated, the next time you use the internet it could be different so you have no control over that either. The only way to get an exclusive IP address is to pay extra for a static allocation. In that case you would probably want to use another domain name (your own) in your e-mail address as well.

**If you want to see your IP address and the yahoo outgoing IP address whenever you send through yahoo you could send a "probe" e-mail to ping[at]mxtoolbox.com (see http://www.mxtoolbox.com/blacklists.aspx).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×