Jump to content
Sign in to follow this  
exitlight

Case study - Spamcop's BL NS's out of sync

Recommended Posts

Greetings, everyone.

Sporadic blacklisting by spamcop's DNS's happening for a few days now.

Spamcop's web site reports the IP as NOT listed (IP is: 217.70.144.64 ). It WAS listed a few days ago, I requested a removal and apparently it went through only partially.

Some Spamcop DNS servers report it as listed, most as not.

Her's what I've done. I've checked blns{1,71}.spamcop.net. I'm not sure 71 is the maximum I should have checked but it seems good enough. Anyway:

$ for i in `seq 1 71`; do echo $i; dig 64.144.70.217.bl.spamcop.net a [at]blns$i.spamcop.net > $i 2>&1; done

Result is 71 files.

$ grep "IN" * | grep bl.spamcop | grep -v SOA

Resuilt:

11:;64.144.70.217.bl.spamcop.net. IN A

11:64.144.70.217.bl.spamcop.net. 2100 IN A 127.0.0.2

14:;64.144.70.217.bl.spamcop.net. IN A

25:;64.144.70.217.bl.spamcop.net. IN A

34:;64.144.70.217.bl.spamcop.net. IN A

34:64.144.70.217.bl.spamcop.net. 2100 IN A 127.0.0.2

39:;64.144.70.217.bl.spamcop.net. IN A

4:;64.144.70.217.bl.spamcop.net. IN A

42:;64.144.70.217.bl.spamcop.net. IN A

43:;64.144.70.217.bl.spamcop.net. IN A

44:;64.144.70.217.bl.spamcop.net. IN A

50:;64.144.70.217.bl.spamcop.net. IN A

54:;64.144.70.217.bl.spamcop.net. IN A

55:;64.144.70.217.bl.spamcop.net. IN A

56:;64.144.70.217.bl.spamcop.net. IN A

58:;64.144.70.217.bl.spamcop.net. IN A

6:;64.144.70.217.bl.spamcop.net. IN A

60:;64.144.70.217.bl.spamcop.net. IN A

63:;64.144.70.217.bl.spamcop.net. IN A

65:;64.144.70.217.bl.spamcop.net. IN A

66:;64.144.70.217.bl.spamcop.net. IN A

67:;64.144.70.217.bl.spamcop.net. IN A

68:;64.144.70.217.bl.spamcop.net. IN A

69:;64.144.70.217.bl.spamcop.net. IN A

70:;64.144.70.217.bl.spamcop.net. IN A

71:;64.144.70.217.bl.spamcop.net. IN A

As we can see BLNS11.spamcop.net and BLNS34.spamcop.net have the IP listed, while the other BLNS's do not have it listed.

Any help with that, please? Thanks in advance.

Another question - if I understand correctly (do I?), Spamcop sets email traps and if any spam is received, the sending server is blacklisted. Sounds like a great plan, except we got listed while we only send email to our actual customers from the server that got listed, i.e.: only people who created actual accounts. How can that happen? Thanks again.

Share this post


Link to post
Share on other sites

I passed the Blocking List info on to our Engineers.

>- Spamcop sets email traps and if any spam is received, the sending server is blacklisted.

Basically, yes. Although it takes more than just one spam.

A spamtrap is an unused address whose sole reason for existence is to see if people will send unsolicited mail to it. Spamtraps are basically the nonexistent addresses at small vanity domains owned by us or our associates. Mail to nonexistent addresses is proof-positive that email addresses are being added to a mailing list without the address owner's permission.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Share this post


Link to post
Share on other sites
<snip>

Another question - if I understand correctly (do I?), Spamcop sets email traps and if any spam is received, the sending server is blacklisted. Sounds like a great plan, except we got listed while we only send email to our actual customers from the server that got listed, i.e.: only people who created actual accounts. How can that happen? Thanks again.

...Three possibilities occur to me (but I am no expert):
  • One or more of your "actual customers" gave you a SpamCop S pam Trap address as their e-mail address.
  • One or more of your customers either forgot that they had requested something from you and reported it as spam or deliberately reported you.
  • A spammer has used your server or a machine for which you receive abuse reports to send spam.

...The SpamCop Deputies (deputies[at]admin.spamcop.net) might also be of help to you in determining a bit more about whether the cause is S pamTrap hits or SpamCop user reports or both that caused the listing.

...Good luck resolving the problem and thanks for caring enough to inquire!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×