help to understand what happening

[ipel]

From 5 days my IP is blacklisted in spamcop, the problem is that i don't understand why, of course we don't send any kind of spam, but in these last days we get many bounceback, each with many unknown email addresses in the header, instead of only 1 correct email address of my user (that obviously can not receive the email because of bloacklist)!

The email messages sent are notification for my website (like new registrations, email confirmation,..). I have already checked and secured all the scripts that send the emails and updated the phpmailer class to the lastest version.

I have tryed to send the unblock request to spamcop, but after a few SECONDS these IPs are re-listed!

I really don't understand if my website was hacked by a spammer or what its happening... how it possibile that a message send to my user or to me include many unknown email addresses in the header? and how i can resolve?

Please any kind of help is really appreciated!

PS: if needed i can provide IPs, email addressess and hosting provider

[SpamCopAdmin]

The server handling your outgoing email is sending spam to our system and has been placed on our list of known spam sources, which we publish.

It will be automatically removed from our list 24 hours after the spam stops.

Please contact your Email Provider and ask them to stop the spam.

The reason that the mail server IP address is on our list doesn't have anything to do with you personally or with the email you're sending.

I'm sorry that you got involved in all this. Service providers are desperate to protect their users from junk e-mail (spam), and they're taking all sorts of extreme steps to do it. It's a sad commentary on the abusive Internet environment of today.

If you scrutinize the rejection notice you got, I think you'll find that it was sent to you by your own service provider when it tried and failed to deliver your message to a network that wouldn't accept it.

SpamCop is not blocking your email. It's not physically possible because your email doesn't go through our system. Only the receiving system can block email, which is their absolute right to do, on any basis they choose, at their whim. It's their equipment, and their choice.

I understand your frustration over this, but unfortunately, there is no way an ISP can tell the good guys from the bad guys just by looking at the email when it arrives.

Some of these spammers are sending hundreds of millions of spam messages every day. That's not all spammers counted together, either. *Each* major spammer is sending mail at that level. Add the literally thousands of small-time spammers to that and you have a problem of epidemic proportions.

Service providers are sick and tired of having to accept all that traffic, and then bounce a third of it because it came to nonexistent addresses, and then handle complaints from their users, and add more computers and staff to handle the traffic and complaints, and spend more money..... etc, ad nauseam.

They're tired of it and they're not going to put up with it anymore. They are going to refuse *ALL* mail from known spam sources until the source gets rid of its spammers. They no longer have any sympathy for the innocent bystanders, such as yourself, who are using a mail server which has found its way onto one of the several major blocking lists.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

[ipel]

Thank you for your answer!

So the fact that in these bounceback that i get there are many unknown email addresses in the header, instead of the right one (that is displayed on the bottom, before the header of the message) is not because my scri_pt / server was hacked and is sending spam from my website email-address?

well, at least this is good.. ok so i only need to contact my hosting provider and wait... right?

thank you again, have a nice day!

[ipel]

Unfortunately until today the problem is still unresolved,

and my hosting provider (godaddy) don't give me any useful answers.

http://www.spamcop.net/w3m?action=checkblo...=188.121.43.193 (same for 188.121.43.194)

In the last days it seems some godaddy IPs are blocked in spamhaus too, where i get this message:

http://cbl.abuseat.org/lookup.cgi?ip=188.121.43.193 (same for 188.121.43.194)

Is this a godaddy server problem or was my website hacked? Thank you very much for your help!

[Farelf]

...Is this a godaddy server problem or was my website hacked? Thank you very much for your help!

It is godaddy's problem. You are just one of many users of those servers. One or more of those users has/had a compromised computer (it could be yours but the probability is low). Godaddy thinks they have isolated the problem computer(s) using their network since they de-listed their servers on the CBL lists. They did that about the same time as SpamCop last recorded spam from n1nlshrout02.shr.prod.ams1.secureserver.net [188.121.43.194]. Maybe SpamCop reports helped them identify the problem machine(s) - time will tell.

The CBL links are good, they give you the information you need:

...If you are a customer of this environment, you will almost certainly not be able to do anything about it, only the administrators of the hosting environment itself can. ...