False spam Trap

[tomerlin]

We have a list of 4000 user emails. these people own our products, pay yearly support, we send invoices via email.

A month or two ago, we started getting bouncebacks, saying we were blacklisted by SpamCop.

We are supposedly sending to a Trap email. which is pretty damn close to impossible.

How do i get out of this mess? since i can't know what the email address is to purge it. i can only think it was a user that no longer is using that email, and it is since been used as a honeypot. or they gave us a generic info[at]domain.com email.

Email server 98.172.80.155

[turetzsr]

<snip>

How do i get out of this mess? since i can't know what the email address is to purge it.

...To "purge it" borders on what we would call List Washing (note that although spammers use this tactic, not everyone who uses it is a spammer, so I am not accusing you of that), which is anathema to us and suggesting that you would do it is not going to win you any friends here. I'm going to assume that you could not have been aware of that (note: our suggestion would be that you use a "confirmed opt in" approach with periodic verification).

...Only SpamCop staff can provide any information about S pam Trap hits and, as I understand it, they provide only minimal information and only to the admins responsible for the IP address that was listed. The responsible admin for e-mail server 98.172.80.155 (which, as I write this, is not currently listed, by the way) seems to be Cox Communications. Unless you are a representative of Cox Communications, you would have to ask them to intercede with SpamCop by contacting deputies[at]admin.spamcop.net.

<snip>

i can only think it was a user that no longer is using that email, and it is since been used as a honeypot

<snip>

...According to SpamCop staff who have contributed in this Forum, SpamCop S pam Traps have never been used to send e-mail, so this could not be the case.

[Lking]

i can only think it was a user that no longer is using that email,

You might take a look at gmail addresses. Google is recycling email addresses so your older gmail addresses could be getting reported, although not spamtraps.

[petzl]

We have a list of 4000 user emails. these people own our products, pay yearly support, we send invoices via email.

A month or two ago, we started getting bouncebacks, saying we were blacklisted by SpamCop.

We are supposedly sending to a Trap email. which is pretty damn close to impossible.

How do i get out of this mess? since i can't know what the email address is to purge it. i can only think it was a user that no longer is using that email, and it is since been used as a honeypot. or they gave us a generic info[at]domain.com email.

Email server 98.172.80.155

Bit late after horse has bolted!

SpamCop SCBL is more than a blocklist it is a security alert

My thoughts!

You need to learn about best practice

http://en.wikipedia.org/wiki/Opt-in_email#...pt-in_.28COI.29

You perhaps have competitors feeding your "email me" reply web site?

You sure you are the ONLY sender using that email server only takes one compromised email account by a spammer to get blocked.

This email server looks a good one (I would use it)

https://www.senderscore.org/lookup.php?look...mp;ipLookup.y=8

Put that on your "FAVORITES" address it's very reactive should always be in/over 90's if not it has been compromised

Only takes one authorized user to allow malware on computer giving access.

Insist on ALL passwords to be secure (not easily guessed like admin admin) My suggestion is ALL user passwords need to be this format

Capital letter of 1st name. Number from address (post box). An = sign. Then your secure eight alphanumeric with at least two capitals in it.

The scenario I see here is a compromised account

[DavidT]

We have a list of 4000 user emails. these people own our products, pay yearly support, we send invoices via email.

But you also allow anyone on the internet to sign up for your email newsletters using a form on your website.

Upon submission of their info, is a confirmation email sent to the subscriber, requiring that they click on a link to complete the subscription process? That would be a "double opt-in" and would help protect your list from false/malicious submissions. Please let us know if you're doing that--if not, it can cause problems.

Also, most of the people here are just regular users, with a few volunteer forum admins, but the only person who would have access to official SpamCop transactions regarding your mail server would be SpamCopAdmin, who signs his posts with a contact address, so you might try contacting him directly.

According to various lookup sites, your IP reputation does indeed seem good, although in the past it appears to have been used to transmit spam, but that's most likely before it was assigned to your company (http://www.projecthoneypot.org/ip_98.172.80.155).

DT

[danitaz]

By the way, I've been battling this same issue since about the same time as the OP. We too have a list that is double-opt-in, but has been around since 1998 - we still have customers from that long ago who continue to repeat order from us, so we know that by and large the list is useful. So, while every single one of these email addresses double-opted in at one point, I can only imagine that somewhere along the line an admin thought the particular email address was getting too much junk and the recipient had left (in my business companies seem to never delete old email addresses unless they just have to), and now we have some weird spam trap address that is causing issues. We may very well need to send out a new "please re-opt in" message to clear this out. The irony here is that my company actually runs an anti-spam service for some of our smaller customers. So to get placed on a spam trap list is frustrating to say the least!

Danita

[turetzsr]

Hi, Danita,

...You (rather, whomever can establish the bona fides of herself or himself as an owner/ admin of the IP address that is on the SpamCop blacklist) may be able to get some limited additional information from the SpamCop Deputies (e-mail address deputies[at]admin.spamcop.net).

[lisati]

If the suspect email address is one that was previously a valid email address but has now reverted to a honeypot role, it's possible that at one point emails to the address in question were bouncing or rejected. This should have been picked up and flagged by your mailing list's bounce processing.