Jump to content

Mail from 209.17.115.39 refused


Abe231

Recommended Posts

Abe here,

Some of our clients are reporting not receiving our emails, I have been working with the clients IT departments and tracked down the issue as being blacklisted.

I work for a small office in Michigan, I manage the IT here for are ~50 pc's. We have a few local radio stations, and we work with local and regional sales for our business, primarily via email.

Unfortunately this has been an ongoing issue, I had always believed it was our email provider, but I need more information, so here is some background on our email provider, and experience:

Before I started (over a year ago) the old IT guy had switched are email to a new provider, Networksolutions (http://www.networksolutions.com/) to reduce the cost of our email. I think this is the root of our problems, I have contacted their support multiple times in the past and occasionally they have a prerecorded 'Know Issue' message before you wait on hold; most of the time it was something like "We are aware that many of our email clients are being blacklisted and are working to get the issue resolved, please remain on the line if you have another issue".

Recent bounce back:

From: Mail Delivery Subsystem

[mailto:MAILER-DAEMON[at]atl4mhob01.myregisteredsite.com]

Sent: Tuesday, March 04, 2014 3:53 PM

To: jgordon[at]wklt.com

Subject: Returned mail: see transcript for details

The original message was received at Tue, 4 Mar 2014 15:52:59 -0500 from

[10.30.71.114]

*** ATTENTION ***

This email is being returned to you because the remote server would not or

could not accept the message. The registeredsite servers are just reporting

to you what happened and are not the source of the problem.

The address which was undeliverable is in the section labeled:

"----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is in the section labeled:

"----- Transcript of Session Follows -----".

This section describes the specific reason your e-mail could not be

delivered.

Please direct further questions regarding this message to your e-mail

administrator.

--Registeredsite Postmaster

----- The following addresses had permanent fatal errors -----

<rjones[at]OdawaCasino.com>

(reason: 550 5.2.1 Mail from 209.17.115.39 refused: spam site.)

----- Transcript of session follows ----- ... while talking to

smtp.odawacasino.com.:

From the SpamCop 'Cause of Listing':

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

So this is where i need some guidance, Is this strictly our email domain (which is [at]wklt.com) or are we included with other email domains on the Blacklisted IP?

I read through some other pined posts and found that Auto-Responders can cause the issue? My employee's prefer to use an auto-responder when they take vacation or our expected to be out of office on a normal business time. Should I enforce them not to? The most important part of our business is selling adds on our stations and this is done through email mostly, I need communication between us and our clients, when we are blacklisted it can cause us loss of income.

We don't have a local email server, just workstations with either Outlook or Thunderbird clients, some of our employees use the webmail also (mail.wklt.com). I keep the workstations in good condition, windows firewall, anti-virus, ect. Network is secure. I'm at a loss of what would be causing the spam.

Any help would be greatly appreciated.

Thanks,

Abe

Link to comment
Share on other sites

...

So this is where i need some guidance, Is this strictly our email domain (which is [at]wklt.com) or are we included with other email domains on the Blacklisted IP?

I read through some other pined posts and found that Auto-Responders can cause the issue? My employee's prefer to use an auto-responder when they take vacation or our expected to be out of office on a normal business time. Should I enforce them not to? The most important part of our business is selling adds on our stations and this is done through email mostly, I need communication between us and our clients, when we are blacklisted it can cause us loss of income.

We don't have a local email server, just workstations with either Outlook or Thunderbird clients, some of our employees use the webmail also (mail.wklt.com). I keep the workstations in good condition, windows firewall, anti-virus, ect. Network is secure. I'm at a loss of what would be causing the spam.

...

Hi Abe, sorry to hear of your troubles.

The SCbl is strictly on the basis of IP address, never the mail domain. There are a heap of other users of that outgoing IP address and others** (I see 3,500 different domains, probably there are more), all within the myregisteredsite.com server farm. Almost certainly you are not responsible for the spam (what would be the odds of that?) **I suspect your outgoing mail is handled by any of 25 servers (see the SenderBase link further below), I can see (from SendeScore) three other IP addresses you have certainly used, 209.17.115.43, 209.17.115.45 and 209.17.115.53. If your outgoing then is via a serverfarm involving many IP addresses, your tactic when/if you know of a bounce is simply to resend - it will probably use a different sever when you do. Webmail may go through a separate set of servers (the SenderBase link makes it seem so) so that is another way to dodge the block. The problem is you will not always be notified of rejection.

When humans (reporters) are involved in the SpamCop listing, detailed reports are available for the responsible abuse address(es) with all the necessary information for them to find and isolate the sources of spam (in fact often before there is any listing - it takes a number of report submissions - from different reporters - to get listed but all bets are off if a spamtrap is tripped). The abuse handlers for 209.17.115.39 are abuse[at]corp.web.com, abuse[at]web.com and abuse[at]interland.com. But SpamCop's is not the only RBL that might come into play.

That IP address certainly is struggling - I see "Listing History

In the past 86.5 days, it has been listed 22 times for a total of 23.3 days" Despite that, your provider's servers seem to be doing a good job. Senderscore.org gives that IP address (even though it is/was SC listed) a score of 96 which is excellent (no link, they're not associated with SC, Google it if interested).

Other IP addresses in that network IP range with problems (but not necessarily currently listed) are:

209.17.114.75 209.17.114.77 209.17.115.40 209.17.115.43 209.17.115.45 209.17.115.47 209.17.115.48 209.17.115.49 209.17.115.52 209.17.115.54 209.17.115.59 209.17.115.60 209.17.115.104 209.17.115.106 209.17.115.107 209.17.115.159 209.17.115.163 209.17.115.165 209.17.115.177 209.17.115.179 209.17.115.188 209.17.115.193 and 209.17.115.208 - which unfortunately includes two of the other three IP addresses you have recently used in high volume. But yes, still doing a good job.

See http://www.senderbase.org/senderbase_queri...g=209.17.115.39 for myregisteredsite.com (and web.com) performance.

Submissions from reporters over the past 90 days concerning that IP address include the following subjects and look like "standard" spam to me, many have "payload" websites not shown here. Hopefully none of these will have come from you and will not look familiar:

Submitted: Tuesday, 4 March 2014 5:29:09 AM +0800:

candie dubose

Submitted: Friday, 28 February 2014 1:15:17 PM +0800:

You'll be grateful you watched this DocOz video

Submitted: Thursday, 27 February 2014 5:05:11 PM +0800:

christina floegel

Submitted: Wednesday, 26 February 2014 10:46:50 PM +0800:

Stop fearing the scale

Submitted: Tuesday, 25 February 2014 4:11:06 AM +0800:

Torina W.

Submitted: Saturday, 22 February 2014 6:27:06 PM +0800:

failure notice

Submitted: Tuesday, 18 February 2014 7:07:09 AM +0800:

Re: LOAN

Submitted: Friday, 14 February 2014 2:21:21 AM +0800:

Amazon, bonus bucks as a thank you from us

Submitted: Tuesday, 11 February 2014 11:16:09 PM +0800:

[bulk] Urgent Please!!!

Submitted: Saturday, 1 February 2014 1:25:59 AM +0800:

Micro-Scope PC Diagnostics Download! LIMITED TIME Save 75%

Submitted: Friday, 31 January 2014 10:43:18 PM +0800:

....Your company with email address:x has been selected.

Submitted: Friday, 31 January 2014 12:06:29 PM +0800:

Wells Fargo Important Notification

Submitted: Thursday, 30 January 2014 4:28:03 AM +0800:

Accomplish your 2014 New Years Resolution like the celebs

Submitted: Tuesday, 28 January 2014 11:27:45 PM +0800:

Micro Ayuda Total 80% Para Creacion Paginas Web

Submitted: Tuesday, 28 January 2014 7:39:06 PM +0800:

A Call For Humanitarian Service

Submitted: Monday, 20 January 2014 4:50:04 AM +0800:

your two incoming mails were placed on pending

Submitted: Tuesday, 17 December 2013 11:49:01 PM +0800:

COCA Update - CDC Updates for Clinicians: December 2, 2013 - December 16, 2013

Submitted: Tuesday, 17 December 2013 8:49:03 PM +0800:

Order list

Submitted: Saturday, 14 December 2013 2:00:06 AM +0800:

Get thick, healthy hair with Bosley hair restoration.

Submitted: Tuesday, 10 December 2013 6:29:27 PM +0800:

[*** spam ***] Microsoft Windows Update

Submitted: Tuesday, 10 December 2013 12:41:03 PM +0800:

Microsoft Windows Update

Hope the foregoing reassures you a bit ... or at least showcases a few of the tools to help you get a handle on the thing.

Steve

Link to comment
Share on other sites

Hi, Abe,

...Hello from a fellow Michiganian!

...As a supplement to the excellent information, above, from Steve (Farelf), I'll offer the following for your consideration:

  • Relying solely on e-mail for important communications is not a sound strategy; e-mail is not now, never has been and probably never will be a 100% guaranteed delivery vehicle. Yes, e-mails do almost always go through (when not rejected due to suspected spam) but wise businesses will have an alternative way to contact customers, employees, suppliers, prospects and others on whom communication from and to their business depends.
  • The most reliable way to get your (and your customers') e-mails delivered is to manage your own e-mail server. For a small organization, the cost of doing this may be prohibitive, but if undelivered e-mail is sufficiently expensive in terms of lost revenue, it may be less expensive in the long run.
  • Another alternative is to search for a more responsive internet/ e-mail service provider.

Link to comment
Share on other sites

I really appreciate all the feedback, looks like I was correct about it being the provider. I have been unhappy with Networksolutions since I took over the IT position. So I am going to explore other options, if you have any input let me know, thanks in advanced!

As far as looking for other options, would you recommend any reasonable and reliable email providers, we have around 60 addresses.

I wouldn't be opposed to hosting my own email server, just have a couple concerns. My main worry about my own email server is that we only have one internet source at the moment. I would have no fail over if our internet was to go down; would emails to us be lost forever if someone was sending an email and the internet goes down? Also are internet is taxed heavily during the busy times of the day, I am unsure of how much bandwidth I would realistically need; our connection is approximately 30mbs download and 5mbs upload.

Right now I have a Windows 2008 server box setup as a file server, I think I could run an email server along that relatively easy, would you recommend any software? I could also setup a Linux box if needed.

Thanks a lot!

Abe

Link to comment
Share on other sites

Hi, Abe,

...Not being an e-mail admin, I can't provide much guidance other than that you consult any business and personal contacts you might have that might be able to offer assistance, search these Forums using the search tool at the top of the page, search the internet in general using your favorite search tool and to check back here occasionally to see if another SpamCop Forum contributor has anything helpful to offer.

...Good luck!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...