Jump to content
Sign in to follow this  
SecureNetworks

Mail Server Blacklisted?

Recommended Posts

Hello all.

A client of ours has recently had trouble sending emails to a few clients of theirs, the IT department of one of their clients sent this error message that they received:

Quarantine log entry is shown below:

"03/18/14 14:07:22","IP DNS Blocklist","xxx[at]capecodfishermen.org<mailto:xxx[at]capecodfishermen.org>","xxx[at]archipelago.ca<mailto:xxx[at]archipelago.ca>","RE: xxx","Quarantined","Sending mail server found on bl.spamcop.net","<617EB773D2C5694781BF4AD79E28197AC68E4EF9FE[at]SERVER.ccchfa.local<mailto:617EB773D2C5694781BF4AD79E28197AC68E4EF9FE[at]SERVER.ccchfa.local>>"

I've already searched to see if the IP address of their company is only any black list via mxtoolbox and spamcop, no results have been detected.

Please advise, it looks as thought he mail server itself is getting blocked by its name or something.

Edited by SecureNetworks

Share this post


Link to post
Share on other sites

If a mail server is being blocked because of a listing on SpamCop, it will be based on the IP address, not by the server name or email addresses.

Often the sender of the emails that were blocked will have access to a link to the Spamcop lookup page in the bounce message, assuming that there was at one point a real lising, but unfortunately not all mail providers play nice by providing such a link. Having such a link can be useful when troubleshooting deliverability problems.

It's possible that when the message was sent, there was a listing but the IP address was subsequently removed. Another possibility is that the recipient's provider used a stale cache of lookup results or they were too lazy provide anything more than a generic message.

edit: Oh, perhaps I misread the question. The info was from the recipient's IT people?

Edited by lisati

Share this post


Link to post
Share on other sites

edit: Oh, perhaps I misread the question. The info was from the recipient's IT people?

Correct, this is from the recipient's IT department.

Here is our client's IP address if this helps at all:

173.9.79.170

Share this post


Link to post
Share on other sites

As near as I can tell, the IP address isn't currently listed on Spamcop's list. Sadly, the lookup tools I normally use (e.g. MX Toolbox) didn't provide me with much in the way of clues as to why Spamcop might be mentioned. Perhaps someone else with a bit more time to research things might be able to provide some insight.

One thing I did notice is that some email servers might have an issue with its reverse DNS resembling a generic rDNS.

Share this post


Link to post
Share on other sites

173.9.79.170 = 173-9-79-170-newengland.hfc.comcastbusiness.net is not on our list and never has been. There is no report history on that IP.

The SpamCop blocking list only contains server IP addresses.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Share this post


Link to post
Share on other sites

Correct, this is from the recipient's IT department.

Here is our client's IP address if this helps at all:

173.9.79.170

Is that the IP of the SMTP server that your client is using? Does (s)he run hir own mailserver? If not then it will not be the IP we need to check. If (s)he gets another rejection could you post here in its entirety, with only the email addresses munged? I'm guessing that your client's email goes out through a shared comcast SMTP server and that is what has been listed. But I may be very wrong in that guess.

Share this post


Link to post
Share on other sites

Hi,

They do have their own mail server, but mail is also routed through a third party spam filtering service.

I just sent a message from the client to myself, and the IP it was routing from was 69.84.129.241, the company is Reflexion.net, and their hostname is asp.reflexion.net.

I checked the above against both SpamCops' and MXToolbox's blacklist check, and they came back clear. But I am assuming a company like that would get themselves off a BL ASAP.

Share this post


Link to post
Share on other sites

Looks like reflexion.net does a good job generally but outbound-241.asp.reflexion.net [69.84.129.241] seems to have had problems briefly in mid-March looking at the senderscore.org chart (nothing to do with SC or with CISCO). With thousands of domains using that server, it would be a miracle if something problematical didn't slip through from time to time. There were (only) a couple of SC reports during Feb-Mar against that IP address, not enough to cause listing in the SCbl by themselves but there may have been spamtrap hits as well (which are a different matter entirely).

It is certainly feasible that mail through outbound-241.asp.reflexion.net and similar might occasionally be blocked or diverted due to the servers' presence on the SCbl or other DNSBLs. All it takes to get out of the SCbl is for the spam to stop - SC reports to the abuse address (support[at]colospace.com) when human SC reporters are involved should assist with that.

Other DNSBLs are generally "stickier" but asp.reflexion.net seem to know their stuff, as you say, and they are currently clear of major BLs on those of their servers outbound-240.asp - outbound-247.asp currently pushing volume (and they have others allocated but unused and probably in reserve). But not all of those active servers are pushing volume nor are they clear. Maybe those ones are undergoing a spot of cleaning up before spooling up to high volume once more (who knows?).

On the information to date, it seems it was just a momentary "blip" for your client. But of course similar can recur at any time - and not always with an NDR to tell what has happened. JMO.

Share this post


Link to post
Share on other sites

Correct, this is from the recipient's IT department.

Here is our client's IP address if this helps at all:

173.9.79.170

Looked at SC's Blocklist history, not seen any reports for 90 days

However if hitting spamtrap address nothing would show

http://multirbl.valli.org/lookup/173.9.79.170.html

Is a comprehensive check

http://www.apews.org/?page=test&C=72&a...astbusiness.net

been listed since 2007 APEWS are not a good blocklist to bounce email on?

lots of false positives

Edited by petzl

Share this post


Link to post
Share on other sites

http://www.apews.org/?page=test&C=72&a...astbusiness.net

been listed since 2007 APEWS are not a good blocklist to bounce email on?

lots of false positives

If I've ever received a NDR or bounce that cited an APEWS listing, it was long enough ago for me to have forgotten. From what I've read here on the Spamcop forum and elsewhere, a listing there can usually be ignored.

Share this post


Link to post
Share on other sites

Meu Ip Está na Lista Negra do Apews.

Não enviamos spans. Os contatos que temos são exclusivamente com clientes que solicitam os mesmos.

Testresults

Oooops 189.61.168.188 is currently listed in APEWS :-( Entry matching your Query: E-305545
189.61.128.0/18 CASE: C-1375
Spambots/zombies within CIDR Special Reason:
Only the ASN/CIDR owner can solve this listing by actioning FAQ 42 apews.org SHUTDOWN BOTS, ZOMBIES, NET ABUSE History:
Entry created 2007-09-30

Share this post


Link to post
Share on other sites

&nbsp &nbsp&nbsp&nbsp&nbsp Here is a rough translation to English of the first two lines, which are in Portuguese, of the above post 92614[/snapback] for those who are unfamiliar with that language.

My IP is in the Apews Blacklist.

We do not send spam. We contact only customers who request communications.

Bom dia, confiarebh1,

&nbsp &nbsp&nbsp&nbsp&nbsp Spamcop has no connection with or control over the APEWS list. Please read the APEWS FAQ and pay particular attention to Q36 and Q41.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×