Sign in to follow this  
Followers 0
kiosk2

UK National Health Care email blocked by SpamCop

9 posts in this topic

Hi

This week the entire NHS email network (IP 62.208.144.128) has been blacklisted by SpamCop on and off every day since Tuesday.

As our own email provider uses SpamCop to filter incoming email it means that we have had serious problems all week in receiving any email from people with [at]nhs.net email addresses.

I'm sure the NHS admins keep requesting a de-listing and that they are having problems solving the source issues (there must be millions of .nhs.net employees) but it keeps happening. Is there any way to whitelist such a large organisation?

From our own point of view we are having to change to a new email host that doesn't use SpamCop as 2 way contact with the NHS is essential to our business but surely allowances can be made?

It's interesting to note that their IP address is not listed at SpamHaus and other spam checking sites.

Thanks

David

Share this post


Link to post
Share on other sites

Hi, David,

&nbsp &nbsp&nbsp&nbsp&nbsp Sorry to hear of your problem. It may not help but you could point your e-mail server admin(s) to SpamCop FAQ article "How do I configure my mailserver to reject mail based on the blocklist?" paragraph 3 (the one that begins with "We recommend") for what SpamCop suggests as best practice. Just be aware that "our server, our rules" would apply. The only recourse you would then have is to threaten to take your business elsewhere.

&nbsp &nbsp&nbsp&nbsp&nbsp FYI, the IP address you mention is not currently listed in SpamCop, either (http://www.spamcop.net/w3m?action=checkblock&ip=62.208.144.128) but it might have been earlier and it might be again.

&nbsp &nbsp&nbsp&nbsp&nbsp Finally, it is possible that the NHS has run afoul of a spammer taking over some PC on their network. It's happened to other organizations that you'd expect to have good defenses against such things.

Share this post


Link to post
Share on other sites

NHS may share an IP with a spammer or they do not get email address with double opt-in
There are a fair number of spam complaints for that IP!

Don't help that SpamCop uses Abuse.net to override the REAL abuse address which is
ipabuse [AT] vodafone.co.uk

Submitted: 9/25/2015, 1:14:32 AM +1000:
RE: Admin Authorize Mailbox Cleanup

6366010907 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net
6366010906 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk

Submitted: 9/24/2015, 7:13:07 AM +1000:
RE: A Donation Was Made To You.

6365710040 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk
6365710039 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net

Submitted: 9/24/2015, 5:50:17 AM +1000:
RE: Gift

6365686084 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk
6365686083 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net

Submitted: 9/24/2015, 4:45:06 AM +1000:
RE: A Donation Was Made To You.

6365679703 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net
6365679701 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk

Submitted: 9/23/2015, 9:51:29 AM +1000:
RE: Good News

6365294613 ( Forwarded spam ) To: [concealed user-defined recipient]
6365294611 ( Forwarded spam ) To: [concealed user-defined recipient]
6365294606 ( Forwarded spam ) To: [concealed user-defined recipient]
6365294603 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net
6365294598 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk

Submitted: 9/22/2015, 1:41:14 AM +1000:
=?windows-1256?Q?RE:_ICT_Staff_Services_Desk=FE?=

6364732451 ( http://emailoutlooks.ezweb123.com/) To: abuse[at]uk.telstra.com
6364732450 ( http://emailoutlooks.ezweb123.com/) To: abuse[at]telstra.net
6364732449 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk
6364732448 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net

Submitted: 9/22/2015, 1:02:22 AM +1000:
=?windows-1256?Q?RE:_ICT_Staff_Services_Desk=FE?=

6364711758 ( http://emailoutlooks.ezweb123.com/) To: abuse[at]uk.telstra.com
6364711757 ( http://emailoutlooks.ezweb123.com/) To: abuse[at]telstra.net
6364711756 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk
6364711755 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net

Submitted: 9/22/2015, 12:02:43 AM +1000:
RE: Gift 21/9/2015

6364690758 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net
6364690757 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk

Submitted: 9/21/2015, 5:06:08 AM +1000:
[spam]RE: Good News

6364731022 ( https://web.nhs.net/OWA/UrlBlockedError.aspx) To: abuse[at]vodafone.co.uk
6364731021 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk
6364731020 ( https://web.nhs.net/OWA/UrlBlockedError.aspx) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net
6364731019 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net

Edited by petzl

Share this post


Link to post
Share on other sites

Thanks for the replies guys.

It appears that the NHS IP is still currently de-listed so fingers crossed.

We are looking at changing to an Exchange provider/system where we would be able to whitelist an IP address and are currently considering Exchange through Office 365.

Hopefully the NHS admin are now in control of this but we need to have options available to future proof against this should it happen again.

David

Share this post


Link to post
Share on other sites

Looks to me like NHS admin have a compromised account/s
A large number of genuine spam complaints are again being made?
In Australia these scams have had medical insurance companies pay into fraudulent bank accounts

It may help NHS to request spam reports (they have a problem)
https://www.spamcop.net/fom-serve/cache/94.html

FireFox browser gives this warning on one/many of the spamvertised URL's (Phishing sites)

Reported Web Forgery!
This web page at emailoutlooks.ezweb123.com has been reported as a web forgery and has been blocked based on your security preferences.
Web forgeries are designed to trick you into revealing personal or financial information by imitating sources you may trust.
Entering any information on this web page may result in identity theft or other fraud.

A sample of last spam report?

Submitted: 9/29/2015, 2:48:30 AM +1000:
RE: Attention!!!

6367181591 ( http://helpdeskalert12.moonfruit.com/) To: noc[at]edgecastcdn.net
6367181590 ( http://helpdeskalert12.moonfruit.com/) To: abuse[at]edgecast.com
6367181589 ( http://helpdeskalert12.moonfruit.com/) To: abuse[at]edgecastcdn.net
6367181588 ( http://helpdeskalert12.moonfruit.com/) To: noc[at]edgecast.com
6367181587 ( 62.208.144.128 ) To: [concealed user-defined recipient]
6367181586 ( 62.208.144.128 ) To: postmaster#vodafone.co.uk[at]devnull.spamcop.net
6367181585 ( 62.208.144.128 ) To: abuse[at]vodafone.co.uk
Edited by petzl

Share this post


Link to post
Share on other sites

Hi

This week the entire NHS email network (IP 62.208.144.128) has been blacklisted by SpamCop on and off every day since Tuesday.

Nope. Real NHS email addresses end in nhs.uk and the government is the registrar. nhs.net seems to be some sort of "information" outfit. NHS employees get a .nhs.uk address.

Edited by Derek T

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0