Jump to content
Sign in to follow this  
lpsears63

Sending Abuse Complaints/Reports Put Me on a Blacklist?

Recommended Posts

*==========*

Hi,

Since the middle of middle of November 2015, the 14th to be exact, I started sending out complaints/reports. First to UCE (FTC), then to CERT, when that didn't seem to be

effective I added hosts, servers, then registrars. As I became more familiar with headers, I added others, like companies with trademarked names (ie: Amazon, Walgreens, ClickBank),

some hacked government email providers as well as some very large universities. People and organizations that might have an interest in knowing they might have a security issue.

Changing my tactics a little along the way. And of course in December submitting to Spamcop. My biggest change with sending reports was instead of sending multiple complaints

to a single recipient, I switched to sending single complaints to multiple recipients. I had to streamline. From Nov. to today I've send around 1200 reports, gotten 50-60 domains

suspended or terminated as well as quite a few Microsoft accounts. Most all of my emails were sent to abuse[at] addresses, which of course included unaltered headers, but they were all sent to people who would know how to read and handle them. If I had any doubt at all about malicious links (which was most of the time) all reports contained a warning to not click on any links. Thru all that, only a few were returned for containing suspicious links. Those were all refused from one particular registrar and it's domain protection service. Actually, after the first

"munged" report got thru to the protection service, they started forwarding any of my emails directly to the registrar. Also, any attempts to contact the domains with the encoded addresses

provided were not successful.

Anyway, today it came to my attention (using a lookup tool provided by and owned by said registrar) that MY IP was on two blacklists. Both Spamhaus (which I was not on) and

Protected Sky (which it claimed I was on). The lookup tool was MX Toolbox, and I'm unsure of the relation between them and Protected Sky. But when I went to the support contact

page for PSky I found myself back at MX Toolbox. That was interesting. So, does any one think that a registrar, the only one who really doesn't seem to like my reports, would stoop

to putting me on a blacklist? All other registrars have been very cooperative, within their abilities. This one though, seems to go out of their way to be as uncooperative as possible.

Even in light of things like, the domain in question being blacklisted or their Whois information being incorrect or invalid. It just makes me wonder. Maybe I'm reading too much into

their lack of response. And maybe I ended up on a blacklist in some other way.

I guess I'm just venting, but it would also be nice to get some feedback, as I'm not sure of the best way to handle the situation. I have no intentions of stopping my complaints/reports.

Thank you in advance to anyone taking the time to read this.

*==========*

Share this post


Link to post
Share on other sites

I sometimes use multirbl.valli.org to check IP addresses. If a query returns a listing, it provides the TXT entry for the listing, which often (but not always) includes a link to a web page where you can query the listing and find out more.

If you've ended up on Spamhaus's PBL, don't panic. All that usually means is that Spamhaus (or your ISP) doesn't think you should be running an email server at that IP address - if you're using a regular email client such as Outlook or Thunderbird, that shouldn't be an issue.

Share this post


Link to post
Share on other sites

I sometimes use multirbl.valli.org to check IP addresses. If a query returns a listing, it provides the TXT entry for the listing, which often (but not always) includes a link to a web page where you can query the listing and find out more.

*==========*

lisati,

Thanks for showing me where to find that tool. It was very helpful.

*==========*

If you've ended up on Spamhaus's PBL, don't panic. All that usually means is that Spamhaus (or your ISP) doesn't think you should be running an email server at that IP address - if you're using a regular email client such as Outlook or Thunderbird, that shouldn't be an issue.

*==========*

It is just the PBL, and it is the address range not just my IP, so I've opened a support ticket with my ISP asking for better security. Letting them know that it is affecting my ability to send abuse reports.

Don't know if it will do any good or not though. In the meantime I've been trying to configure the SMPT AUTH on my Gmail account. I can get it to work for a telnet test, then it resets itself. The only information

I can find at this time on the subject is like ten years old. It's based on Vista! Can't double check, or reconfigure, my Outlook address either (that info is also ten years old). Not without closing the account and then reopening it. But I believe it's alright though. I'll just have to get in the habit of sending from there via my Gmail alias.

Thanks for your help.

*==========*

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×