landshark

Is SPAMcop dead (please)?

9 posts in this topic

Having used my email system for years without issue, and not changing my ISP at all, I get an email this morning claiming that one of Apple's servers has been declared as a source of spam. It is not my IP address (which is static and never changes), it is most certainly one of Apple's servers (a simple WHOIS checked this), but SPAMcop (something I had never heard of) is making a fuss and blocking my sent email to certain addresses. This forum looks as though it has had virtually no activity in a year, which looks to me as if this whole platform is about as much use as its spurious messages. 

Anyone able to point me to the right real person with whom to speak please (oh and yes, I did do all your so-called help and found that your system is saying you are not blocking when the return messages are coming from SPAMcop).

Just so that we can be sure of the message I received, here it is without the sensitive stuff:

Original-envelope-id: ******************@st11p00im-asmtp003.me.com
Reporting-MTA: dns;st11p00im-asmtp003.me.com (tcp-daemon)
Arrival-date: Sat, 13 Aug 2016 11:52:04 +0000 (GMT)

Original-recipient: rfc822;*******@ntlworld.com
Final-recipient: rfc822;*******@ntlworld.com
Action: failed
Status: 5.0.0 (Rejection greeting returned by server.)
Remote-MTA: dns;mx.tb.ukmail.iss.as9143.net
 (TCP|17.172.80.97|35502|212.54.56.11|25)
Diagnostic-code: smtp;550 mx1.tb.ukmail.iss.as9143.net bizsmtp Connection
 rejected. Your IP 17.172.80.97 is in RBL. Please see
https://www.spamcop.net/bl.shtml?17.172.80.97

It is my profound hope that self-appointed systems such as this will be outlawed before much longer. I am sick to death of being blocked by systems that are unfit for purpose such as this. 

Share this post


Link to post
Share on other sites

(Moved from "Reporting Help")

In the information you provided, the only indication that SpamCop is involved is link to a SpamCop webpage.  Without your IP address it is not possible to see the current reputation of your IP or if it is currently on the dynamic blocklist.  You can go to https://www.spamcop.net/w3m?action=map and check you own IP reputation.

If you IP is/has been on the SpamCop blocklist, it is because several emails sent from that IP address have been reported to SpamCop over a short period of time.  If no more reports of spam are received, the IP address will be removed from the block list.

In the passed it has been noticed that some email host 1) have used a standard blocking email identifying SpamCop as the reason for rejecting an email even when some other cause is the reason.  2) They may also use the easily forged items in the header of the received email to block an email, instead of correctly parsing the header elements.

Given that the IP address thy report as the source of "your" email is 17.172.80.97 (me.com) has a neutral reputation, I would suggest you contact your intended recipient to work with their email host to resolve the situation.

Share this post


Link to post
Share on other sites

SpamCop is a reputable organization from Cisco Systems, partially supported by user donations. It has been an extremely valuable asset to many of us since 1998 and I encourage you to take advantage of it in the future to help stop spam in our time.  It is certainly not dead.

Edited by alvarnell

Share this post


Link to post
Share on other sites

If the IP address given is one you have responsibility for, I'd suggest looking into listings on lists other than Spamcop. As I type, it's not showing as listed on the Spamcop's list, but there are a couple of other lists where it has been listed in the last few days, mostly from spamtrap hits.

Share this post


Link to post
Share on other sites
21 hours ago, Lking said:

(Moved from "Reporting Help")

In the information you provided, the only indication that SpamCop is involved is link to a SpamCop webpage.  Without your IP address it is not possible to see the current reputation of your IP or if it is currently on the dynamic blocklist.  You can go to https://www.spamcop.net/w3m?action=map and check you own IP reputation.

If you IP is/has been on the SpamCop blocklist, it is because several emails sent from that IP address have been reported to SpamCop over a short period of time.  If no more reports of spam are received, the IP address will be removed from the block list.

In the passed it has been noticed that some email host 1) have used a standard blocking email identifying SpamCop as the reason for rejecting an email even when some other cause is the reason.  2) They may also use the easily forged items in the header of the received email to block an email, instead of correctly parsing the header elements.

Given that the IP address thy report as the source of "your" email is 17.172.80.97 (me.com) has a neutral reputation, I would suggest you contact your intended recipient to work with their email host to resolve the situation.

Curious - the email recipient to whom this email was sent is my father. He has not changed his ISP for over a decade, and neither have I. I also write to him at least once per day as I have done for over 20 years. Obviously this is my fault (according to this SPAMcop rubbish). I must be a vicious email spammer (according to this system) and it is up to me to sort this mess out (according to this system). My IP address is static and has NEVER been reported as I do not engage in email marketing. According to your own reporting system (a bigger joke I have yet to see) the IP address that SpamCop seems to have an issue with is Apple's .me domain. My IP address is not even in the equation here so why should it be up to me to prove anything?

The reason I get so incensed by this cavalier attitude by self-important BS artists such as this is that it is always an innocent person (or people) affected and not the very targets you seek to remove. I should never have to "... work with their email host ..." simply to justify my own systems or that of my father's.

It is obvious that your so-called reporting system is the focus of the issue. How you obtain your data that leads to someone else effectively having service denied is illegal. You have summarily passed judgement and carried out sentence without the other side (me) having a single word in defence. In law, it is not possible to prove a negative, so how am I supposed to prove innocence. I must ask you to prove the source of your data that has led to this situation or I demand that your faulty systems are shut down until you fix your faults. No police force is beyond the law and your system denying legitimate users of the service for which we pay is illegal. If you prove that I am a source of spam, then go through proper, legal channels and YOU work with ISPs to prove what you are saying. If not, then shut down this system.

Share this post


Link to post
Share on other sites

Not to be redundant, but there are several reasons to believe that your father's(?) ISP is causing the problem you are having, not SpamCop.

SpamCop does not block any email and does not recommend email service block/delete any emails from IP addresses on the block list.  SpamCop does recommend email from suspect IPs be place in a "spam" folder for review.  Even if your father's ISP is using SpamCop's block list, it is not using it as recommended.

SpamCop does not have an issue with 17.172.80.97 as reflected in the link provided earlier.  However, looking at your email address, ( ..{AT}icloud.com) your email could be coming from that IP ~~ Based on your comments and your email address, you may be confusing your web domain's IP address and the IP address used by your email server.

Although your father "has not changed his ISP for over a decade", I am fairly sure his ISP has made changes in that time: Updated hardware, software, made changes to operating parameters.  The information you have provided would point to the probability that a resent change has been made to the spam filtering used.  If no one contacts his ISP (email host) to identify that their spam filter is producing a false positive, nothing will change.

None of the information you have provided gives any indication that anything at SpamCop needs to change.

I am sorry you are having a problem. But just because you received an email with a link to a SpamCop webpage, does not indicate the problem is with SpamCop.  As lisati posted, other blocking list do list the IP address sited in your OP.  As I pointed out, and you quoted, some times a canned answer implying SpamCop is used (see 1 above) by an ISP.  An email host (and their IPs) shared by many users, such as icloud.com, can sometimes have a bad actor that affects all users of that email host.

Share this post


Link to post
Share on other sites
mx1.tb.ukmail.iss.as9143.net bizsmtp Connection rejected. Your IP 17.172.80.97 is in RBL. Please see https://www.spamcop.net/bl.shtml?17.172.80.97

mx1.tb.ukmail.iss.as9143.net has chosen to block your email.  They did this despite SpamCop's warning that they shouldn't do so.  The rejection notice implies that they made their decision at least partially based on SpamCop's data regarding your mail server's IP, but that IP isn't currently in the SCBL and doesn't appear to have any recent history in it either.  Compare it to https://www.spamcop.net/w3m?action=blcheck&ip=43.224.130.72 to see what a listed spammer IP looks like.

SpamCop simply makes a list of mail servers that have sent multiple spams to their spamtraps and to their registered users.  Many people and organizations make use of that data to help determine if a message is spam or not.  Unlike some other RBLs, SpamCop doesn't try to block innocent users in hopes that collateral damage will cause someone to take action.  They track actual IPs that have sent multiple spams, and the IPs automatically delist after a little while if they don't send more spam.  Personally, that's exactly what I want in an RBL.  As precise as possible and self-cleaning as long as the spamming doesn't continue.

Unfortunately, shared hosts are prime targets for collateral damage.  When you have a thousand people sharing a mail server, one bad person can cause problems for the other 999.  The better hosts (like Apple) will take steps to keep spammers from creating accounts in the first place, and remove them quickly when they do get in.  But just like living in an apartment complex, sometimes your neighbors will do things that cause issues for you, even if you personally did nothing wrong and the apartment works as quickly as possible to fix the problem.

 

23 hours ago, landshark said:

Curious - the email recipient to whom this email was sent is my father. He has not changed his ISP for over a decade, and neither have I. I also write to him at least once per day as I have done for over 20 years. Obviously this is my fault (according to this SPAMcop rubbish). I must be a vicious email spammer (according to this system) and it is up to me to sort this mess out (according to this system). My IP address is static and has NEVER been reported as I do not engage in email marketing. According to your own reporting system (a bigger joke I have yet to see) the IP address that SpamCop seems to have an issue with is Apple's .me domain. My IP address is not even in the equation here so why should it be up to me to prove anything?

The receiving mail system (assumed to be your father's ISP) is saying that Apple's mail server is the problem.  As someone trying to use that server to send mail to their system, they're simply letting you know that they've chosen not to accept your email because they've decided it's spam.  They're implying via the link that this decision is based on SpamCop's data about the server, but currently the SCBL doesn't list that IP, and it doesn't look like it has at all recently.  Your personal static IP has seemingly nothing to do with this decision (though only the ISP can say for sure).  The only reason any of this falls on you is because you want to send an email to your father.  You're perfectly free to ignore the error and wait for it to resolve itself (assuming the server ever was listed in the SCBL, it's already been delisted).  However, it's in the best interests of your father, as a customer of the ISP, to let them know when their systems aren't working properly.  Generally a lack of complaints is interpreted as everything working properly, which tends to lead to things staying the same (or even adding more of the problematic item, since it's assumed to be good).

 

22 hours ago, landshark said:

The reason I get so incensed by this cavalier attitude by self-important BS artists such as this is that it is always an innocent person (or people) affected and not the very targets you seek to remove. I should never have to "... work with their email host ..." simply to justify my own systems or that of my father's.

It is obvious that your so-called reporting system is the focus of the issue. How you obtain your data that leads to someone else effectively having service denied is illegal. You have summarily passed judgement and carried out sentence without the other side (me) having a single word in defence. In law, it is not possible to prove a negative, so how am I supposed to prove innocence. I must ask you to prove the source of your data that has led to this situation or I demand that your faulty systems are shut down until you fix your faults. No police force is beyond the law and your system denying legitimate users of the service for which we pay is illegal. If you prove that I am a source of spam, then go through proper, legal channels and YOU work with ISPs to prove what you are saying. If not, then shut down this system.

Your father's ISP is the one denying your service.  They have come to the conclusion that it's best for them to simply block any mail server that has recently sent spam to a SpamCop user/spamtrap (at least that's what is implied by their rejection notice, though it may not even be accurate).  Even SpamCop doesn't think this is a good idea.  I guarantee that even if SpamCop were shut down, the ISP would simply find another RBL (probably one less careful than SpamCop) to use for blocking mail.  The problem is how the ISP has chosen to deal with incoming mail from potential spammers, not that SpamCop has chosen to make a list of servers that have sent spam.

FYI, it looks like they have a history of false positives in trying to block spam coming into these servers. https://www.google.com/search?q=mx1.tb.ukmail.iss.as9143.net

Share this post


Link to post
Share on other sites

ISPs have been known to incorrectly issue an error message which suggests that an IP address is listed at SpamCop when it is actually listed elsewhere. There is not a lot the volunteers at this particular forum can do if this is the case with your father's ISP.

You might want to avail yourself of online lookup tools such as http://multirbl.valli.org and http://whatismyipaddress.com/blacklist-check to assist in your research.

Edited by lisati

Share this post


Link to post
Share on other sites

There have been a number of receiving systems in the past that have copied the blocklist error message about the block coming from spamcop.  This can be confusing as one would immediately suspect spamcop when the blocklist came from something like spamhaus instead.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now