Jump to content
Sign in to follow this  
Ozziegiraffe

Whole country banned

Recommended Posts

I have been trying to send email since Saturday to a number of addresses in Australia, but it appears that the whole of Solomon Islands has been banned by spamcop (ie anything originating from telekom.net.sb). As that is the only ISP in the country, we have a problem.

It does appear that someone has used at least one telekom address to send spam (I received one myself at my ozemail address), but it is overkill to ban a whole country.

I have reported it at this end, and I am hoping something can be done about it.

Share this post


Link to post
Share on other sites

First, SpamCop lists only IP addresses that users are reporting as the source of spam that they are receiving. I seriously doubt that an entire country is listed, but if it only has one IP address then it's possible.

SpamCop DOES NOT block ANY email. If emails are bouncing then you need to take it up with the admin(s) that are refusing the emails. SpamCop has no control over them.

Next, you failed to provide the IP that is allegedly listed, therefore no one can give you anything but guesses as to why the IP is listed.

Share this post


Link to post
Share on other sites

From the top, it would appear that you spent no time at all looking around, probably due to youe anger issue. But, when you do make it back to see if anyone responded to your rant, please take a few minutes and read the Pinned item at http://forum.spamcop.net/forums/index.php?showtopic=972 .... there may be an answer there for you already, the least of which would be the indication that SpamCop doesn't block anything, and that any specific conversation can only develop when you get around to picking one IP address to take a look at. If we go with flow, you must have a number of "rejection messages" that are blaming your e-mail issues on SpamCop. Would you care to provide one of those so we can take a look and see if what you claim might be true? (Though, noting the way things work in reality, I'm guessing that there might just be more than one e-mail server in all of the Solomon Islands.)

Share this post


Link to post
Share on other sites

Spamcop does not BLOCK anything or BAN anything.

If you think you have a problem and you think you need help please post the IP number of te server you think has been compromised.

Share this post


Link to post
Share on other sites

First, all of you supposed experts are being pretty hard on a Newby.

I am not angry, just frustrated. I am here in Solomon Islands working as a volunteer helping to set up the first Women's Refuge in the country, and I cannot contact many of the people who are supporting me at home, except through webmail.

Second, all email other than webmail in this country goes through Telekom, which has a government approved monopoly on telecommunication, and I have already been in touch with them.

Third, all internet access in this country is very slow, very expensive and paid by the minute, so I cannot spend hours, even if I had the spare time, researching the problem. I was hoping I could email someone at Spamcop, but there is no link on the site to do this.

I have an income this year of $100AUD a month, apart from my savings - so I haven't the financial resources either.

The code on the numerous rejections is 202.139.42.11 - I'm assuming that that is what your jargon is referring to. Heaven help the average email user in this country - they know even less than I do.

Now i am going out of town to where there is no power or sewerage, and all the water comes in tanks, and won't be back till tomorrow evening. i hope someone more helpful and less sarcastic is available to help by the time I look again.

Share this post


Link to post
Share on other sites
i hope someone more helpful and less sarcastic is available to help by the time I look again.

I don't think anyone was being sarcastic or deliberatley unhelpful but I do understand your frustration. I will try to help.

First, as others have pointed out, SpamCop in itself can do nothing to block or ban anything. SpamCop keeps a real-time list of email servers (identified by an IP number which looks like 123.456.789.012) from which spam is spewing. Two sorts of data are used to maintain this list.

1. spam reported by spamcop users. this is analysed by SpamCop's parsing engine to identify the TRUE source of the spam (the 'point of injection'). All sorts of calculations are then applied: how many complaints, from how many different users, ratio of spam to legit mail etc. before a server is put on the blocklist. Copies of the complaints are sent to the ISP. Good ISP's welcome them as an indication that something is wrong, act to stop the spam spew and are quickly delisted. Bad ones don't and aren't.

2. SpamCop also secretes unused e-mail addresses in the code of web-pages which are there as 'bait' for the address-harvesters that spammers use. These addresses have never been used to send mail and are secret: therfore they should never receive any mail of any sort. For this reason 'spam-trap' hits are taken very seriously and get a server on the blocklist much more quickly. No reports are sent to the ISP.

Let's look at the evidence for your server (what you would see if you followed the link in the rejection notice).

202.139.42.11 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

Listing History

It has been listed for 2.9 days.

as you can see, spam from your IP has been hitting the spamtraps. This can be for a number of reasons, the most common are virus activity and virus auto responders. Only the deputies (deputies <at> spamcop <dot> net) can look at the evidence and see why you are listed.

DEPUTIES HEADS UP can this be done: the OP's claim that there is only one IP in the Solomon Islands seems to have credence!

Now if we follow the Senderbase link from the evidence page we see this:

Report on IP address:  202.139.42.11

Volume Statistics for this IP

Magnitude  Vol Change vs. Average

Last day  4.0  154%

Last 30 days  3.9  105%

Average  3.6 

Third-party Certification

Bonded Sender?  Not Bonded

TRUSTe Privacy Seal?  Not Certified

Information from whois

Please wait...loading data...

Other information about this IP address

Sender Category 

Network Owner  CWO Customer Network

Domain  telekom.net.sb

Date of first message seen from this address  2003-09-02

CIDR range  202.139.42.0/23

# of domains controlled by this network owner  166

Geography data

Country  AU

State  08

City  Bowes

Postal code 

Related links

Google groups  http://groups.google.com/groups?scoring=d&...1+group:*abuse*

OpenRBL  http://openrbl.org/lookup?i=202.139.42.11

SpamCop  http://spamcop.net/w3m?action=checkblock&ip=202.139.42.11

Real-time blacklists [ Click to view all ]

bl.spamcop.net  http://spamcop.net/w3m?action=checkblock&ip=202.139.42.11

Addresses in telekom.net.sb used to send email

Showing 1 - 2 out of 2 

View others in telekom.net.sb or address block:

address  hostname  DNS

Verified  Daily

Magnitude  Monthly

Magnitude

202.139.42.11  vortex.telekom.net.sb  Y  4.0  3.9

202.1.176.30  undp-gw1.telekom.net.sb  Y  2.9  2.6

so it seems that you are almost right in saying that a whole country has been blocklisted. They seem only to have two mail servers, and you say they are a monopoly operator.

That being so, they really need, urgently to deal with this issue. As their customer only you have the 'clout' to get them to do something (e.g. turn off virus autoresponders) so that they get de-listed quickly and stay de-listed.

The way other ISP's use the blocklist is a whole other issue, some use it to refuse mail from spamming IP's altogether (receiving it costs them money) others use it to tag mail as 'probable spam' and put it in a different folder (this is how SpamCop itself uses it, and recommends it should be used).

So to resolve this issue you need to

1. Contact your ISP as above and/or

2. Get your friends to contact their ISP's to see whether you can be whitelisted.

The good news is that SpamCop is real-time and de-lists servers when the spam stops.

Hope you had a good day out of town and that this problem can be sorted out quickly for you.

Edited by Derek T

Share this post


Link to post
Share on other sites
Second, all email other than webmail in this country goes through Telekom, which has a government approved monopoly on telecommunication, and I have already been in touch with them.

If the mail server was RFC compliant and identified the IP where it received the email from then the SC parser wouldn't identify the mail server as the source.

Contact your mail admin and ask him/her why their configuration hides the true source of emails from the world. Ask them why they prefer having their server listed in blocklists instead of the particular IP that actually was used to send the email.

Points to ponder:

  1. Yahoo's mail server doesn't get listed when its users send spam because it identifies the true source of the email.
  2. Hotmail's mail server doesn't get listed when its users send spam because it identifies the true source of the email.
  3. Thousands of other mail servers don't get listed when their users send spam because they identifiy the true source of the email.

Share this post


Link to post
Share on other sites

... mailserver doesn't get listed because it identifies the ip of the sender,

Well in a way that's too bad, because mailservers with weak spam prevention get off scot free.

I'm dealing with some **head in Verzon space POPing his viruses and spam to me through Yahoo, no one cares, it's not yahoos IP and it;s not Verizons mailer

Share this post


Link to post
Share on other sites

Thank you for the new replies. I am goinng to copy them and forward them to my ISP.

Meanwhile, Spambo, could you please avoid using initials and acronyms with newbies like me, as they are mere gobbledegook, and I have no idea what you are talking about. You would probably react in the same way if I wrote psychological jargon and acronyms to you.

Share this post


Link to post
Share on other sites
Meanwhile, Spambo, could you please avoid using initials and acronyms with newbies like me, as they are mere gobbledegook, and I have no idea what you are talking about.

SC = SpamCop

As for RFC and IP, the usage of those acronyms are more widely understood than the words the letters stand for. In both of these cases (Request For Comments & Internet Protocol - which itself is short for Internet Protocol address) probably wouldn't have made things any clearer.

You would probably react in the same way if I wrote psychological jargon and acronyms to you.

Maybe, but first I'd use acronymfinder.com (or a similar service) to try to look up any acronyms I didn't understand.

Share this post


Link to post
Share on other sites

An e-mail sent to Deputies with some of the issues raised here, but the question is ... do the Deputies get excited and try to make contact with the ISP, or the more normal mode .. waiting until someone from the ISP gets a clue and asks for some help? De-listing won't be much of an accomplishment if the cause of the listing isn't cured.

Share this post


Link to post
Share on other sites
Meanwhile, Spambo, could you please avoid using initials and acronyms with newbies like me, as they are mere gobbledegook, and I have no idea what you are talking about. You would probably react in the same way if I wrote psychological jargon and acronyms to you
.

I understand that you are very frustrated having to deal with this technical problem instead of conducting your business which is obviously very important to you.

However, these are terms you need to understand. Think of it as a vehicle - when the mechanic starts to talk about vacuum hoses, valves, etc. If you don't want to pay for repairs you don't need, then you do need to have a basic understanding of how your vehicle works.

If you are a psychologist, then you probably realize that people often react in the same manner that they are approached. I know you don't have time to read other topics, but if you did, you would find those with an attitude of 'let's find out what the problem is' often have their problem solved within a few posts while those who whine and rant and rave and get their feelings hurt and don't try to respond with the proper information or ask questions often get even more frustrated.

No one wants your business to be interrupted. However, your email service is just not working properly. Just as terrorism has caused extensive services when one boards a plane (and other inconveniences), spam requires extra checks that would be unnecessary otherwise. It is not spamcop's fault, nor the ISP's who use spamcop to reduce the amount of spam to their customers.

Another alternative would be for your correspondents to set up hotmail accounts (and hopefully your emails will not be caught by hotmail filters- if so, then another webmail account) so that you do not have to use web email since it is so costly to you. I am sure that they would rather do that than to insist that their ISP no longer reduce their spam.

Miss Betsy

Share this post


Link to post
Share on other sites

Quote:"An e-mail sent to Deputies with some of the issues raised here, but the question is ...."

But how does one do that? That is what I was hoping to be able to do in the first place.

Incidentally, Spambo and Miss Betsy, it was RFC that I have never heard of before.

I am not sure if it is an interent thing or an SMS thing, but we don't have SMS here.

I think I sent the IP address and had already looked up what was referred to on the Spamcop website. I have basically done everything that was suggested except look up everything on the website, as that is what I don't have either the time or money to do. The following is the reply from the ISP's Manager of Information Systems, who, incidentally, has worked with some pretty big internet providers in Australia before he came here:

Thanks for the feedback, I expect we will have this matter under better

control by the end of the week, it is probably being caused by the email

server platform migration we are performing, specifically the "hiding" of

the source IP problem. I note some of the discussion in the email below is

not accurately representing the situation here in the Solomon Island but as

it is not really relevant to the problem at hand I will not make an effort

to correct it.

It would be helpful if Spamcop provided some feedback on the email sent to

their secret spam trap addresses but if that is not possible we will look at

what needs to be done once the migration is complete if the listing

continues.

Share this post


Link to post
Share on other sites

I have had an e-mail from Ellen who tells me that this is genuine spam (not bounces etc.) in the spamtraps, so the listing is not a 'mistake', spam really is coming from IP. Let's see if the ISP can be persuaded to do something about it.

I have written to optus but the server is relaying spam -- it may be an

account on the server has been hacked or it may be some other exploit. You

may post this to the thread if you would like.

Ellen

> Thx for that Ellen, given the sparse evidence page I had thought that

> perhaps it was just an auto-respond problem. If there really has been

> spam relayed then, of course, they should remain blocklisted. Seems

> tough that the whole country has only two IP's though!

> Derek T

yeah I looked at all the emails and they are definitely spams -- pills foo

Ellen

Ellen is one of the deputies, I e-mailed her on your behalf, Oz.

Edited by Derek T

Share this post


Link to post
Share on other sites
Quote:"An e-mail sent to Deputies with some of the issues raised here, but the question is ...."

But how does one do that? That is what I was hoping to be able to do in the first place.

deputies <at> spamcop <dot> net

Share this post


Link to post
Share on other sites

Since you are short on money to read posts, you probably will not come back now you have the deputies address. However, the point of not giving the deputies address in the beginning is that posters do not give the relevant information. Often the problem can be solved in the forum without involving the deputies once the poster knows the relevant information to give his ISP. The ISP is the one who should be resolving the problem if he knows what he is doing.

Miss Betsy

Share this post


Link to post
Share on other sites
Incidentally, Spambo and Miss Betsy, it was RFC that I have never heard of before.

I am not sure if it is an interent thing or an SMS thing, but we don't have SMS here.

I think http://www.rfc-editor.org/ would give a better explanation of RFCs than I could.

Share this post


Link to post
Share on other sites

Just to get back to the original issue, it seems part of the Deputies continued "we're swamped" notes about the e-mail could be from right here. Seems that there were at least three of "us" hitting them with e-mail requests to get involved here. Part of this could have been solved by a post, but ... to Ozziegiraffe .. you've got action going on at both ends of the datastream <g>

Share this post


Link to post
Share on other sites
QUOTE (Ozziegiraffe [at] Jun 8 2004, 03:17 AM)

Incidentally, Spambo and Miss Betsy, it was RFC that I have never heard of before.

I am not sure if it is an interent thing or an SMS thing, but we don't have SMS here.

I think http://www.rfc-editor.org/ would give a better explanation of RFCs than I could.

Actually, I have no idea what SMS means. I know that technical terms are not always easy to guess from the context. However, if one is going to complain about a technical issue, then one has to use technical terms. At times, non-technical terms do describe what is happening, but it makes it difficult for the technicians to fix. My mother complained that the 'electricity was leaking out from the pole before it got to her house' It wasn't until I was there and the lights flickered that I figured out what to tell the electric company. My husband was no help at all in trying to decipher her complaint because 'electricity can't leak out' She was right; there was a loose connection on the pole outside her house.

I don't think one needs to understand what RFC compliant means in order to tell your ISP that that is what is the problem. It may take longer to resolve the issue if you don't know the proper terms and what they signify.

Miss Betsy

Share this post


Link to post
Share on other sites

I think the issue is exactly as the response from the ISP said -- during this migration they were not providing the IP of the injecting server. I wrote to a couple of different ISP type addresses to explain what we were seeing and haven't heard anything new back.

Share this post


Link to post
Share on other sites

I see that of this morning 0800 GMT this server has been delisted. Thanks to Ellen and all who have showed concern.

Share this post


Link to post
Share on other sites

:rolleyes:

Thank you everyone who got involved.

I have not been near my computer for a couple of days for various reasons. Have sent some test messages tonight.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×