Jump to content
Sign in to follow this  
brogers

How do I get removed from your database?

Recommended Posts

It appears that you have listed my mailserver as a source of spam and it is preventing us from communicating with our customer. This is some the the text of the NDR:

<crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13>

When I checked your site this is what I was given as a reason why we were listed:

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Please advise as to how I can get us off your list.

Thanks

Share this post


Link to post
Share on other sites
Please advise as to how I can get us off your list.

Stop spamming?

Seriously, if you're sending to spam traps (which are unused, unpublished email addresses), either you or someone who shares your mail server's IP has been sending spam. You automatically delist from Spamcop 48 hours after the last spam report.

By the way, according to senderbase:

Last day 782%

Last 30 days 182%

Sounds like your IP jumped up in its mail sending dramatically. If you send through your ISP, you might want to contact them.. if it's your server, please fix the problem.

Edited by Ariel

Share this post


Link to post
Share on other sites

Hiya,

To add to the previous post. It is not clear if you are refereing to your own mailserver or yoo are refereing to your ISPs. The server is owned by dsl.net. If you are from dls.net you should investigate why there is such a dramitic increase in traffic and why it has been sending mail to spamtraps. I has been compromised in some way. You can contact spamcop deputies at deputies at spamcop.net who maybe able to help.

If it is ISPs you should contact then to get them to fix their server.

Share this post


Link to post
Share on other sites
<crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13>

It appears that you are running MS Exchange. You have probably fallen victim to an attack vector know as an SMTP AUTH Hack. It would be in your best interest to go through all accounts on your Exchange server and close any unused accounts (guest, etc) and then change the password for each and every account to something that is non-trivial. If you do not have employees that need to check/send mail from outside your network then you should disable SMTP AUTH access to your mail server.

You may also want to read the pinned FAQ: Why am I blocked? which has additional links concerning the SMTP AUTH hack.

Edited by Chris Parker

Share this post


Link to post
Share on other sites

Actually, what I'd like to hear is why and how the "Why am I Blocked - Please read before Posting" Pinned item was missed in the first place .... is it simply that "Blocked" isn't spelled "Listed" ..????

Share this post


Link to post
Share on other sites
It appears that you have listed my mailserver as a source of spam and it is preventing us from communicating with our customer. This is some the the text of the NDR:

<crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13>

When I checked your site this is what I was given as a reason why we were listed:

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Please advise as to how I can get us off your list.

Thanks

14985[/snapback]

Regarding IP 216.184.200.13: see these faqs:

http://news.spamcop.net/cgi-bin/fom?file=372

http://www.winnetmag.com/article/articleid/40507/40507.html

http://www.winnetmag.com/article/articleid/42406/42406.html

Your exchange server is relaying because spammers are suthenticating using guessed names/password combinations.

Share this post


Link to post
Share on other sites
Regarding IP 216.184.200.13: see these faqs:

http://news.spamcop.net/cgi-bin/fom?file=372

http://www.winnetmag.com/article/articleid/40507/40507.html

http://www.winnetmag.com/article/articleid/42406/42406.html

Your exchange server is relaying because spammers are suthenticating using guessed names/password combinations.

14998[/snapback]

Thanks for the advise. I was able to confirm that the guest account was being used to relay mail. I have since taken corrective action to prevent this and so far thing appear to have subsided. I will also take steps to beef up our password policies.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×