Jump to content
Sign in to follow this  
Sreiser

Spamcop.net stopped email to my ISP based on lie

Recommended Posts

Hello,

I just contacted the president of my ISP late tonight and emailed FTC.GOV about SPMACOP.NET. Not only did SpamCop.net prevent email to a friend but somehow interfered with me emailing to support[at]wispertel.net and I have an email account at wispertel.net.

Furthermore, the reason listed here by SpamCop.net at this link:

http://www.spamcop.net/w3m?action=blcheck&ip=38.116.135.226

.... is a lie.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

DNS error: 38.116.135.226 is secure.wispertel.net but secure.wispertel.net is 66.250.22.25 instead of 38.116.135.226

Listing History

It has been listed for 47 hours

This is a lie because 66.250.22.25 is NOT secure.wispertel.net, but it is DNS.wispertel.net.

As far as I am concerned SpamCop.net is FAR WORSE than the spam it's supposed to stop and I think Spammers belong in jail.

Anyway, I would like to see action taken against such an abusive organization as SPAMCOP.NET.

Steve

Share this post


Link to post
Share on other sites

Additionally, if Spamcop.net doesn't take remedial action, my next step is to contact my senators and congressmen at both the state and federal level about SpamCop.net.

Share this post


Link to post
Share on other sites

Which part of:

Pinned: Why Am I Blocked? FAQ

Please read before posting

did you not understand?

Share this post


Link to post
Share on other sites

These are my favorite posts. I can't wait for your sentor an congressman to return from summer recess and do something about perfectly legal organizations such as Spamcop. I'm sure they won't be distracted by the presidential election, terrorism or things that they can actually control. I'm quite sure your dissatisfaction that some of your correspondants are not accepting your mail will be the first thing on their list. I would warn your ISP and friend as I would expect that congress will get the FBI involved and they'll be arrested for using a blocklist on their e-mail and probably sent to Guantanemo Bay with the rest of those that have done things this important.

BTW -- You have much bigger problems tham the Spamcop list, your IP is also listed on SPEWS as a Richter address. Spamcop you'll drop off of, SPEWS on the other hand... Good luck. You're also on a few others (PSand based on the evidence, it seems quite appropriately.

Edited by louisd

Share this post


Link to post
Share on other sites
This is a lie because 66.250.22.25 is NOT secure.wispertel.net, but it is DNS.wispertel.net.

You need to check your reading skills. First of all, the DNS part does not lead to your listing, the sending messages (probably without your knowledge) to spamcops spamtrap addresses does.

DNS error: 38.116.135.226 is secure.wispertel.net but secure.wispertel.net is 66.250.22.25 instead of 38.116.135.226

Second of all this does NOT say that (rDNS) 66.250.22.25 is secure.wispertel.net. It says (rDNS) 38.116.135.226 is secure.wispertel.net, which it is:

C:\>nslookup

> 38.116.135.226

Name:    secure.wispertel.net

Address:  38.116.135.226

and it says (DNS) secure.wispertel.net is 66.250.22.25, which it is:

> secure.wispertel.net

Name:    secure.wispertel.net

Address:  66.250.22.25

The DNS and rDNS should be the same information, which they are not. You are correct that (rDNS) 66.250.22.25 is dns.wispertel.net:

> 66.250.22.25

Name:    dns.wispertel.net

Address:  66.250.22.25

but that is another DNS error because dns.wispertel.net is actually 66.250.22.4:

> dns.wispertel.net

Name:    dns.wispertel.net

Address:  66.250.22.4

Edited by StevenUnderwood

Share this post


Link to post
Share on other sites
BTW -- You have much bigger problems tham the Spamcop list, your IP is also listed on SPEWS as a Richter address.  Spamcop you'll drop off of, SPEWS on the other hand... Good luck.  You're also on a few others and based on the evidence,  it seems quite appropriately.

15091[/snapback]

And just to clarify, with SpamCop it does not matter how bad you have been in the past, if your server stops sending out spam or bouncing messages to spamtraps, then in a very short time (days not months) you will be automaticly dropped off the SpamCop list, no request required. It just happens by itself.

And if your server has not been a serious violator, the time to drop off the list can become hours instead of days. It's all automatic based on a complex formula

For more information see FAQ: What is on the list?

Share this post


Link to post
Share on other sites

Hi. This is the qmail-send program at secure.wispertel.net.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<support[at]velocitywest.com>:

206.123.77.37 does not like recipient.

Remote host said: 451 Blocked - see http://www.spamcop.net/bl.shtml?38.116.135.226

Giving up on 206.123.77.37.

I'm not going to try again; this message has been in the queue too long.

--- Below this line is a copy of the message.

Return-Path: <avatar[at]wispertel.net>

Received: (qmail 27923 invoked by uid 89); 12 Aug 2004 20:21:11 -0600

Delivered-To: wispertel.com-support[at]wispertel.com

Received: (qmail 27921 invoked by uid 89); 12 Aug 2004 20:21:11 -0600

Delivered-To: support[at]wispertel.net

Received: (qmail 27906 invoked from network); 12 Aug 2004 20:21:11 -0600

Received: from unknown (HELO ?192.168.0.100?) (38.116.140.252)

by secure.wispertel.net with SMTP; 12 Aug 2004 20:21:11 -0600

Mime-Version: 1.0

X-Sender: avatar[at]wispertel.net[at]mail.wispertel.net

Message-Id: <p06110402bd41d7600c67[at][192.168.0.100]>

Date: Thu, 12 Aug 2004 20:27:51 -0600

To: support[at]wispertel.net

From: Steven Reiser <avatar[at]wispertel.net>

Subject: Hope this gets to you

Content-Type: text/plain; charset="us-ascii" ; format="flowed"

Hello,

Lastnight I tried to email you an some site called "Spamcop.net

wouldn't even let me talk to my own ISP and my email was rejected by

Wispertel.net

Steve

Share this post


Link to post
Share on other sites

Quoting the OP:

Furthermore, the reason listed here by SpamCop.net at this link:

http://www.spamcop.net/w3m?action=blcheck&ip=38.116.135.226

.... is a lie.

38.116.135.226 not listed in bl.spamcop.net

Ouch. BUT......

From spews: 38.116.131.0 - 38.116.150.255, Cogent (Eddy Marin / SCR Concepts inc / OmniPointMarketing.com)

Link: http://spews.org/ask.cgi?S373

From PSBL: Query Results

Currently listed in PSBL? Yes.

spam and removal history for 38.116.135.226 (times in UTC):

Thu Aug 12 01:07:30 2004 spamtrap hit

Not real sure your problem is with SpamCop.net at this point. If your own ISP is blocking you, you may just want to pick up the phone to find out why.

Share this post


Link to post
Share on other sites
Did you have a good time venting your rage? Seems no one cares!

15077[/snapback]

Yes, it was absolutely thrilling!!!! Thank you!

Actually both myself and my ISP did care and got it resolved.

Share this post


Link to post
Share on other sites
Which part of:

did you not understand?

15079[/snapback]

Derek,

I read the FAQ and it did NOT address my issue at all.

Steve

Share this post


Link to post
Share on other sites
I read the FAQ and it did NOT address my issue at all.

Steve

That's pretty hard to believe, but then again, you start with a rant, end with a little whimper about the issue being handled. If the FAQ doesn't cover your situation, how about explaining so that the FAQ can be updated to address your alleged problem?

Share this post


Link to post
Share on other sites
That's pretty hard to believe, but then again, you start with a rant, end with a little whimper about the issue being handled.  If the FAQ doesn't cover your situation, how about explaining so that the FAQ can be updated to address your alleged problem?

15169[/snapback]

Hi,

I did not see anything in your FAQ saying SPAMCOP.NET blocks ISPs who happen to get blasted with viruses in email that get forwarded to an innocent unknowing end users email addresses list and then forwarded to the addresses in the last. That is the reason SpamCop.net blocked our ISP.

I work for a major computer corporation IT department where we have three servers filtering all inbound email quite effectively. Hence, I am quite sick of spam and I want to see it ended as bad as you do, and if you are following what the w3 consortium is considering, there are couple options using IDs to validate either the domain or the user (one from Microsoft as well) that should do some serious damage to the SPAMMER market.

Anyway, I just hope SpamCop.net blocks more REAL spam and not my whole ISP because endusers addresses get used against there will to forward viruses. Is that too unreasonable?

Steve

Share this post


Link to post
Share on other sites

Sorry, then I would have to state that you didn't read the "Why am I Blocked" FAQ ... that scenario is in there a number of times

Share this post


Link to post
Share on other sites
I work for a major computer corporation IT department

I do hope, for their sake, that this is in an honorary capacity. To think that anyone actually pays you, given the level of ignorance and cluelessness you have demonstrated here, beggars belief. You still confuse IP with ISP, for example and still accuse spamcop of blocking when it doesn't and can't. Perhaps we need to reduce the reading-age level of the FAQ?

Share this post


Link to post
Share on other sites
Hi,

I did not see anything in your FAQ saying SPAMCOP.NET blocks ISPs who happen to get blasted with viruses in email that get forwarded to an innocent unknowing end users email addresses list and then forwarded to the addresses in the last.  That is the reason SpamCop.net blocked our ISP.

Your own post said that the I.P. address was sending to spam traps.

Which means that instead of using SMTP rejects for undelived e-mail, the mail servers generating auto-responses to usually forged addresses.

Every time a new virus comes out, mail servers configured to generate bounces instead of using SMTP rejects effectively cause a denial of service attack on other mail servers and users.

I have seen several users posting on usenet forums including spamcop ones, that they have lost real mail because they could not deleted the misdirected bounces fast enough.

Some mail servers have been overloaded by such bounce attacks resulting from spam and viruses. The mail servers for test.com is an example.

Even worse if if the mail server has a virus scanner that sends notifications to these addresses.

According to posts on usenet AOL.COM has publically recognized that generating bounces is abusive, and has stated that on the spam-L mailing list that they are converting their mail servers to only do SMTP rejects.

I work for a major computer corporation IT department where we have three servers filtering all inbound email quite effectively.

Your postings indicate that you have not even done elementary research on the issue that you are posting about, or even about how e-mail works.

Bouncing spam or viruses enough to get listed in spamtraps usually means that the mail server is poorly configured in it's spam control. Over 80% of the incoming spam can be rejected at the border mail server just by using conservative DNSbls, such as sbl-xbl.spamhaus.org, open proxy databases. So there is no reason the content from those listed I.Ps to ever make it into the mail servers.

Filtering mail by content is inefficient spam control, and from all the mail servers I get mail on, the ones that use content filtering leak the largest amount of spam, and lose or reject the largest amount of real e-mail, and generate the most user complaints.

The only reason that this is usually not noticed is that in most filtering systems, the e-mail is silently deleted, with neither the sender or the receiver knowing that the mail did not get read, and the users have decided that complaining to their IT department is useless, so they are using webmail accounts as a backup, which can result in confidential company e-mail sitting on external public servers. In the case of some U.S. businesses, for some employees, that is a violation of SEC regulations.

If the mail server issues SMTP rejects when it determines that the incoming e-mail is spam or a virus, then the sending mail server will notify a real sender about the issue.

Then someone will investigate. Usually when a real mail server is listed by an user reporing error, a polite request will get it delisted quickly.

spam trap hits means a mail server configuration problem, and I have not seen actions from deputies for any manual overides unless they can determine it was a multi-hop exploit where the spamcop.net parser made a mistake.

Sometimes if a deputy can be convinced that the mail server has been fixed to no longer send the mail to spam traps, there appears to also have been accellerated delistings. But then it would be a case where the deputy was in direct communcations with the ISP operating a mail server. That seems to happen rarely.

A spamcop.net listing is as short as 1/2 hour and as much as 48 hours based on many factors measured for that I.P. address.

The spam hit rate has to hit over 2% of the measured volume for a listing. For any commercial ISP to get their mail servers listed, they are going to have to bounce an quite a bit of spam or viruses. A spamtrap hit counts as two hits in the scoring.

Hence,  I am quite sick of spam and I want to see it ended as bad as you do, and if you are following what the w3 consortium is considering, there are couple options using IDs  to validate either the domain or the user (one from Microsoft as well) that should do some serious damage to the SPAMMER market.

You are again showing that you have done less research on the issue than one would get from browsing popular computer magazines, and since they are only trying to convince people to buy filtering software, they are completely ignoring proven and effective spam control methods.

If you are really working in an IT department and have any responsibiities in the configuration of computers, you are way behind in your studies, especially anything to do with mail servers.

While some of the plans show promise, they are not complete solutions, and will only prevent domains from being forged. Currently they also break any e-mail forwarding services. Essentially they are are request for the receivers to whitelist a set of I.P. addresses.

They do nothing to stop the bulk of spam that is hitting the mail servers, unless you want to stop receiving e-mail from everyone execept a few white listed hosts.

And some spammers control DNS servers so can easily shift to become compliant with the proposed systems. Of course those spammers are usually listed with the conservative DNSbls as soon as their presence on an I.P. address gets known.

Anyway, I just hope SpamCop.net blocks more REAL spam and not my whole ISP because endusers addresses get used against there will to forward viruses.  Is that too unreasonable?

15171[/snapback]

If you can convince your ISP to use RFC compliant SMTP rejects, like AOL.COM has stated it is doing, then it should not get listed anywhere unless it is directly allowing spam to be sent.

Anything that auto-responds to spam or viruses is going to have increasing problems communicating to the rest of the internet, as professtional mail server operators know that there is no reason for doing this.

Many of the spamcop.net users whish that they could use spamcop.net to report such abusive mail servers that bounce, instead of only being protected when they start bouncing spam/viruses to spamtraps, so I would not expect many posters to support your point of view.

http://www.moensted.dk/spam/?addr=38.116.1...6&Submit=Submit

Your ISP is currently on:

http://psbl.surriel.com/listing?ip=38.116.135.226 - Spamtrap hit.

SPEWS both level 1 and level 2.

! [1] MARIN, see http://spews.org/ask.cgi?S373

!!!!!!! [2] Scott Richter/optinbig/WholesaleBandwidth, see http://spews.org/ask.cgi?S511

-John

Personal Opinion Only

Edited by WB8TYW

Share this post


Link to post
Share on other sites
I work for a major computer corporation IT department

15171[/snapback]

I do hope, for their sake, that this is in an honorary capacity. To think that anyone actually pays you, given the level of ignorance and cluelessness you have demonstrated here, beggars belief.

<snip>

15180[/snapback]

Derek,

...I can't speak for the OP but as someone else who "work for a major computer corporation IT department," I want to let you know that not all of us IT employees are experts in e-mail and/ or datacomm. Personally, I develop and support internal internet-based applications and am pretty much self-taught (and, as you will know if you've been reading my posts in these fora still very ignorant about) e-mail and datacomm.

Share this post


Link to post
Share on other sites
Derek,

...I can't speak for the OP but as someone else who "work for a major computer corporation IT department," I want to let you know that not all of us IT employees are experts in e-mail and/ or datacomm.  Personally, I develop and support internal internet-based applications and am pretty much self-taught (and, as you will know if you've been reading my posts in these fora still very ignorant about) e-mail and datacomm.

15479[/snapback]

Fair enough but this is someone who claims to have read the FAQ.........

I did not see anything in your FAQ saying SPAMCOP.NET blocks ISPs who happen to get blasted with viruses in email that get forwarded to an innocent unknowing end users email addresses list and then forwarded to the addresses in the last. That is the reason SpamCop.net blocked our ISP.

leaving aside the fact that he'd been told umpteen times that SpamCop blocks nothing, this is the very first sentence in the FAQ.........

Why Am I Blocked? Probable Causes

If your email has suddenly been blocked by the SpamCop blocklist, it is probably because you share an IP address with other email users and there is someone who:

    * is using auto-responses that are replying to spam with forged spamtrap email

      addresses (such as Out-of-Office/Vacation notices, virus notifications, and 'created email' bounces);

totally bl**dy clueless, I wouldn't pay him out in buttons.

Edited by Derek T

Share this post


Link to post
Share on other sites
Hi,

I did not see anything in your FAQ saying SPAMCOP.NET blocks ISPs who happen to get blasted with viruses in email that get forwarded to an innocent unknowing end users email addresses list and then forwarded to the addresses in the last.  That is the reason SpamCop.net blocked our ISP.

I work for a major computer corporation IT department where we have three servers filtering all inbound email quite effectively.  Hence,  I am quite sick of spam and I want to see it ended as bad as you do, and if you are following what the w3 consortium is considering, there are couple options using IDs  to validate either the domain or the user (one from Microsoft as well) that should do some serious damage to the SPAMMER market.  

Anyway, I just hope SpamCop.net blocks more REAL spam and not my whole ISP because endusers addresses get used against there will to forward viruses.  Is that too unreasonable?

Steve

Steve

15171[/snapback]

Sounds like another clueless BOFH.

Edited by Merlyn

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×