Jump to content
Sign in to follow this  
hichina

apply for removing from blacklist

Recommended Posts

Dear Sir/Madam:

>

> We, HiChina Web solutions Limited(http://www.net.cn ), is one of the biggest domain name registrar and hosting service provider in China and we have thousands of customers at present.Our IP address 218.30.103.76 ,218.30.103.129, 218.30.103.165, 218.30.103.166 ,218.30.103.168 ,218.30.103.172, 218.30.103.176, 218.30.103.177 (vipmx.hichina.com)are our server that provide email service for our most customers,but now,those email from that IP have been refused and not be send to without any inform,Thus have effected our clients for normal trading ,So please tell us the reason about refusing,and remove that IP in your IP blocklist,thanks!

>

> Though we have tried our best to prevent the customer sending spam, few of them including the new domain still get away with our supervision. For those customers, SPAMMERS, we have set up a complete set of punish system including stop our service to them and we are pleased to cooperate with the international organizations in anti-spam work.

>

> Some questions contact us abuse[at]hichina.com lijl[at]hichina.com

Share this post


Link to post
Share on other sites

If you had bothered to read the FAQ before posting you would know that there is only one way to be removed from the blOcklist: stop the spam spewing from your servers. De-listing is automatic. This first IP you cite is trojanned/hacked and showing a 40-fold increase in traffic.

Edited by Derek T

Share this post


Link to post
Share on other sites

Geez. Somebody from China wants to cooperate and you're rude to them. Shame on you :angry: Throw them a bone before you insult them :)

Yes, spammers make me angry, but once we have an audience with their ISP our first tactic should not be to insult them.

Offer a solution or a kind word before going for the jugular.

English is my first language and finding something in the FAQ can be like finding a needle in a haystack. Then the needle doesn't even look like a needle and you have to put on a magic decoder monocle to realize you found the needle. Then you need to come to this forum to have somebody interpret the needle so you can put it to thread. The FAQ is a disaster in my feeble opinion. It is not user friendly and may be a dark chasm for somebody with ESL.

That's my story and I'm sticking to it. You are free to move about the cabin. Your mileage may vary. Happy trails.

ESL= English as a Second Language.

Edited by flagginator

Share this post


Link to post
Share on other sites

I just reported a dozen spams from China, between them, Brazilian and Korean ISPs, most spam advertized sites are hosted there, I get spam with 2, even 3 of these worst offenders. Why should one not be angry, how often do you even see a respose from a report to these sites? As for English proficiency, if they are making an effort to write here, perhaps they oughtta vrify the content of the <<English>> sites they host and check their logs for outgoing spam. In my experience, Chinese IP's have also been a worst offender in sending virus infected e-mails, sommetimes 3-7 per day, continuously for for months at a time.

They will have to hurt and have a wake up call before they start even acting and become part o the solution, not the problem! Yesterday we had an offender from Brazil, today one from China...Hopefully the Koreans will be coming here on their knees soon...

Edited by dra007

Share this post


Link to post
Share on other sites

My spam is balanced between overseas and US based.

Daily I get spam from xo, sprint, pacbell, sbcglobal and a rafter of other US Based backbones and ISPs.

This person is offering to play ball with us. Let's play nicely instead of being arrogant Americans. No need to play the race, color, creed, or national origin card. Some of the worst spammers on the planet are our American neighbors, and they might even use overseas backbones to hide their mellifluous American spam.

Put some honey on it before you wallpaper them with vinegar. :P

Share this post


Link to post
Share on other sites

While you are here :D

Looks like you are:

inetnum: 218.30.96.0 - 218.30.127.255

netname: CHINANET-IDC-BJ

descr: CHINANET IDC center

descr: China Telecom

Please remove spammers at:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL18277

SBL18277 218.30.118.5/32 chinanet-bj

27-Jul-2004 06:56 GMT www.51000315.com (sohu-inc.com)

While you are at it take a look at:

http://www.spamhaus.org/sbl/listings.lasso?isp=chinanet-bj

Thanks

Share this post


Link to post
Share on other sites

Oh goodie...Spamhaus:

Found 26 SBL listings for IPs under the responsibility of chinanet-bj

Listings in yellow are known spam gangs with ROKSO records (4 very yellow listings/26 total)

...Sounds like we have a serious problem on our hands!

I kinda doubt this user (abuser?) will return after such embarassment! :D

Edited by dra007

Share this post


Link to post
Share on other sites
My spam is balanced between overseas and US based.

Daily I get spam from xo, sprint, pacbell, sbcglobal and a rafter of other US Based backbones and ISPs.

/snip :P

16247[/snapback]

true enough, yet have you checked who is hosting the web advertized sites? Most of the ISPs you mention are trully incopetent but so large they are very likely to have a large number of careless users and vulnerable to all sorts of attacks.. I had my machine hacked beyond repair many months after reporting at SpamCop on a daily basis...

Share this post


Link to post
Share on other sites

This Chinese OP ISP/web-host is very large too. S/he's trying to work with U.S.

Let's work together on this. :wub:

Share this post


Link to post
Share on other sites
This Chinese OP ISP/web-host is very large too. S/he's trying to work with U.S.

Let's work together on this.  :wub:

16253[/snapback]

And why not, most Chinese offenders bounce the SpamCop reports...Spamhaus black listing and RASKO will be more difficult to ignore!

Removal Procedure

To have record SBL18277 (218.30.118.5/32) removed from the SBL, the Abuse/Security representative of chinanet-bj (or the Internet Service Provider responsible for connectivity to 218.30.118.5/32) needs to contact the SBL Team to explain how the spam problem has been terminated. If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL.

If you are a representative of chinanet-bj, you also need to see this:

Current chinanet-bj spam problems

Edited by dra007

Share this post


Link to post
Share on other sites

I agree that once someone has seen that spam is a problem and that the sending end needs to control it, that replies in this forum ought to be polite and helpful. Pointing out that they are also on spamhaus, etc. would be helpful if there were more of an explanation of how to get off those lists (which is a lot harder than spamcop). Maybe not the first post, but at least an offer.

The FAQ are difficult for English speaking users, but some people tried hard to make the "Why Am I blocked" FAQ to be as clear as possible. For people who are not server admins, the server admin section is a little confusing, but even someone who doesn't have English as a first language should be able to understand them if s/he is a server admin.

There is not much that spamcop can actually do to help an ISP fix his spam problem except give advice. And advice is not much good unless the recipient is willing to listen.

However, advice would be better received if the offer was gracious.

Miss Betsy

Share this post


Link to post
Share on other sites

Has anyone checked to see if the souce IP of the OP in this thread is actually from China? I think that only forum Moderators are able to look that up, so either Wazoo or Ellen could do it. It would be a good idea in this case.

DT

Share this post


Link to post
Share on other sites

From the top, start with data seen at http://www.spamcop.net/w3m?action=checkblo...=218.30.103.177

218.30.103.177 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

DNS error: 218.30.103.177 has no reverse dns

Listing History

It has been listed for 35 hours.

Other hosts in this "neighborhood" with spam reports

218.30.103.76 218.30.103.129 218.30.103.165 218.30.103.166 218.30.103.167 218.30.103.168 218.30.103.169 218.30.103.172 218.30.103.173 218.30.103.176

Configuration is bad. SpamTrap traffic is the cause for the listing of this IP (and several others in the list of associated IPs)

Then we go to http://www.senderbase.org/?searchBy=ipaddr...=218.30.103.177 .. where one sees the following;

Volume Statistics for this IP

Magnitude ... Vol .... Change vs. Average

Last day ........ 3.7 ...... 1627%

Last 30 days .. 3.5 ...... 1071%

Average ....... 2.5

Interesting that on this IP, "Date of first message seen from this address 2004-08-03" ... one could possibly go with that this could be a newly set-up e-mail server and is handling an increasing amount of traffic from newly assigned users .. but the spamtrap hits more likely suggest a new server brought on-line before being secured .... I'm not really interested in persuing the checks of all the other IPs involved, as it's just more of the same.

Share this post


Link to post
Share on other sites
This person is offering to play ball with us. Let's play nicely instead of being arrogant Americans.

16247[/snapback]

I resent that: I'm an arrogant Englishman. :D

Share this post


Link to post
Share on other sites
Has anyone checked to see if the souce IP of the OP in this thread is actually from China? I think that only forum Moderators are able to look that up, so either Wazoo or Ellen could do it. It would be a good idea in this case.

Yes, the OP reflects an IP based in China. In line with your suspicions, I'm not sure that I see a "direct" connection between that IP and the IPs involved with the complaint/query, but if one goes with the perception that "all my e-mail is being blocked" .. use of another "source" may account for that. (Although digging a bit further adds some possible confusion over some 'locations' .. that it inludes the heading of Beijing Telecom Corporation probably explains that though.)

Just some general SpamCop and SamSpade notes;

Parsing input: abuse[at]hichina.com

218.30.103.158 is an mx ( 10 ) for hichina.com

host 218.30.103.158 (getting name) no name

host 218.30.103.158 = smg37.hichina.com. (old cache)

Reporting addresses:

bjnic[at]bjtelecom.net

09/02/04 11:50:13 Slow traceroute www.hichina.com

Trace www.hichina.com (218.30.100.160) ...

Parsing input: http://www.net.cn

host 218.30.103.40 (getting name) no name

Reporting addresses:

bjnic[at]bjtelecom.net

inetnum: 218.30.96.0 - 218.30.127.255

netname: CHINANET-IDC-BJ

descr: CHINANET IDC center

descr: China Telecom

descr: Beijing 100088

country: CN

person: Hostmaster of Beijing Telecom corporation CHINA TELECOM

nic-hdl: HC55-AP

e-mail: bjnic[at]bjtelecom.net

address: Beijing Telecom

address: No. 107 XiDan Beidajie, Xicheng District Beijing

In general, everything there matches up ... the suggested use of an abuse address probably just more of the lack of configuration stuff ... I didn't get a return from abuse.net for a listing.

The inclusion of some quote marks in the OP's first post drew my attention ... not sure of maybe some translation software may have been used, maybe an e-mail sent through some other machines, again with the thought of perhaps getting around "all e-mail being blocked" ... but, at this point, there's been enough traffic that one would think that there'd be a response by now, though suppose should account for time zone ...

Share this post


Link to post
Share on other sites
Doh! Sorry. My bad. I thought we all had to have our roots in Iowa to be here?  :(

16261[/snapback]

I'm really trying to figure out if you've just got a thing for me going on or what, but it's really hard to read your signals.

Share this post


Link to post
Share on other sites
This Chinese OP ISP/web-host is very large too. S/he's trying to work with U.S.

Let's work together on this.  :wub:

16253[/snapback]

Where did it say they would work with anyone??? :rolleyes:

They have disregarded Spamcop reports since day 1. :angry:

Share this post


Link to post
Share on other sites

HiChina said:

<big snip> we are pleased to cooperate with the international organizations in anti-spam work <snip>
:)

Share this post


Link to post
Share on other sites

OK, we can use this as the first check.

If they remove their Spamhaus spammers then I will believe it.

Share this post


Link to post
Share on other sites
This Chinese OP ISP/web-host is very large too. S/he's trying to work with U.S.

Let's work together on this.

Where did it say they would work with anyone??? :rolleyes:

They have disregarded Spamcop reports since day 1. :angry:

16273[/snapback]

...IMHO, you have every right to be angry. However, please take into account that we SpamCop folk keep telling people things like:
<snip>

If more people were reasonable and put pressure on ISPs to be responsible for senders ..., then perhaps fewer of us will be inconvenienced when we use email.

9416[/snapback]

Here we have what appears to possibly be an ISP representative coming to us, perhaps as a consequence of her/his customers exerting such pressure. If that's what has happened, surely we do not want to send her/him off regretting the attempt to cooperate with us and muttering about what a bunch of jerks SpamCop users are.

Share this post


Link to post
Share on other sites

Dear Sir/Madam,

It has come to our attention that our IP addresses(218.30.103.76 ,218.30.103.129, 218.30.103.165, 218.30.103.166 ,218.30.103.168 ,218.30.103.172, 218.30.103.176, 218.30.103.177 ) have been in your blocklist .

But whould you please offer the detailed spam or the spammer so that we could investigate and deal with it.

Any other question, please contact us abuse[at]hichina.com, lijl[at]hichina.com.

HiChina Web Solutions

Best regards,

HiChina Web Solutions (Beijing) Limited

-------------------------------------------------------------

Address: 3 F,Wanwang Mansion, No.27 Gulouwai

Avenue, Dongcheng District, Beijing 100011, China

Tel: 86-10-64242299

Fax: 86-10-64254247

WEB: www.net.cn

--------------------------------------------------------------

HICHINA, CREATE THE CHINESE MODE OF E-COMMERCE

Share this post


Link to post
Share on other sites

Where did it say they would work with anyone??? :rolleyes:

They have disregarded Spamcop reports since day 1. :angry:

16273[/snapback]

...IMHO, you have every right to be angry. However, please take into account that we SpamCop folk keep telling people things like:Here we have what appears to possibly be an ISP representative coming to us, perhaps as a consequence of her/his customers exerting such pressure. If that's what has happened, surely we do not want to send her/him off regretting the attempt to cooperate with us and muttering about what a bunch of jerks SpamCop users are.

16294[/snapback]

Aren't we forgetting Rule 1 here?

Share this post


Link to post
Share on other sites

First of all, good luck and thank you for trying to combat the spam problem in your part of the world.

Second, have you read the previous thread you started with this same subject. I admit it has gotten a little off topic but there is good information there.

Third, have you checked out the FAQ at the top of each forum, specifically to part labeled "Why am I blocked?"

Of the list you provided, only 218.30.103.177 is currently listed:

http://www.spamcop.net/w3m?action=blcheck&ip=218.30.103.177

218.30.103.177 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

(these factors do not directly result in spamcop listing)

DNS error: 218.30.103.177 has no reverse dns

Listing History

It has been listed for 2.3 days.

Other hosts in this "neighborhood" with spam reports

218.30.103.76 218.30.103.129 218.30.103.165 218.30.103.166 218.30.103.167 218.30.103.168 218.30.103.169 218.30.103.172 218.30.103.173 218.30.103.176

The only reason given here is spamtrap hits, so the information that will be given is very sparse to protect the address and no reports are sent for spamtrap hits. If you are responsible for this IP address, you can contact deputies<at>spamcop.net for any additional information. The usual cause for having only spamtrap hits is that you are bouncing error messages to the Reply-to address that is usually forged in spam and viruses. While still RFC compliant, bouncing after accepting the message is no longer a reasonable method to deal with non-delivery notices. Rejecting during the SMTP transaction is the better way to go.

Of the other IP addresses in the "neighborhood" if there are any actual spam reports, they would have been sent to: bjnic[at]bjtelecom.net If this is your address and no reports were received, you should again contact the deputies, but I would assume the same situation.

Edited by StevenUnderwood

Share this post


Link to post
Share on other sites
Of the list you provided, only 218.30.103.177  is currently listed:

http://www.spamcop.net/w3m?action=blcheck&ip=218.30.103.177

16308[/snapback]

According to Senderbase

http://www.senderbase.org/?searchBy=ipaddr...=218.30.103.177

This IP shows a massive increase in traffic; this would suggest a trojanned/hacked machine on your network, unless you can expalin it some other way?

Edit: 218.30.103.76 is exhibiting similar symptoms

http://www.senderbase.org/?sb=1&oOrder=las...g=218.30.103.76

Edited by Derek T

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×