Jump to content
Sign in to follow this  
davidll

This service really sucks

Recommended Posts

I have no idea what ip is listed, I did not ask them.  They went and looked into it and came back to me and told me they were currently on the list at spamcop.net and would be down for 48 hours.

ok, went back to support and asked them what ip address is listed:

66.225.216.131

There have been no listings for IP 66.225.216.131 and no reports against that IP for at least 30 days. If you are having problems sending mail and you do send thru that IP, then the recipients who are bouncing your mail are bouncing it for some reason not associated with SpamCop.

Share this post


Link to post
Share on other sites

Ellen,

I don't think you read far enough in the thread. That first IP that the OP provided was incorrect. He later came back with the correct one, which had indeed been blocked recently. Please scroll back a few messages and you'll see the correct one for you to check on.

DT

Share this post


Link to post
Share on other sites

I dropped the dear lady a note, suggesting that she got in and out a bit too quickly on this one. Answer was perfect until the "real" IP address made its appearance <g>

Share this post


Link to post
Share on other sites
66.225.215.32 is the ip they claim is the one that is blocked, and they tell me that that is the direct ip of where my mailserver is.

16784[/snapback]

Hi David,

66.225.215.32 does have a listing history, but is currently delisted (as of about six hours ago).

A spammer(s) have gained authenticated access to the server through the smtp-auth exploit (http://www.spamcop.net/fom-serve/cache/372.html) and has been using the server to relay spam to traps on our systems.

Your problem is over (for now), but these spammers are known to come back repeatedly once they have a hole poked in a server. If the admin for the service contact us (deputies at admin.spamcop.net) we'll give them more information, but all they should really need is in the faq above.

Richard

Share this post


Link to post
Share on other sites

It's very hard to understand what is really going on here... but this is what I think the poster is saying:

He has some web sites "out there" somewhere that collect orders. Those web sites forward the orders to his dial-up (!) email account.

So... instead of forwarding those emails, why don't you just set up your email client to connect to the email servers of the web sites, directly? Makes more sense to do that if you have to reply to the emails, IMO... I know if I sent an order to orders[at]somecompany.com and I got an email back from unprofessionaluser[at]dialupisp.com I would question whether or not I should be doing business with that company.

Also, you do realize that it is your dial-up ISP that is blocking the emails, right? Spamcop is not blocking them. Your complaints should really go to that dial-up ISP.

Share this post


Link to post
Share on other sites

Ariel has probably made the best point yet.

Who's brilliant business plan was it to forward email from your own web site in the first place. You should be accessing them directly from your web site yourself.

Share this post


Link to post
Share on other sites

He may have a scri_pt that sends email messages "From" the site which are being blocked because that (or another) scri_pt is not secure and being used to spew throughout the internet.

We had a similiar setup for a while and every once in a while that account would receive strange looking messages as someone tried to exploit it. It was usually during school breaks so I always assumed it was a kiddie with nothing better to do that try out something he found on the internet. Our scri_pt was hard coded to only send to the one address, so was not exploitable.

Share this post


Link to post
Share on other sites

davidll,

If you don't mind, please check back in and let us know how things go for you.

Share this post


Link to post
Share on other sites

I second Bumpkin's comment.

You took exception to one of my comments saying that you had a right to be upset. I am not disputing that. However, there are many online businesses and many of them are just as upset and harassed by the spam that they have to deal with.

Blocklists have been so successful that spammers are resorting to hijacking computers. You wouldn't be very responsive if a computer geek started telling you about the fine points of boat restoration - particularly if he couldn't even describe the basic problems he thought would be better fixed his way. It is not that hard to understand the concepts as I know because I am technically non-fluent.

At this point in the spam fight, being blocked is more like being caught in a traffic jam because some driver did something stupid. It is annoying, but there is no point in yelling at the policeman directing traffic around the wreck.

And unlike traffic jams, there are ways to be careful that no accidents happen on your email route, though there is always the possibility of a temporary problem. No system is fail safe and if it is essential to one's business, there should be a back up plan when it does fail.

Miss Betsy

Share this post


Link to post
Share on other sites

It is not a matter adding IP's to a block list...it is a matter of verifying the offender before doing so. We have servers with multiple domains using shared IPs and started receiving complaints from customers of bounced emails as a result of recipients subscribing to spamcop lists. We have never received one single confirmation of a spam message sent by any of our clients so that we can terminate their email accounts. Instead, SpamCop simply blocked all of them with one fell swoop without any notice to us as to who the offender is making it pretty hard for us to take any action to stop the spam.

In the mean time people who rely on these lists are tossing the baby out with the bathwater.

I have been a supporter of spam cop from the begining but there needs to be a system whereby SpamCop notifies hosts of spam to allow us to take action. With the limited number of IPs available many hosts now rely on name-based hosting and the listing of a single IP can effectivly shut down hundreds of legitimate email accounts.

This is a serious problem that keeps me from using spam lists...I can't afford to have my clients screeming at me so it is up to them to filter their own spam and take their own risks of losing valuable messages.

The goal of SpamCop is noble but they need to be careful that the cure is not worse than the disease. ...that it does not penalize the innocent for the actions of actual spammers.

If SpamCop becomes aware of an actual spam message from one of my clients TELL ME ABOUT IT so I can deal with it. Blocking dozens of clients blindly w/o proof they sent junk mail will only lead to serious legal problems for someone along the line.

Bottom line to SpamCop... be prepared to prove who an offender is PRIOR to listing them or their IP address in block lists. This falls on SpamCops head not those who use the list because they have no means to verify offending IP addresses provided to them by SpamCop.

This falls under the "Product Liability" laws and responsibilities.

Paul

Share this post


Link to post
Share on other sites
evolutionwebinc.com,Mar 10 2005, 11:49 AM]We have servers with multiple domains using shared IPs and started receiving complaints from customers of bounced emails as a result of recipients subscribing to spamcop lists.  We have never received one single confirmation of a spam message sent by any of our clients so that we can terminate their email accounts.

25259[/snapback]

What are the IP Addresses of those servers?

Share this post


Link to post
Share on other sites
I have been a supporter of spam cop from the begining but there needs to be a system whereby SpamCop notifies hosts of spam to allow us to take action.

Unless it is a spamtrap hit, reports are sent to the registered owner of the IP. As I stated in your other thread, the IP address for evolutionwebinc.com is a rackspace owned one, so they receive the messages. You should be dealing with them to get the information you request.

As stated here and in your other thread, reveal the IP address in question and we can tell you likely specifics about why it is on the list.

Share this post


Link to post
Share on other sites
What are the IP Addresses of those servers?

I just did a little detective work, and I think that the server that *was* blocked was:

69.20.21.155 = evohost.net

It's showing as not blocked at the moment, but in the current SenderBase display, the SpamCop BL status is still showing as blocked:

http://www.senderbase.org/?sb=1&searchBy=i...ng=69.20.21.155

so it either fell off the list automatically, or Mr. Kruger (the "Paul" who is posting here, who owns the company) might have used the one-time-removal feature.

DT

Share this post


Link to post
Share on other sites
If you consider loss of business, money and maybe even clients, because a business that depends on the web and email, to be silly, I don't know what to say to you, other than, you may have some of your own issues.

16669[/snapback]

Business has come to the net/web, and not the other way around. If business does not do what all immigrants must do, that is, learn the systems of their newly adopted homes, then business will have the same experience as failed immigrants do; an unpleasant stay in their newly adopted home, and a general lack of prosperity.

And you make a statement like that with seriousness?  A business owner who finds himself disabled because of this list, who merely wants to receive email that is sent to him, receive sales, and notices from customers, is abusing the system? ooook then...

16669[/snapback]

A business owner who doesn't know how to provision redundant systems in case of emergency? What if your phones failed? Power failed? Sounds like you'd be in trouble.

...Stu

Share this post


Link to post
Share on other sites
I just did a little detective work, and I think that the server that *was* blocked was:

69.20.21.155 = evohost.net

It's showing as not blocked at the moment, but in the current SenderBase display, the SpamCop BL status is still showing as blocked:

25269[/snapback]

http://ops.mail-abuse.com/cgi-bin/nph-ops-sview?69.20.21.155

From January of this year, hopefully fixed since then:

Bouncing undelivered e-mail to forged addresses. Effectively means that the mail server is participating in a denial of service attack against the forged domains/e-mail addresses that spammers and viruses use.

For every real message coming in, statistics are indicating that a mail server is receiving about 3 viruses or spam delivery attempts. And almost all undeliverable messages are from viruses or spam using forged addresses.

Using SMTP rejects is the only way to non-abusively and most reliably notify a real sender that their message was not delivered.

Usually the only way that the victims of such a denial of service attack can protect themselves from having to pay for the bandwidth from the abusive bounces is to block all e-mail from that mail server.

There is a possiblity that the unknown people that reported that data to MAPS also got the I.P. put in a local blocking list to protect their own mail servers. Who knows if that was an administrator for a major ISP, and who knows if they are using that local list to silently delete all e-mail instead of rejecting it?

-John

Personal Opinion Only

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×