Jump to content
Sign in to follow this  
Michael

No reports received, but ip-address blacklisted!

Recommended Posts

Hello.

Today we've found that our mailserver is blacklisted by Spamcop,

but neither we, nor our ISP received any reports on a spam-message listed on a webste.

Also there is no any reports on that spam-message in a Report History section of

spamcop.net website.

So we had no chance to take an appropriate measures against spammers.

We're web-hosting company and spam facts from our clients happen sometimes

and we are always reacting on received spam-reports.

Also Spamcop blacklist is used on our mailserver.

But this time a mailserver's IP was blocked without any notification from SpamCop!

Sad but true :( Can anyone help to resolve the situation?

--

WBR, Michael

Share this post


Link to post
Share on other sites
Hello.

Today we've found that our mailserver is blacklisted by Spamcop,

but neither we, nor our ISP received any reports on a spam-message listed on a webste.

Michael,

What IP address are you talking about?

JT

Share this post


Link to post
Share on other sites
What IP address are you talking about?

JT

We're hoster.ru company.

and mail.hoster.ru is 195.209.36.35

I've received some answers in a newsgroup.

Just want to say that we're always received reports on 3 emails.

But this time - no.

--

WBR, Michael

P.S. Sorry, I've got to go now, I will answer a little bit later.

Share this post


Link to post
Share on other sites
We're hoster.ru company.

and mail.hoster.ru is 195.209.36.35

I've received some answers in a newsgroup.

Just want to say that we're always received reports on 3 emails.

But this time - no. 

--

WBR, Michael

P.S. Sorry, I've got to go now, I will answer a little bit later.

It appears to me that someone inappropriately reported a couple emails that they got from your system. At least one was a warning notice about a spam that couldn't be delivered for 48 hours.

Because we've never seen any traffic from this host before, two reports was enough to put you on the blacklist for a few hours. You're off the blacklist now, though.

JT

Share this post


Link to post
Share on other sites
Hello.

Today we've found that our mailserver is blacklisted by Spamcop,

but neither we, nor our ISP received any reports on a spam-message listed on a webste.

Also there is no any reports on that spam-message in a Report History section of

spamcop.net website.

So we had no chance to take an appropriate measures against spammers.

We're web-hosting company and spam facts from our clients happen sometimes

and we are always reacting on received spam-reports.

Also Spamcop blacklist is used on our mailserver.

But this time a mailserver's IP was blocked without any notification from SpamCop!

Sad but true :(  Can anyone help to resolve the situation?

--

WBR, Michael

The OP posted from a citytelecom.ru address.

citytelecom.ru MX (Mail Exchanger) Priority: 10 mail.hoster.ru

mail.hoster.ru A (Address) 195.209.36.35

According to http://www.spamcop.net/w3m?action=checkblo...p=195.128.48.80 :

Query bl.spamcop.net - 195.128.48.80

195.128.48.80 is hsto-15.citytelecom.ru

195.128.48.80 not listed in bl.spamcop.net

SpamCop has no record of this system

According to http://www.spamcop.net/w3m?action=checkblo...p=195.209.36.35 :

Query bl.spamcop.net - 195.209.36.35

195.209.36.35 is mail.hoster.ru

195.209.36.35 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 2.6 days. It has been listed for less than 24 hours.

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been witnessed sending mail less than 10 times

A sample sent sometime during the 24 hours beginning Tuesday 2004/01/20 19:00:00 -0500:

Received: from -.-.- (-.-.- [195.209.36.35])

by -.-.- (Postfix) with - id -

for <-[at]-.->- Wed, - Jan 2004 - - (-)

Subject: - spam - warning - message - delayed - hours

From: ma.. at ..er.ru

According to http://www.moensted.dk/spam/?addr=195.209.36.35 , 195.209.36.35 was found in 12 lists.

SpamCop would send reports to panov[at]parkline.ru .

The following text by Merlyn has helped others to understand the process in the past:

Lets go through this step by step together. Please read this carefully and

do not just scan it otherwise you will not understand the process.

1.) If you did not post the entire message you received about your email

being blocked it will be very hard to help you solve your problem.

2.) Next we will talk about why Spamcop cannot block your email.

Spamcop has no access to your email. When you send your email it goes

through your ISP's email server and travels through the Internet until it

reaches the ISP's server of the person you are sending your mail to then

their ISP's server routes it to their mailbox. Spamcop has no access to

either server or to the process between servers.

3.) Next we will discuss why you think Spamcop blocked you email.

You probably received a "bounced" email saying something like:

451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx:

or

email from xxx.com blocked,refused by Spamcop,see http://www.spamcop.net

or

Anything saying your email was "blocked" by Spamcop and they directed you to

some page on the Spamcop site.

4.) Now we will talk about who is "really" blocking your email

Remember how we discussed the way your email traveled from your computer to

the recipients computer in #2? The only person who could block your email

is the recipients ISP or the recipient themselves. Most likely the

recipients ISP is using the Spamcop List (we will discuss this in the next

part #5) and they have blocked this email because the sending ISP's server

is a known source of spam on the Internet. You should be complaining to

your ISP because they allow spammers to use their resources which in turn

caused your email to get blocked. You ISP did receive complaints. You could

also contact the recipients ISP asking them to "whitelist" you. They

recipients ISP decided on their own to incorporate this list into their

email server software. Now you say you do not send spam but before you get

upset, read the next part about how this list is compiled by Spamcop.

5.) What is the Spamcop List and why do ISP's use it?

Spamcop runs a service for reporting spam. This is a free service where

people either send their spam email or copy their spam email in a form that

parses the email to find out where it originated from. Once the amount of

spam reaches a calculated amount the originating server is placed on the

list of spammers. This list is made freely available to anyone running an

email server to use to enable them to block email originating from known

spam servers.

This list only contains IP numbers and not email addresses as email

addresses in the "From" field can be readily forged and are not reliable.

The only reliable source is the IP address the spam originated from.

for more detailed information on how Spamcop works see:

http://www.spamcop.net/fom-serve/cache/3.html

6.) Final Notes (VERY IMPORTANT)

Before you start getting upset just remember what brought you here. Your

email was blocked, not by Spamcop but the ISP of the person you were sending

your email to. Spamcop has no control over what they do with their servers.

Also, get proactive and help stop the flow of spam. Complain to your ISP

because it is their servers that are being blocked. Let them know that you

are paying for email service in your contract with them and they are not

able to provide you with this service because they allow spammers to abuse

their servers.

I think you would agree with me that everyone is tired of receiving mortgage

quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old

teenage sluts, Viagra, vacation, lottery, prescription drug, business

opportunities, genealogical, university degrees, gambling, get rich quick,

MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams,

pirated software and everything else that is force fed into our inboxes.

If you have any more questions please post them here, there are many people

willing to assist. And remember most people in this group are here to help

you and they did not block your email so do not take your wrath out on them.

HTH HAND

Share this post


Link to post
Share on other sites
It appears to me that someone inappropriately reported a couple emails that they got from your system. At least one was a warning notice about a spam that couldn't be delivered for 48 hours.

Because we've never seen any traffic from this host before, two reports was enough to put you on the blacklist for a few hours. You're off the blacklist now, though.

Thanks to everyone. I really appreciate your help.

I have one more question. Where can I read about how to set up an email adress for spam reports from our domains or ip-addresses to avoid the situations like this?

--

WBR, Michael

Share this post


Link to post
Share on other sites
Where can I read about how to set up an email adress for spam reports from our domains or ip-addresses to avoid the situations like this?

You should create an abuse.net listing for each of the domains you manage per http://www.abuse.net/addnew.html.

You should ensure that your RIPE WHOIS information (for example, at http://www.ripe.net/perl/whois?form_type=s...t=195.209.36.35 or http://shorterlink.com/?IKTW9X) accurately reflects netblock contact information for the netblocks you manage.

Please also review "How can I get SpamCop reports about my network?" at http://www.spamcop.net/fom-serve/cache/94.html.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×