My Host Turned Me Off - But I Didn't Send Spam

[Miss Betsy]

This is an amzaing world where some of you see culprits lurking behind every tree. I'm not a spammer, and hardly feel that I need "spanking" by any of you, or by anyone else.

IMHO, it is more a lack of complete information from you that has everyone guessing what is your problem than seeing a 'culprit lurking behind every tree.'

I am not a farmer, so I don't know that I can duplicate the effect for you, but your posts are sort of like saying, "I have this big green leafy plant growing in my backyard. I tried giving it to the dog to eat and he threw up. So I tasted it, but it wasn't bitter or anything. What do you think I should do? Is it poisonous?" A farmer wants to know where it is growing, what shape the leaves are, how many on a stem, how tall the plant is, whether the stem is square or not, etc. He can make a bunch of guesses on the kinds of plants that are big and don't taste bitter, but in making those guesses or asking the questions he needs to ask to find out what kind of a plant you are talking about, it will probably make you feel really stupid or perhaps mad if he suggests that it sounds like Johnson grass or marijuana.

To me, until someone finds a way to stop spam at the source, the best way I know to deal with it is to delete it.

The way to stop spam at the source is to have *responsibile, competent* senders of bulk email (and because of the hijacking by trojans - responsible, competent owners of computers). You are either part of the solution or part of the problem depending on how knowledgable you are or how much a nanny your ISP is.

If you check for updates every day for your anti-virus software and your firewall or have updates automatically part of your package, then scanning your computer does nothing useful - unless, of course, you meant by scanning that your anit-virus and firewalls are always enabled. Do you see the communication problem?

Miss Betsy

[Craig Walsh]

Firstly, as far as our anti-virus and anti-spyware software at home, we run AVG, X-Cleaner, and Ad-Aware SE Pro. They are updated every day automatically, and run every day (and some run constantly in the background). We also have a Cisco hardware firewall installed --- put in by certified Cisco engineers who hopefully knew what they were doing. I don't know if these are the most effective choices of anti-virus, anti-spyware, anti-anti software packages or not, but (at least so far) they seem to work for us. I guess there's no perfect way to stop this stuff unless you disconnect yourself from other computers --- and lead a Howard Hughes type of isolated existence. Not ready for that quite yet. (But I did like the film "The Aviator.")

"poi" is loosely translated as "wallpaper paste"

Tisk, tisk. Poi is wonderful --- tremendously nutritious and hypoallergenic. An excellent food for people on a diet, or who are lactose-intolerant. It has the creamy mouth-feel of fat, but with zero fat. The Hawaiians believe that the taro plant (colocascia esculenta), from which poi is made, is a gift from the gods.

Certainly didn't make poi in England, where I now live. Made in Honolulu, sold in Hawaii. Great stuff. But enough about poi.

and the perfect opportunity to get the alleged facts behind the termination has thus been missed

There you guys go again, assuming the worst. I had a very nice conversation with the gentleman from The Planet, and told him that I wanted to know what happened. I sent him, by e-mail, all of the information I have. When I didn't hear anything after about two hours, I e-mailed him again. His recent response: "I apologize for not responding. Yes, I have received them. [my e-mail messages] I have also forwarded a copy of it to our security manager to see what happened. Thanks for your patience."

The answer has always been held by The Planet, and I wouldn't have come here asking for your assistance if The Planet had told me, during several conversations last Friday, what problem they'd identified. But they wouldn't do that, citing the fact that I did not deal with them directly, but via a re-seller. But Eric, the re-seller, also didn't have any information. I posted his exchange of e-mail messages with The Planet earlier in this thread.

So, for theplanet to remove all of someones sites it had to be more than a virus or accidental. We are only hearing one side of the story and I think it is not the whole story.

Well, I guess on this forum it's guilty until proven innocent. I certainly didn't come here to be abused. I came here because I didn't send spam (or anything even remotely like spam), yet we were shut down for allegedly doing so. I wasn't given any facts, any information, anything. I hoped that perhaps one of you could help me figure it out. I was mistaken.

Instead, I have been rubbished and virtually called a liar. If I had "the other side of the story," I wouldn't have posted anything here. Why would I be asking for help to figure this out if (1) I was a spammer, so knew what the problem was; or (2) The Planet told me what the problem was.

more a lack of complete information from you

Huh? I posted everything I know. IP addresses, web sites, information about the current (since Saturday) temporary arrangements, copies of the www.campaigner.com report, copies of the snippets of messages I did receive from The Planet, etc. Full open kimono. All the pieces I have were posted here --- I wanted help trying to figure it all out. Instead, I have been accused of holding things back.

Enough, folks. Your help is no longer needed. I'll get over it.

[Wazoo]

and the perfect opportunity to get the alleged facts behind the termination has thus been missed?

There you guys go again, assuming the worst.

I have no idea where you read any assumption there. You have repeatedly stated that you hadn't a clue as to why you were disconnected, now stating that they asked you to come back .. I just pointed out that this seemed like a good time to ask for the details of what happened. Again, what assumption do you see?

  I had a very nice conversation with the gentleman from The Planet, and told him that I wanted to know what happened.  I sent him, by e-mail, all of the information I have.  When I didn't hear anything after about two hours, I e-mailed him again.  His recent response:  "I apologize for not responding.  Yes, I have received them.  [my e-mail messages] I have also forwarded a copy of it to our security manager to see what happened.  Thanks for your patience."

Kind of makes one wonder just what part of ThePlanet staff was working the "keep the customer satisfied" part of the issue, huh?

The answer has always been held by The Planet, and I wouldn't have come here asking for your assistance if The Planet had told me, during several conversations last Friday, what problem they'd identified.  But they wouldn't do that, citing the fact that I did not deal with them directly, but via a re-seller.  But Eric, the re-seller, also didn't have any information.  I posted his exchange of e-mail messages with The Planet earlier in this thread.

How many times can it be suggested that without certain data, there can only be guesses provided from this side of the screen? And thus far, the critical items are still unknown.

Well, I guess on this forum it's guilty until proven innocent.  I certainly didn't come here to be abused.  I came here because I didn't send spam (or anything even remotely like spam), yet we were shut down for allegedly doing so.  I wasn't given any facts, any information, anything.  I hoped that perhaps one of you could help me figure it out.  I was mistaken.

Please re-read the above (and a slew of previous postings within this Topic)

Instead, I have been rubbished and virtually called a liar.

Having to go on research done on only the available information has led to a number of data items, historical facts, and even more questions. Let me repeat, the critical data is still an unknown.

If I had "the other side of the story," I wouldn't have posted anything here.  Why would I be asking for help to figure this out if (1) I was a spammer, so knew what the problem was;

As stated previously, this happens all the time. The rest of this Forum structure is available for reading all the time. Find a number of discussions started out by folks running an Exchange server for instance .. most start out the same way .. very belligerent about the fact that it is secure, nobody spams, on and on ... only later finding out that the server was exploited, a compromised computer behind the router was bypassing the server in sending out massive spew, etc., etc. ....

or (2) The Planet told me what the problem was.

Huh?  I posted everything I know.  IP addresses, web sites, information about the current (since Saturday) temporary arrangements, copies of the www.campaigner.com report, copies of the snippets of messages I did receive from The Planet, etc.  Full open kimono.  All the pieces I have were posted here --- I wanted help trying to figure it all out.  Instead, I have been accused of holding things back.

Pick your targets. My comments are that data is not available. You only have a couple of items identified, but yet again, if accused of spam, then the IP of the server involved is needed .. and that you have not provided ... (I showed you the MX server of the addresses of some of the Domains in question .. data not included in any of your postings .. but I also stated that I have no idea of the time-frame that data was good .. before or after the termination .....)

Enough, folks.  Your help is no longer needed.  I'll get over it.

And at that point, I'll also say ... whatever .... I'd say a hell of a lot of time has been spent trying to chase down data / facts with insufficient detail provided from your end of the situation ... I for one will say thanks to all those that tried to help out by trying to fill in th blanks.

[Merlyn]

No, you did leave something out. You danced around what site was the site in question. You went through campaigner.com AKA campaignerpro.com AKA gotcompany.com AKA gotcorp.com AKA gotmarketing.com and that outfit is blocked by so many on the web it is a wonder they can still email.

But anyhow, lets continue...

You hired a marketing company to send email and that is ok. Just post a copy of the email in whole. The actual redirect links used so we can see which of your sites it pointed to. We know the above marketing company uses redirect links for all their campaigns which make it very hard to find one of your actual sites in the marketing email.

The problem you are currently experiencing is because many spamfighters are now following those links and reporting you instead of reporting the marketing company that sent them out. It's time to follow the money and report the people who pay the spammers to spam for them. This time they followed the redirect links and many of them had to report you for theplanet to drop your services.

So I guess you are right. No one believes you. There is too much heresay and dancing around without any actual proof.

[Wazoo]

Just so there's no confusion .... user's second account was deleted at the user's request. The only way to change posting ID would be to play with the database ... not granted that access and sure wouldn't want to try it on someone else's live (remote) system anyway <g>

[Guest SkydiveMike]

Is there anyone out there buying this Viagra, or thinking that the unsolicited mortgage offer is really for them, or that someone in Nigeria will really send them $10 million?  Depressing.

22261[/snapback]

Read this bit of fun:

NYTimes Registration Required (blech)

[Wazoo]

embarrassin .. Pogue has no idea what "snopes" is all about, therefore adds into his story; "I sort of wish it weren’t called www.snopes.com, because that address makes little sense and doesn’t clue anyone in to its actual purpose." Kind of puts a bad light on his reporting skills ..

Anyway, the story reported on is someone trying to sell a house, eventually finding out that it was going to be paid for when that nice Nigerian lawyer sent this lady all that money ......

[Craig Walsh]

Just post a copy of the email in whole.

I'm happy to do this. I have a copy of the actual message sent as I am also subscribed to the list. The message is an HTML message. I've had a play around in Outlook, but can't figure out (sorry . . ) how to save the message so you can see the header, etc.

If you can let me know how to do this, I'll oblige promptly.

[Wazoo]

Take a stroll through the FAQ, look for an entry along the lines of "How do I get Full Headers .."" .... follow through the Microsoft products, find the version of Outlook involved ..

[Craig Walsh]

A bit of an update. I've now heard from Thanh Tran, the Support Manager at The Planet. He says, in an e-mail sent to me yesterday:

I talked the situation over with my security/abuse manager.  We do not believe the comments made towards Eric came from a member of our staff.  It is not uncommon for our customers to be resellers and then our customer's customers also be resellers.

I'm not able to tell you much more then that about this situation.

We've now discovered that --- contrary to what we were told previously --- our reseller (Eric) didn't have a direct relationship with The Planet. There was a middleman. Eric has confirmed: "There was a middeman. As I'm not living in US, he is in US responsible for all server administration and directly dealing with ThePlanet." He'd not volunteered this information before.

He's also refused to provide me with an actual copy of the message incorrectly accusing us of sending a lot of e-mail messages. He'd originally told me that this message was from The Planet: the story has now changed, and it came from the unidentified middleman.

Our websites are now (thank goodness!) up and running. No more forwarding to bark.ch or anywhere else. Wazoo can now remember his days in Hawaii by visiting our poi site. (There's a nice photo of a young lady holding a couple of poi bags.)

The whole experience with The Planet was very distasteful for me, especially because we weren't given any notice --- or any information. I don't know about you guys (and gals), but I don't like things that are manifestly unfair.

But the re-seller, and re-re-seller thing --- and the changing stories --- is all a bit much. My wife, Marjorie, has wisely told me to move on. As the Texans say, "If you lie down with dogs, you'll get fleas."

- - - - - -

By the way, I know how to get the full headers from the message we sent via www.campaigner.com. Is it just the header that I need to post here? If so, it is as follows:

Return-path: <Lucies_Farm_Ltd_gqbvrz at postsnet.com>

Envelope-to: craig[at]hmdp.com

Delivery-date: Fri, 24 Dec 2004 12:02:00 -0500

Received: from [69.28.223.132] (helo=mta8br.postsnet.com)

by paix.bluwerk.net with smtp (Exim 4.43)

id 1ChspD-0005Xx-Na

for craig at hmdp.com; Fri, 24 Dec 2004 12:02:00 -0500

Message-ID: <13235236.1103907527484.KadaSegment.80.1[at]mta8br.postsnet.com>

Date: Fri, 24 Dec 2004 11:58:47 -0500 (EST)

From: "Lucies Farm Ltd." <Lucies_Farm_Ltd_gqbvrz at postsnet.com>

Reply-To: "Lucies Farm Ltd." <Lucies_Farm_Ltd_gqbvrz at postsnet.com>

To: craig at hmdp.com

Subject: Merry Christmas From Sunny Worcestershire

Errors-To: Lucies_Farm_Ltd_gqbvrz at postsnet.com

Mime-Version: 1.0

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: 7bit

Bounces-To: Lucies_Farm_Ltd_gqbvrz at postsnet.com

X-Campaign: 408092.407519.385151066

(wazoo did some editing of e-mail addresses)

[Wazoo]

Yep, that's what "we" were looking for ... however, data is a bit stale by now for sure ....

69.28.223.132 not listed in bl.spamcop.net

SenderBase is giving me SQL errors .. that's a new one <g>

http://www.moensted.dk/spam/?addr=69.28.22...2&Submit=Submit says;

69.28.223.132 was found in 13 lists (of 274 tested

http://www.openrbl.org/ip/69/28/223/132.htm says;

Results: Positive=5, Negative=23

Bottom line, almost all entries are based on "gotmarketing" and/or "got .... somthing"

Sorry about that customer of a customer of a customer thing ... and that business arrangements can be so 'fun' these days ... dang ... will do a look-see in ightings a bit later (though maybe someone will beat me to it) to see if "you" show up as a bad boy from (at least) this IP ... or possibly who really was the "too-much-e-mail" outfit. On the other hand, you may have tried to answer this, maybe not .. but the e-mail server this e-mail sample left from .. was it yours or was it actually under your 'hired' campaign manager's control? Wondering if it was something like "they" go nailed and you were guilty by association ... i.e. .. being advertised in the last batch of e-mail complaints that was analyzed by the as yet unidentified middleman????

01/05/05 18:08:06 IP block 69.28.223.132

Trying 69.28.223.132 at ARIN

Trying 69.28.223 at ARIN

Peer 1 Network Inc. PEER1-BLK-07 (NET-69-28-192-0-1)

69.28.192.0 - 69.28.255.255

Elecmail News Bronze Sys and Tech Inc PEER1-ELECMAIL-01 (NET-69-28-223-0-1)

69.28.223.0 - 69.28.223.255

OrgName: Elecmail News Bronze Sys and Tech Inc

OrgID: ENBST

Address: 1580 Merrivale Rd

Address: Suite 400

City: Ottawa

StateProv: ON

PostalCode: K2G-4B5

Country: CA

http://groups-beta.google.com/groups?q=69.28.223.132 only shows 8 items in sightings .... which sure seems like an awfully low count ...???? There does seem to be something missing yet ....

[Craig Walsh]

Hi --- Thanks for all the information. I'm afraid that I'm a Luddite, as much of it went over my head.

The e-mail message that we sent out to our customers and friends was sent, on our behalf, by the Campaigner (GotMarketing) people. We upload our list to them in .csv format (whch we did circa 2000) and we then upload additions and deletions. When we want to send a message, we cut-and-paste the HTML code into a Campaigner webpage. This message only contained our logo, a "seasons greeting" message, and a picture of a bouncing Christmas present. Folks were asked, in two lines of text, to click on the present to enter our drawing.

Again, I stress, the folks that we sent the message to are regular customers --- people who are happy to receive our messages.

Campaigner sends out the message, so I don't believe it goes anywhere near the mail server of the folks who host our website (at the time, The Planet --- through the re-seller and re-seller's re-seller arrangement). If recipients reply to our message (i.e. if they click the "reply" button), their response goes to Campaigner and they automatically forward it on to me, and I handle it personally. Campaigner also keeps track of the number of people who respond.

In addition, Campaigner removes people who click on the "unsubscribe" link at the bottom of the message from the list. This is an automated process.

I'm no guru in these tech things --- which is why I posted my original message on this forum, hoping you'd be able to assist. I am beginning to think that it was pure coincidence that we sent our Christmas message at about the time The Planet shut us (via the layers of middle men) off. I could never see how our mailing could have caused problems, but was prepared to be cynical in an effort to honestly find out what went wrong. So that it would never go wrong again.

I am, however, coming to the conclusion that this really had nothing to do with us. That there was a web of intrigue and mass of problems (entirely unrelated to us) that conspired to pull our six websites off the internet. I always thought it strange that if we were somehow the "bad boys" that our alleged infraction caused our re-seller's (now identified as re-re-seller's) website to also go off the air.

This may well be an unsolvable mystery. But, with our brand spankin' new dedicated server, I hope that this never happens again.

Please let me know if you need anything more from me and I'll do my best to oblige.

Thanks again for all of your help. Poi to the World....!

[Wazoo]

Well, i wasn't shooting for posting a bunch of useless data ... but I was working at trying (as you requested) to tie in your campaign stuff to the reason your web-sites would have been pulled. That much of the data doesn't make a lot of sense is that I'm still trying to come up with that link myself. To make it clear, I'm in the dark as far as connecting the dots at this point .... just posting things I'd found based on your last data bits ... Not sure if you read other things in here, but it's been a bit busy today <g>

[StevenUnderwood]

I could never see how our mailing could have caused problems, but was prepared to be cynical in an effort to honestly find out what went wrong. So that it would never go wrong again.

I am assuming the link to the drawing was on your web site. If your message was interpretted (correctly or not) as spam by any of those customers and was reported to spamcop, your webhost would have received messages stating that your URL was identified within a spam message for each person reporting it. That is called spamvertizing, advertiving with spam) and some hosts will revoke account after receiving even one warning. What they should be doing, is investigating the incident to see 1) if the message were indeed correctly reported as spam (via contacting the reporter) 2) weighing these new reports against your history and 3) contacting you for your thoughts on what happened in this case. In my mind, the weights of those 3 inputs should be based on the history of the site.

This would be the only way I could see your web site being shut down, unless it was the entire server IP of your provider that was revoked.

[Craig Walsh]

Here's my latest e-mail message from Eric Leung, the re-re-seller of our hosting:

Please don't misunderstand. I have already sent all the pieces related to you case, which is why your accounts and all accounts are terminated. So there is no important puzzle piece which is related to you hiding from you.

I believe and it is reasonable you don't know that the WHOLE problem I was facing is not just the 6 sites you owned were down. It is not about all my websites were down either. There are a lot lot more issues and problems rised because of the termination. There were many other clients and each clients had their many issues as well, there were also many many other businesses, money, subscriptions issues other than just the hosting accounts and servers you know. Businesses like advertisement subscriptions and contracts, other purchased services and products like IPs and server monitoring etc etc. There are also lots of web development projects issues rised. There are many more businesses, subscriptions and connections involed in this issues.

You are a very important customer I had, and I care alot to settle you issues (as you may notice), but the fact is the issues you have are not the whole picture.

As you know how complicated and time-consuming for just settling 6 web hosting accounts of just one client, you should be able to imagine how many issues are involed in the whole picture and how much time I slept. So for all the puzzle pieces as how you described of the whole issue, there may be around only 1% of those pieces is related to your issues. There is no hidding agenda related to your case at all. I didn't try to create a story (All the sentences are DIRECTLY replying to the previous one). I can't believe after all the time, you think I'll cheat you. I always believe in you no matter what and try my best to solve your problems. If I have a bad faith, I don't have to do ALL the works of a week with almost no sleep, always helping you and giving you opinions and advices on top of any other thing.

Huh? What's that again?

At this stage, I've resolved myself to the fact that there's no way to solve this riddle. I am convinced that our six sites were taken down (along with Eric's own site) for reasons that had nothing whatsoever to do with us.

I'm sorry to have wasted your time. I am most appreciative of the help I've been given, and I've learned a lot more about spam, e-mail, hosting, etc.

Thanks again.

[agsteele]

I'm sorry to have wasted your time.  I am most appreciative of the help I've been given, and I've learned a lot more about spam, e-mail, hosting, etc.

22624[/snapback]

Sorry that you've only discovered you were hurt by someone else's failings and that we haven't been able to help.

Thanks, too, for posting the resolution as far as these forums are concerned.

Andrew

[Wazoo]

I also thank you for the update. Sorry to hear and know the way this bit of knowledge came your way.

I feel really bad for this next bit though ... the link you posted for Eric's site is bad, doubling up on the http:// part ... I edited that at my end and tried again .... http://www.esoftpro.com/ comes up just fine ....???? Sure seems like these folks (?) have a lot of fingers in different pies...

[Craig Walsh]

Whoops! Sorry about the bad link to Eric's website. I've edited and repaired it.

When you say "these folks," I think Esoftpro is just Eric. I've certainly never dealt with (or heard from) anyone else.

Thanks again.

[Miss Betsy]

I'm sorry to have wasted your time. I am most appreciative of the help I've been given, and I've learned a lot more about spam, e-mail, hosting, etc.

Don't think that you have wasted anyone's time. IMHO, most of the responders are only too glad to help people learn about spam,email, hosting, etc. so that they can operate cleanly and successfully.

Miss Betsy