Jump to content

Message blocked but IP is not on blacklist


Recommended Posts

I'm seeing this error for all recipients on a particular domain:

"spamcop.mimecast.org Blocked - see https://www.spamcop.net/bl.shtml?198.61.254.91. - https://community.mimecast.com/docs/DOC-1369#550 [bEjCcA39P3SxsOV3CZ9qSw.us331]"

However, as you can see here, that IP is not on the blacklist: https://www.spamcop.net/w3m?action=blcheck&ip=198.61.254.91.

Here's a link to the message and headers: https://www.mail-tester.com/test-iyn5n@mail-tester.com

Link to comment
Share on other sites

19 hours ago, dennis562 said:

I'm seeing this error for all recipients on a particular domain:

"spamcop.mimecast.org Blocked - see https://www.spamcop.net/bl.shtml?198.61.254.91. - https://community.mimecast.com/docs/DOC-1369#550 [bEjCcA39P3SxsOV3CZ9qSw.us331]"

However, as you can see here, that IP is not on the blacklist: https://www.spamcop.net/w3m?action=blcheck&ip=198.61.254.91.

Here's a link to the message and headers: https://www.mail-tester.com/test-iyn5n@mail-tester.com

Never been on the SpamCop blacklist. who is stating it is?
Sometimes a "clever Trevor" have a blocklist working in reverse?
Or it could be a fake bounce from someone you are mailing too?

Edited by petzl
Link to comment
Share on other sites

Thank you for your quick reply!

Quote

who is stating it is?

The email admin at the company is saying that no one at their company is receiving our email newsletter — I confirmed it in our error logs (see attached). 

Quote

Sometimes a "clever Trevor" have a blocklist working in reverse?
Or it could be a fake bounce from someone you are mailing too?

I'm not sure what you mean by this. 

Screen-Shot-2019-03-06-at-4.20.17-PM.jpg

Link to comment
Share on other sites

19 minutes ago, dennis562 said:

I'm not sure what you mean by this. 

Fake bounce  can be set up on most email clients even Gmail  can do it
You need a copy  of headers to find out who is bouncing and contact their abuse desk
The IP you stated has never been listed by SpamCop in the last 90 days.

A badly set-up email server can be set-up to bounce emails NOT listed on SpamCop.
As SpamCop only lists for 24 hours after last spam, some set-up "unable to deliver" in the hope the spam stops when it retries.

Advice is always free till you act on it. I'm a member not admin

Edited by petzl
Link to comment
Share on other sites

  • 1 month later...
On 3/6/2019 at 4:58 PM, dennis562 said:

spamcop.mimecast.org Blocked - see https://www.spamcop.net/bl.shtml?198.61.254.91. - https://community.mimecast.com/docs/DOC-1369#550 [bEjCcA39P3SxsOV3CZ9qSw.us331]"

Looks like mimecast may have setup their own blacklist.

On 3/6/2019 at 5:11 PM, petzl said:

Or it could be a fake bounce from someone you are mailing too?

dennis562, When I first looked at adding a blacklist to my MTA about twenty years ago, I had to key in the deny message into mailer configuration file.  As you can see from this link (https://www.spamcop.net/fom-serve/cache/294.html), anyone can put anything they want into that message.  This is what petzl means about a fake bounce.

Link to comment
Share on other sites

  • 3 years later...

@dennis562were you able to figure out what the issue was? Facing the same problem with one of our clients. The emails we are sending them from our GSuite accounts go through and we are able to talk to them. However, our transactional emails (from Sendgrid) are getting blocked with the same message you posted.

Link to comment
Share on other sites

 

This is a really old thread and @dennis562has not been here sense 2019.

If your "GSuite" email accounts and "Sendgrid" accounts are on different servers, have different IP addresses,  then one may be on a block list and the other not. In any case the blocking occurs at you clients email server or application. With luck there should be a message explaining why your email was blocked which should help understand and correcting the problem.

Link to comment
Share on other sites

There are mailservers who use their own blocklists (but used to use the SCBL) and left the spamcop[dot]net message either by overlooking it, or just due to laziness, and you might think that SC could be the culprit from blocking emails.
Sendgrid does have a spammer problem (I get my occasional share) and as an example (I will just post a quick link of one of my fairly recent abuse links <-- well the [refresh/show] cache link
 

[refresh/show] Cached whois for 167.89.118.35 : abuse[at]sendgrid[dot]com
Using best contacts abuse#sendgrid[dot]com[at]devnull[dot]spamcopdot]net

as you can see, sendgrid is /dev/nulled right off the bat

Link to comment
Share on other sites

Sounds like this might be the case of somebody misconfiguring their RBL setup.

This is probably what they have:
FEATURE(`dnsbl', `spamcop.mimecast.org', `"spam blocked see: http://spamcop.net/bl.shtml?"$&{client_addr}')dnl

This is what it really should be:
FEATURE(`dnsbl', `spamcop.mimecast.org', `"spam blocked see: http://mimecast.org/bl.shtml?"$&{client_addr}')dnl

https://www.spamcop.net/fom-serve/cache/294.html
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...