Jump to content
Sign in to follow this  
cometbus

Blocked for sending to a trap

Recommended Posts

Today I clients server that I admin was blocked by SC as it says the IP was sending email to a trap address. Several emails have gone out over the past few days, so I would imagine that is why it is blocked.

I can say without a doubt that no harvesting is done, I am very active in spam communities, I wrote the code that runs my clients members database, there is no "import" option.

I suspect that a user entered in a email address on guess that was a trap. I emailed SC and they sent me the headers, I am not disputing that the email was sent, that it was. However, SC obfuscates the headers so I can not search out the offending address. I understand this is to prevent the publishing of the trap address.

SC did not to the best of my knowledge obfuscate the first and last name. I find one occurrence of that email address in our members database. I will not post the address, but I can tell you it is very simple, very easy for one to use as a dummy address. Ie: email[at]example.com, foo[at]bar.com, test[at]test.com, it is like that, only a real domain and I suspect that it is the trap address.

I would think a trap address would be something like daskjdklajklajdkl(&*&[at]trap.com or at least, something hard to guess. The address I find is much like jane[at]doe.com, it is that bad.

Is there a SC rep here who can confirm or deny this address if I submit it to them, and if so, can they explain to me the logic in this :-)

Share this post


Link to post
Share on other sites

Unfortunately spammers have spoiled any chance of such information exchange. If you post the IP you think was at fault some of us here can do some research on the causes of listing.

Edited by dra007

Share this post


Link to post
Share on other sites
Unfortunately spammers have spoiled any chance of such information exchange. If you post the IP you think was at fault some of us here can do some research on the causes of listing.

25349[/snapback]

The IP of the offending email server? I assume you mean the one in the BL now? Is it possible to take this private, I am not at liberty to post such information publicly.

Share this post


Link to post
Share on other sites
The IP of the offending email server?  I assume you mean the one in the BL now?  Is it possible to take this private, I am not at liberty to post such information publicly.

25350[/snapback]

SpamCop spamtrap addresses are unique 352bit crackable/uncrackable email address (Banks only use 128bit) which would only be gathered by a "web bot spam spider" and or email sending virus!

SpamCop spamtrap addresses have over 40 characters/numerals/non-numerals in them and are non-guessable (They can if spotted be used deliberately in a return address, however they are routinely taken off line and replaced)

One report to a Spamtrap would not get an IP listed it would take a number like from a AUTORESPONDER?

You can read it here

Basically spammers send spam with "joe Job" return addresses (often spamcops spamtrap addresses)to non-existent addresses on ones server (as do email sending virus) To mindlessly bounce email is nowadays helping a spammer and will end one up on the SCBL

Request for private assistance can be done by "clicking here Click

Edited by petzl

Share this post


Link to post
Share on other sites
I would think a trap address would be something like daskjdklajklajdkl(&*&[at]trap.com or at least, something hard to guess. The address I find is much like jane[at]doe.com, it is that bad.

That would make it rather easy to whitelist now, wouldn't it. Any address that has never been used can be a spamtrap address. Spammers have been using suspected spamtrap address as reply-to addresses so that servers that bounce (rather than reject) also end up on the BL.

I suspect that a user entered in a email address on guess that was a trap.

Which is why any good list these days would send one email to any subscription request (which will not trigger a block) and if a specific reply is not received, that address would not be added to the list or receive any additional messages. This method also protects you in case someone starts reporting your list later on to prove that they confirmed they wanted the traffic.

Sending one message is reacting to a lead. Sending more than that to an unconfirmed address is asking for trouble. Spammers have ruined it for everyone.

Share this post


Link to post
Share on other sites
That would make it rather easy to whitelist now, wouldn't it. 

Which is why any good list these days would send one email to any subscription request (which will not trigger a block) and if a specific reply is not received, that address would not be added to the list or receive any additional messages.  This method also protects you in case someone starts reporting your list later on to prove that they confirmed they wanted the traffic.

Sending one message is reacting to a lead.  Sending more than that to an unconfirmed address is asking for trouble.

25352[/snapback]

I agree, it was considered in the site implementation, however, these people are paying to recieve these emails, we felt with the trouble of the confirm links in the emails it was not worth it.

To this day we get aol scomp reports of the very email with their username and password in it, users will never cease to amaze me. The users are paying for these emails, there is no reason they would logically pump in a phoney email address, yet they do.

If my suspicions are correct, spamcop is using a really bad address for a trap, I would love to work with a spamcop admin to see if my research is accurate.

Share this post


Link to post
Share on other sites
I suspect that a user entered in a email address on guess that was a trap.  I emailed SC and they sent me the headers, I am not disputing that the email was sent, that it was.  However, SC obfuscates the headers so I can not search out the offending address.   I understand this is to prevent the publishing of the trap address.

SC did not to the best of my knowledge obfuscate the first and last name.  I find one occurrence of that email address in our members database.  I will not post the address, but I can tell you it is very simple, very easy for one to use as a dummy address.  Ie: email[at]example.com, foo[at]bar.com, test[at]test.com, it is like that, only a real domain and I suspect that it is the trap address.

Technically, and in the light that you are claiming to have some depth of knowledge on the ins and outs of e-mail, what you are describing here makes very little sense. It's pretty rare to even hear your story that headers were sent to you, so not sure what that actually implies, other than guessing that this was a "misdirected bounce" thing .... I'm making the assumption that as you don't want to offer up the IP address in question, asking to see these headers is out of the question ... though noting that there is a PM function here.

Share this post


Link to post
Share on other sites
If my suspicions are correct, spamcop is using a really bad address for a trap, I would love to work with a spamcop admin to see if my research is accurate.

Again, I do not feel any address can be a bad spamtrap address, however,

I emailed SC and they sent me the headers

The people to discuss this with would be the same people that provided you with the information you have.

That statement is not believeable to me at least, based on the response by other admins trying to get that very information. Generally, the duputies will only confirm the type of message (spam, non delivery, account confirmation, etc) sent to the trap, nothing more. The report you have sounds like a general (munged)spam report as reported by a user.

Also, this would not be the first time that people paying for a subscription have reported it. Sometimes it is because your IP ends up on a BL and they do not check their held messages closely enough. Other times they might not want it any longer and forgot they paid for it. Still other possibilities include an address that changed and is now owned by another person who did not request it.

Another reason for sending a confirmation is that people do mistype their addresses. I have "owned" my yahoo address for around 8 years now yet several times over the last year, I have received confirmations of my signing up for various lists, even a casino once, including their address, phone and CC number. It seems someone does NOT know their own email address and is trying to use mine. BTW, I closed the casino account then called the number and talked to the person using the address. All the information was correct, and they continue to use my address from time to time. I guess she did not believe that the address was mine :(

Share this post


Link to post
Share on other sites

Also to note, the main reason I do not want to post stuff here is that if I am correct, I am posting a trap address publicly, I do not want to do that as I think that is unethical.

I really did get a email reply, it was from

Return-Path: <deputies <at> admin.spamcop.net>

From: SpamCop/Richard <deputies <at> admin.spamcop.net>

Share this post


Link to post
Share on other sites
Which would be a working reply email address?

Spamtrap addresses are not hard to get just hard/impossible to guess

I suggest sometimes you do have to resort to snailmail (POSTAL) and or telephone to contact wayward subscribers

25358[/snapback]

Petzl, you fully lost me on your reply, can you explain :-) Sorry, I do not get what you are saying.

Share this post


Link to post
Share on other sites
Petzl, you fully lost me on your reply, can you explain :-)  Sorry, I do not get what you are saying.

25359[/snapback]

Return-Path: deputies<AT>admin<DOT>spamcop<DOT>net

is a working email address which you can reply to and SpamCop will try to answer in 24 hours

Your "subscriber" who uses an unguessable spamcop spamtrap address (over 40 characters/numerals long) does not want you to send them email.

If you have to contact them you will have to use the Postal Service and or telephone (3am calls are best usually home)

I do not see how they subscribed in first place using a SpamTrap address. You sound like you are sending email to a unconfirmed address

All subscription email addresses are first sent one email letter and ONLY if that address is replied to further contact can be made

A resnoble rendition of email standards is in BondedSender loook under CONSENT and UNSUBSCRIBE

Edited by petzl

Share this post


Link to post
Share on other sites
Return-Path: deputies<AT>admin<DOT>spamcop<DOT>net

Your "subscriber" who uses an unguessable spamcop spamtrap address (over 40 characters/numerals long) does not want you to send them email.

25361[/snapback]

If that is the case, I am a very happy camper, is there somewhere that it says the trap addresses are 40 alphanumerics long? If it is true, I am just wrong, the headers SC sent back to me are a pure coincidence that there is a member in the database by the same name.

Thanks everyone for the comments.

Share this post


Link to post
Share on other sites

OK folks ... RW did send a snippet of a header in response to the query. Unusual, but it was in fact an example of a "misdirected bounce" ... The problem(s) at this point are a bit on the massive side. The user is requesting the spamtrap address involved so that it can be whitelisted. This seems to be based on the interpretation that one of the users on this system actually sent the e-mail. (Taking a look at the "Why am I Blocked?" Forum FAQ entry might help ..??) The preceding spamtrap identification appears to be based on the included line "To: Mary Joe <x>" .... In today's world of forgery, dictionary attacks, and general spammy lowlife activities, that there is a user around that accidentally has this (very unusual) name is a bit of a stretch. Translating this Mary Joe to a spamtrap address is also reaching way over the edge. No, there is no correlation between the Mary Joe and a spamtrap address, in this case, Mary Joe is just filler data ....

Data was provided in private, so won't reveal stuff (though offering up the IP address would have solved the mystery quite a while ago) .... Here's the real issue .. of course, one could state that there just might be the slim chance of another explanation, but .... this is from the 'seen it way too many times before' case files <g> ...

From SenderBase page for referenced IP address

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.7 .. 3297%

Last 30 days .. 4.0 .... 582%

Average ........ 3.2

Asking for and receiving the alleged single spamtrap address involved in the provided sample would be like spitting into the ocean. From the numbers above, there's no doubt that this IP/server is headed for listing on all kinds of BLs .. making SpamCop the least of your problems. (Noting that at the time of this posting, the IP in question was NOT listed in the SpamCopDNSBL)

User PM'd with some other data.

Share this post


Link to post
Share on other sites

I wanted to say thanks to wazoo and everyone for helping me here. I have found the problem more or less, am taking steps to roll back a few months off the database, and am working towards a stronger opt-in confirmation email system.

Thanks again, and sorry for sounding suspicious, I am not at liberty to post details about the servers I admin.

Share this post


Link to post
Share on other sites

Thank you for sticking with it and not getting upset to the point of not listening (as sometimes happens when things are not going as you wish).

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×