Jump to content

Confusion of e-mail providers


CJR

Recommended Posts

It seems that my e-mail (cjross[at]cyberus.ca) has been blocked, and does not allow me to send e-mails to my mother's work e-mail. I clicked on the link provided in the notification e-mail (Link), and then click on Information about the reasons for listing (blocking) your mail server (209.197.145.105). I then click on Trace IP and it says my e-mail is provided by Cybersurf, and that the abuse was reported by Cybersurf. I have a Cyberus e-mail! What the fudge is going on?

Link to comment
Share on other sites

Well, as you may have noticed: host 209.197.145.105 = mx02.cybersurf.com

Spamcop does not care what your email address is, only what IP it is sent from. I would guess that cyberus.net and cyberus.com are affiliated with cybersurf.com, perhaps as subsidiaries.

From senderbase they have a common Network Owner: 3web Corp.

Domains closely associated with 3web Corp.

Showing 1 - 5 out of 5

Domain Monthly

Magnitude

3web.net 5.5

cybersurf.com 5.2

3web.com 4.2

eisa.com 3.9

cybersurf.net 3.2

Also your email is directed by DNS to the cybersurf.com servers, further indicating they may be the same company.

> set type=mx

> cyberus.ca

Server: ns1.ma.charter.com

Address: 66.189.0.29

Non-authoritative answer:

cyberus.ca MX preference = 10, mail exchanger = mx04.cybersurf.com

cyberus.ca MX preference = 10, mail exchanger = mx01.cybersurf.com

cyberus.ca MX preference = 10, mail exchanger = mx02.cybersurf.com

cyberus.ca MX preference = 10, mail exchanger = mx03.cybersurf.com

cyberus.ca nameserver = discovery.cia.com

cyberus.ca nameserver = newton.cia.com

cyberus.ca nameserver = galileo.cia.com

galileo.cia.com internet address = 209.197.128.5

discovery.cia.com internet address = 209.197.128.2

>

Link to comment
Share on other sites

The listing states:

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

So you should be OK in a little while. You should contact your ISP and check with them that something was actually done to stop the cause of this listing. Specifically, did they contact spamcop and find out what kind of message hit the spamtrap and stop that source. Otherwise, it is likely you will b listed again.

There are always work arounds as well. You could use a webmail (yahoo, hotmail, etc.) when you are being blocked. You could change your ISP. You could ask your mothers work how to whitelist your addresses. You could mention to your mothers work that the spamcop list is not recommended to be used in a blocking mode because of it's aggressiveness. Please direct them here for more information.

Link to comment
Share on other sites

Okay, I understand, but how can I get unblocked?  My mother is also blocked from her own work e-mail too, and she needs to send messages to it!  What can I do to fix it?

25772[/snapback]

Someone using IP 209.197.145.105 is infected and their computer has become a Zombie

The Subject of a spam going through this IP is or was

It pays to go through my signature to check that it's not you and both you and your mother have a secure windows computer

Link to comment
Share on other sites

http://ops.mail-abuse.com/cgi-bin/nph-ops-...209.197.145.105

Shows that last November, the mail server was bouncing spam to forged addresses when the spam victim's mail box was full.

Not good. Mailservers should be using SMTP rejects when they can not accept e-mail as that is the only non-abusive method of notifying a real sender that their mail was not accepted.

Mail to a full mail box should be rejected with a 4xx series error.

Bouncing messages instead of using SMTP rejects assists spammers and virus writers in using the bouncing mail server to conduct a denial of service attack against another spam victim's mail box.

While the protocol for sending messages allow such bounces, they are an artifact from when independent third pary open relays were routinely used to route e-mail. The end point mail server would issue an SMTP reject, and the open relay would convert it to a bounce.

Now open relays are blocked on sight, and mail is sent from mail server to mail server, so the use of bounce messages is effectvely obsolete. And since well over 99% of undeliverable e-mail is either spam or viruses with forged addresses, bouncing is now very abusive. Especially considering that current statistics show that for each real e-mail coming into a mail server, 3 spams or viruses are also being delivered.

Anyone's whos mail server provider is bouncing instead of using SMTP rejects is going to eventually find that there are many other networks that will refuse all e-mail from them, and worse, that even more that are just silently deleting all e-mail from them.

And this has nothing to do with spamcop.net, it is just a matter that those networks doing the blocking do not want to incur additional costs on their side to deal with a misconfigured mail server.

While you may pay a fixed rate for your internet connection, a mid-size or larger service pays by the amount of messages times their size. A mail server abusively bouncing to forged addresses can run up a significant cost on the receiving side in a small amount of time if they try to sort the real e-mail from the forged bounces.

Most mail servers only have the ability to protect themselves from spam/viruses or other DOS attacks by rejecting all e-mail from the attacking I.P. address, and that can not be easily changed.

And why should the users on the receiving side pay more to compensate for a configuration problem on the sending side?

-John

Personal Opinion Only

Link to comment
Share on other sites

Someone using IP 209.197.145.105 is infected and their computer has become a Zombie

The Subject of a spam going through this IP is or was

25775[/snapback]

Petzl, while your suggestion to check for viruses and spyware is always sound, it is not likely the cause in this case as that IP is an outgoing mail server for cybersurf.com, cyberus.ca and possibly some other related ISP's. The IP is not that of the OP but of their ISP.

Link to comment
Share on other sites

Petzl, while your suggestion to check for viruses and spyware is always sound, it is not likely the cause in this case as that IP is an outgoing mail server for cybersurf.com, cyberus.ca and possibly some other related ISP's.  The IP is not that of the OP but of their ISP.

25779[/snapback]

Yes it appears that the mail servers themselves may have an infection?

On a windows machine it is a must to keep windows secure! although this virus infects linux servers Malware known as Cheese

I have been doing some looking around and appears that cybersurf may have a security problem themselves and with their email servers?

http://isc.sans.org/source_report.php?subnet=209.197.145

or

http://www.dshield.org/ipdetails.php?ip=209.197.145.105

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...