Jump to content
Sign in to follow this  
msintrepid

I think I've been blacklisted

Recommended Posts

I've just received this back from one of my customers, and I can't figure out who has blacklisted me - even though I've checked my domain's IP addresses against Spamcop's database and I don't show up there, however I've been told that Spamcop is blocking messages and not informing or warning ISP's that they're going to be blocked - see what you think of these headers customer's names appear as "x" to protect them. When I call the phone number listed in the reject, it's been disconnected. I'm at a loss, other than to give these customers another domain's email address. We conform with ALL RFC's and use Postini for spam inbound and outbound.

> Hi. This is the qmail-send program at mail.ctesc.net.

> I'm afraid I wasn't able to deliver your message to the following

> addresses.

> This is a permanent error; I've given up. Sorry it didn't work out.

>

> <ken[at]kenpehl.us>:

> 64.202.166.12 does not like recipient.

> Remote host said: 553 65.127.72.* rejected due to spam, contact

> 480-505-8877 (Attack detected from pool 65.127.72.231)65.127.72.*

> rejected due to spam, contact 480-505-8877 (Attack detected from pool

> 65.127.72.231) Giving up on 64.202.166.12.

>

> --- Below this line is a copy of the message.

>

> Return-Path: <xxxxx[at]ctesc.net>

> Received: (qmail 3171 invoked from network); 21 Mar 2005 15:17:21 -0000

> Received: from dial-65-127-72-125.ctesc.net (HELO Wilbur)

> (65.127.72.125)

> by mail.ctesc.net with SMTP; 21 Mar 2005 15:17:21 -0000

> Message-ID: <001501c52e29$5726bae0$7d487f41[at]Wilbur>

> From: <xxxxxx[at]ctesc.net>

> To: "Ken Pehl" <ken[at]kenpehl.us>

> Subject: Try this again

> Date: Mon, 21 Mar 2005 09:16:43 -0600

> MIME-Version: 1.0

> Content-Type: multipart/alternative;

> boundary="----=_NextPart_000_0005_01C52DF6.B2891460"

> X-Priority: 3

> X-MSMail-Priority: Normal

> X-Mailer: Microsoft Outlook Express 6.00.2900.2180

> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

>

> This is a multi-part message in MIME format.

Share this post


Link to post
Share on other sites

I'm not sure where you see this as being tied to use of the SpamCopDNSBL .... what I see is an ISP that has blocked an IP range (the use of the wildcard in the string 65.127.72.* rejected due to spam)

Additionally, the headers seem to indicate that this user is operating a mail-server from an IP qualified as a dial-up address (the line "Received: from dial-65-127-72-125.ctesc.net (HELO Wilbur) (65.127.72.125") A major portion of ISPs these days will also reject incoming e-mail based on this alone.

How SpamCop works can be seen by working through a few of the FAQ (read before posting) entries .... but in this case, it appears that the blocking action was done by the recipient ISP, so that's who you'll need to contact to find out why (but I think I've addressed the most likely issue beyond the rejection notice itself)

Share this post


Link to post
Share on other sites

It appears that the admins of kenpehl.us's mailhost secureserver.net (GoDaddy) have rejected mail from your ISP 's mailserver mail.ctesc.net [65.127.72.6] because they have detected an Attack from 65.127.72.231, which is in the same /24 (Netblock 65.127.72.0 - 65.127.72.255, CIDR 65.127.72.0/24). You need to contact GoDaddy (via one of the methods on on their support page, or possibly via 1-480-624-2500 or 1-480-505-8800) and CTESC (Central Texas Extra-Services Corporation at 1-866-372-2316 or 1-828-258-1197) to find out why one of CTESC's dialups dial-65-127-72-231.ctesc.net [65.127.72.231] appears to be attacking GoDaddy's systems, and what can be done to stop the Attack and rejection.

It also appears that you're NOT using postini for controlling outbound spam.

Share this post


Link to post
Share on other sites

I second Wazoo's opinion with the addition that the error text may be providing more information:

> Remote host said: 553 65.127.72.* rejected due to spam, contact

> 480-505-8877 (Attack detected from pool 65.127.72.231)

I read that to say that this postmaster received an attack from 65.127.72.231 at some point in the past and that caused him to block the entire range (65.127.72.*). I have done similiar things with Postini at work when we are getting attacked by viruses, but their system allows me to set a time for the block to expire. I find 30 days is good. It allows the site time to find a problem and clean it up. This step is usually only taken after multiple warnings to the IP admin.

You would have to contact Go Daddy to find out for sure. Using that blocking scheme, they are also blocking the 2 legitimate servers SenderBase knows about:

65.127.72.6 mail.ctesc.net and 65.127.72.10 smtp.ctesc.net

Share this post


Link to post
Share on other sites

Although 64.202.166.12 is not blocked by SpamCop Google are showing ignored concerns

64.202.166.12 also SpamCop is not sending reports to abuse<AT>godaddy.com ? for this IP (looks like aZOMBIE to me

Edited by petzl

Share this post


Link to post
Share on other sites
Although 64.202.166.12 is not blocked by SpamCop Google are showing ignored concerns
The last Received: line in all those spams is forged, making it look like the spam came from this machine, although it really originated from the machines in the second to last Received: lines.

64.202.166.12 also SpamCop is not sending reports to abuse<AT>godaddy.com ?
Here is why:

Thursday, December 09, 2004 12:02:13 PM -0500

[Note added ...]

inbound only server being forged into headers

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×