horsepro Posted May 6, 2005 Share Posted May 6, 2005 Hi There, I have n Educational Website that is quite popular and helps a lot of people. My mail is often blocked and I am on spam lists apparently. I cannot work out how to put a dispute form in. It asked for my ip number, I put it in and then no help as to what to do next. www.horseproblems.com.au Thanks for any advice. Link to comment Share on other sites More sharing options...
JosephK Posted May 6, 2005 Share Posted May 6, 2005 Assuming your email server is at 66.116.206.62, you do not seem to be in any of the major blocklists. You will probably need to post one of the rejection notices. -- Just a happy user, JosephK Link to comment Share on other sites More sharing options...
Jeff G. Posted May 6, 2005 Share Posted May 6, 2005 Please see the Why Am I Blocked? FAQ. Thanks! Link to comment Share on other sites More sharing options...
horsepro Posted May 6, 2005 Author Share Posted May 6, 2005 Thanks very much for your advice. Much appreciated. Link to comment Share on other sites More sharing options...
Jeff G. Posted May 6, 2005 Share Posted May 6, 2005 Thanks very much for your advice. Much appreciated. 27694[/snapback] You're welcome. Link to comment Share on other sites More sharing options...
DavidT Posted May 6, 2005 Share Posted May 6, 2005 Assuming your email server is at 66.116.206.62 But it's probably not. In most shared hosting situations, the IP address from which mail emanates is rarely the same as the IP address of the "www" version of the domain, which is what you've supplied here. Did you look it up in SenderBase? Take a look here: http://www.senderbase.org/?searchBy=ipaddr...g=66.116.206.62 It doesn't seem that any mail is emanating from that IP. However, if you look up the DNS for "horseproblems.com.au" at: http://dnsreport.com/tools/dnsreport.ch?do...problems.com.au you'll see that their MX is "mail6.hostexcellence.com" (which is an alias for "mail6.opentransfer.com") and the IP is: 69.6.255.177 Let's look that up in SenderBase: http://www.senderbase.org/?searchBy=ipaddr...ng=69.6.255.177 Oh my...in the last 30 days, the traffic has risen by 1159%!!! That's a very BAD indicator. The good news is that in the last day, it's dropped by 75%, so perhaps someone is dealing with whatever problem might exist (spammer, hijacked mail scripts, ?) on that server. The IP isn't currently listed on any blocklists, however, and there's no SpamCop "history" of reports (on either of the IPs), so I'm not sure if that's the sending IP for the server in question, either. We need to see the error message from one of the bounces. Regarding the hosting provider....some strange stuff...the address given is in Kentucky, but the IPs and servers all appear to be under the control of a person named "Fathi Said" in Austria. If you Google him, you'll find some odd stuff relating to some big flap over "FeaturePrice.com" and Mr. Said. You'll also find this reference to him not caring about spamvertising in Usenet groups: http://www.talkaboutspam.com/group/alt.kil...sages/9766.html Hmmm...a little more Googling, and I find this: http://www.featureprice-scam.com/fathi.html I checked out some of the "web hosting review sites" mentioned on that page, and there does appear to be a pattern of Mr. Said putting up self-serving review sites, putting his hosting companies as the top-rated hosts. Or maybe he's a fine, upstanding businessman whose reputation was sullied by previously being in partnership with someone who wasn't quite so upstanding? It's hard to tell from a limited bit of research. OK, I guess it's time to get back on topic... ;-) DT Link to comment Share on other sites More sharing options...
horsepro Posted May 9, 2005 Author Share Posted May 9, 2005 Thanks very much David. Now I am starting to understand it. Thankyou for your kind efforts on my behalf. Link to comment Share on other sites More sharing options...
Derek T Posted May 9, 2005 Share Posted May 9, 2005 Thanks very much David. Now I am starting to understand it. Thankyou for your kind efforts on my behalf. 27783[/snapback] Now senderbase -51% and de-listed. Seems like another case of SpamCop doing what it says on the tin! - alerting server admins of a problem which they seem to have put right. Link to comment Share on other sites More sharing options...
horsepro Posted May 10, 2005 Author Share Posted May 10, 2005 Sorry to bother you again, but when you see the funny writing on your preview in mail washer, like down the bottom of this, does that mean it is a virus? (Personal data removed by Wazoo) Date: Mon, 09 May 2005 17:18:18 UTC Subject: Your email was blocked Importance: Normal X-Priority: 3 (Normal) Message-ID: <bfb3.efb1c996adf[at]vw.ph-heidelberg.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="======b974a638df438e1b31ef" Content-Transfer-Encoding: 7bit This is a multi-part message in MIME format. --======b974a638df438e1b31ef This is an automatically generated E-Mail Delivery Status Notification. Mail-Header, Mail-Body and Error Description are attached --======b974a638df438e1b31ef Content-Type: application/octet-stream; name=error-mail_info.zip Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="error-mail_info.zip" UEsDBAoAAAAAAAGAojKuS6g1MtEAADLRAAAmAAAAV2luemlwcGVkLVRleHRfRGF0YS50eHQgICAg ICAgICAgIC5waWZNWpAAAwAAAAQAAAD//wAAuAAAAAAAAABAAAAAAAAAA Link to comment Share on other sites More sharing options...
Wazoo Posted May 10, 2005 Share Posted May 10, 2005 Although it may have been / probably was a virus, to the question you ask about the data you provided, the specific technical answer would be "no" ... it doesn't "mean" that it's a virus, only that the data had been "packaged" .. the details describing how it was packaged .... Content-Transfer-Encoding: base64 - says that the included data was encoded to Base-64 ... so you wouldn't see 'plain text' Example: This is a test ends up looking like VGhpcyBpcyBhIHRlc3Q= Content-Type: application/octet-stream; name=error-mail_info.zip - then suggests that the included data had been archived/compressed into a .ZIP file, yet another level of data manipulation that would further distance that data from any resemblance to 'plain text' .... Link to comment Share on other sites More sharing options...
horsepro Posted May 10, 2005 Author Share Posted May 10, 2005 Thanks for that. I just had 42 of that type of mail. If I could only get my cottin pickin hands on them for 5 minutes. :angry: Link to comment Share on other sites More sharing options...
Wazoo Posted May 10, 2005 Share Posted May 10, 2005 42 in one stretch would suggest that it really was a virus infected machine working hard to get your attention ... <g> .. dang Iwent back to look up the source, guess maybe I removed too much? (though don't recall seeing a lot of hand-off data .. just keyed on your address sitting there in plain sight ..) Link to comment Share on other sites More sharing options...
DavidT Posted May 10, 2005 Share Posted May 10, 2005 does that mean it is a virus? Let me state first...."Google is your friend...use it!" Now for the answer....YES! It's the new variant of the "Sober" worm. I put the zip file name into Google and came up with plenty of hits. Here's the description from Syamtec: mm.html]http://sarc.com/avcenter/venc/data/w32.sober.o[at]mm.html Most incoming messages with ".zip" file attachments are worms, as are those with ".pif" and other file types. You can use the headers on this to report it to the source ISP and get them to cut that user's Internet access off until they call in, and are then told to disinfect their computer. DT Link to comment Share on other sites More sharing options...
Wazoo Posted May 10, 2005 Share Posted May 10, 2005 Catching up on some old e-mail .... http://secunia.com/virus_information/17692/ Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.