Jump to content

Why organisation ip Blacklsited?


sergei_msk

Recommended Posts

I don't see this listed in the blocking list.

195.225.38.43 not listed in bl.spamcop.net

Being a user as yourself, I also don't have access to view email addresses that may have caused any listing.  From https://www.spamcop.net/sc?track=195.225.38.43, it looks like abuse[at]gazprombank[dot]ru should have all the reports.  It takes more than one user or email address to be listed on the blocking list.  The abuse address should have most of those reports.

Link to comment
Share on other sites

https://talosintelligence.com/reputation_center/lookup?search=195.225.38.0%2F24

That IP is not listed on any blocklist that I can see.  in fact it has a "Good" reputation.

SpamCop of course can not speak for any other blocklist manager, but providing source email addresses of specific reports is not possible.  Revealing the source could expose the address of spamtraps

More information

Link to comment
Share on other sites

9 hours ago, sergei_msk said:

Hello,

I am security officer at Gasprombank. Could you write me, whose mail address caused blocking the ip 195.225.38.43?

No reports made by SpamCop members for 90 days which is as long as records are kept?
Can you show the bounce, edit it to remove any sensitive information

Link to comment
Share on other sites

On 2/12/2020 at 11:17 PM, petzl said:

No reports made by SpamCop members for 90 days which is as long as records are kept?
Can you show the bounce, edit it to remove any sensitive information

Hi,

Thanks all for answers!

There aren't mail in abuse[at]gazprombank[dot]ru.

This (attached file) message received our users from recipient.

mail.jpg

Link to comment
Share on other sites

10 hours ago, sergei_msk said:

Hi,

Thanks all for answers!

There aren't mail in abuse[at]gazprombank[dot]ru.

This (attached file) message received our users from recipient.

SpamCop blocklist can be activated by a large number of emails hitting "SpamCop's spamtraps" .

These email addresses are not public but can be scraped by "bots" from poisoned Web-sites.
 
Records of such attacks are not recorded will be blocked for 24 hours from last spam.

Two reasons for this is someone is not using a Virus scanner and a computer/device has been compromised
or best practice for marketing is not being done "double opt-in confirmation"
Minimum is
https://en.wikipedia.org/wiki/Opt-in_email#Best_practice
How easy is it to be put on a/your mail list? 
Your competitors may well try to sabotage your mail list by loading it with poisoned email addresses?

Link to comment
Share on other sites

14 hours ago, sergei_msk said:

This (attached file) message received our users from recipient.

Also one note, is that at one point a while back most of the mail servers allowed/required separate rbl and text response entries.  There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop.  If this is still being blocked, but the IP is now showing up on the list, maybe they have pointed the blacklist to something like spamhaus.

Another thing you might want to try is one of the following commands around the time an email is blocked.  If you do see a "NXDOMAIN" or a "SOA" record instead of an "A" record, they the block is not coming from SpamCop.

dig any 43.38.225.195.bl.spamcop.net
nslookup -type=any 43.38.225.195.bl.spamcop.net

 

Link to comment
Share on other sites

6 hours ago, gnarlymarley said:

There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop.

Yes if the IP shows as ever being blocked by SpamCop  it would lose it's GOOD TALOS reputation
EMAIL REPUTATION Good
Not uncommon for SpamCops blocklist to be falsely blamed
However this IP has a malware infection, But never been reported by SpamCop
195.225.38.17  abuse[at]gazprombank [dot]r u.
https://www.abuseat.org/lookup.cgi?ip=195.225.38.17

Edited by petzl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...