Jump to content
sergei_msk

Why organisation ip Blacklsited?

Recommended Posts

I don't see this listed in the blocking list.

195.225.38.43 not listed in bl.spamcop.net

Being a user as yourself, I also don't have access to view email addresses that may have caused any listing.  From https://www.spamcop.net/sc?track=195.225.38.43, it looks like abuse[at]gazprombank[dot]ru should have all the reports.  It takes more than one user or email address to be listed on the blocking list.  The abuse address should have most of those reports.

Share this post


Link to post
Share on other sites

https://talosintelligence.com/reputation_center/lookup?search=195.225.38.0%2F24

That IP is not listed on any blocklist that I can see.  in fact it has a "Good" reputation.

SpamCop of course can not speak for any other blocklist manager, but providing source email addresses of specific reports is not possible.  Revealing the source could expose the address of spamtraps

More information

Share this post


Link to post
Share on other sites
9 hours ago, sergei_msk said:

Hello,

I am security officer at Gasprombank. Could you write me, whose mail address caused blocking the ip 195.225.38.43?

No reports made by SpamCop members for 90 days which is as long as records are kept?
Can you show the bounce, edit it to remove any sensitive information

Share this post


Link to post
Share on other sites
On 2/12/2020 at 11:17 PM, petzl said:

No reports made by SpamCop members for 90 days which is as long as records are kept?
Can you show the bounce, edit it to remove any sensitive information

Hi,

Thanks all for answers!

There aren't mail in abuse[at]gazprombank[dot]ru.

This (attached file) message received our users from recipient.

mail.jpg

Share this post


Link to post
Share on other sites
10 hours ago, sergei_msk said:

Hi,

Thanks all for answers!

There aren't mail in abuse[at]gazprombank[dot]ru.

This (attached file) message received our users from recipient.

SpamCop blocklist can be activated by a large number of emails hitting "SpamCop's spamtraps" .

These email addresses are not public but can be scraped by "bots" from poisoned Web-sites.
 
Records of such attacks are not recorded will be blocked for 24 hours from last spam.

Two reasons for this is someone is not using a Virus scanner and a computer/device has been compromised
or best practice for marketing is not being done "double opt-in confirmation"
Minimum is
https://en.wikipedia.org/wiki/Opt-in_email#Best_practice
How easy is it to be put on a/your mail list? 
Your competitors may well try to sabotage your mail list by loading it with poisoned email addresses?

Share this post


Link to post
Share on other sites
14 hours ago, sergei_msk said:

This (attached file) message received our users from recipient.

Also one note, is that at one point a while back most of the mail servers allowed/required separate rbl and text response entries.  There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop.  If this is still being blocked, but the IP is now showing up on the list, maybe they have pointed the blacklist to something like spamhaus.

Another thing you might want to try is one of the following commands around the time an email is blocked.  If you do see a "NXDOMAIN" or a "SOA" record instead of an "A" record, they the block is not coming from SpamCop.

dig any 43.38.225.195.bl.spamcop.net
nslookup -type=any 43.38.225.195.bl.spamcop.net

 

Share this post


Link to post
Share on other sites
6 hours ago, gnarlymarley said:

There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop.

Yes if the IP shows as ever being blocked by SpamCop  it would lose it's GOOD TALOS reputation
EMAIL REPUTATION Good
Not uncommon for SpamCops blocklist to be falsely blamed
However this IP has a malware infection, But never been reported by SpamCop
195.225.38.17  abuse[at]gazprombank [dot]r u.
https://www.abuseat.org/lookup.cgi?ip=195.225.38.17

Edited by petzl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×