Jump to content
Sign in to follow this  
wphowell

Blacklist Evidence

Recommended Posts

We have been to the website to find that one of our servers is blacklisted; however, there is no information on the message or messages that caused the server to become blacklisted.

How do we find the message so we can find the source?

Thanks,

Pete

Share this post


Link to post
Share on other sites

Hi, Pete!

...Sorry, my crystal ball is not working today. :) <g> Could you please post the IP in question? The content of the notice you received telling you the IP is blacklisted might also help us.... Thanks!

Share this post


Link to post
Share on other sites

FYI, the OP appears to be posting from a dynamic adelphia.net host listed by FIVETEN, SPAMBAG, DRBL-VOTE-GREMLIN, DRBL-WORK-GREMLIN, and BUSPDL.

Share this post


Link to post
Share on other sites

Is this the server you are talking about?

207.234.147.127 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 13 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Share this post


Link to post
Share on other sites

Fired up the ACP, looked up the registration data, did an MX lookup on the e-mail address used to register .... the single MX record / IP address offered there is not currently shown as being listed in the SpamCopDNSBL. However, that Domain is hosted by Everyone's Internet, SenderBase shows several e-mail servers in that pool ... not going to spend time looking all of them up when it's so much easier to have the original poster actually point to the IP address in question.

Merlyn posted while I was typing .... I'd say that his guess is probably a good one, as that's one of the servers listed in the 'pool' I mentioned above (although not 'the' IP showing as the registered MX of the Doamin used in the original poster's registered e-mail address)

Share this post


Link to post
Share on other sites
Is this the server you are talking about?

207.234.147.127 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 13 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

29214[/snapback]

Yes, that is the server that is blacklisted. If we can get a copy of the message that caused the server to be blacklisted, we can track the source of the message. How do we get a copy of the message?

Thanks,

Pete

Share this post


Link to post
Share on other sites
Yes, that is the server that is blacklisted.  If we can get a copy of the message that caused the server to be blacklisted, we can track the source of the message.  How do we get a copy of the message?

29242[/snapback]

Because the messages were sent to spam traps, the details of messages are not publicly available. If you are not aware, spam traps are unused, unpublished Email addresses used to catch spam. Since they are unpublished and unused, any mail they receive must arrive either direct from a spammer or via zombie PCs which are then transmitting this spam. Either way, they point to a much greater guarantee of spam since the addresses can never have been subscribed voluntarily to receive these messages.

Because the details are held confidentially you will have to raise the issue with deputies[at]spamcop.net and explain why you believe they should release the information to you.

Andrew

Share this post


Link to post
Share on other sites

You should really ask abuse<at>affinity.com for copies of the Reports. In any case, here is the Report History I found (munged for the web):

Submitted: Thursday, April 21, 2005 15:37:20 -0400:

* 1407650933 ( 69.151.187.220 ) To: spamcop<at>imaphost.com

* 1407650872 ( 69.151.187.220 ) To: abuse<at>sbcglobal.net

* 1407650830 ( 207.234.147.127 ) To: relays<at>admin.spamcop.net

Submitted: Friday, April 08, 2005 10:22:21 -0400:

We are understaffed

* 1398346818 ( http:// info.homeempires.com/survey?e=x ) To: mole<at>devnull.spamcop.net

* 1398346817 ( http:// homeempires.com/pics.php/apredirect.php ) To: mole<at>devnull.spamcop.net

* 1398346815 ( 207.234.147.127 ) To: mole<at>devnull.spamcop.net

Submitted: Tuesday, March 29, 2005 15:44:33 -0500:

See for yourself, Michelle

* 1391878431 ( 207.234.147.127 ) To: spamcop<at>imaphost.com

* 1391878430 ( 207.234.147.127 ) To: abuse<at>affinity.com

Submitted: Friday, March 25, 2005 15:05:54 -0500:

Living paycheck to paycheck, Michelle?

* 1389105351 ( 207.234.147.127 ) To: spamcop<at>imaphost.com

* 1389105350 ( 207.234.147.127 ) To: abuse<at>affinity.com

Submitted: Friday, March 18, 2005 15:31:42 -0500:

Jillian Distributors - Special Offer Code - Requested Newsletter

* 1384193152 ( http:// www.jilliandistributors.com/unsubscribe.... ) To: abuse#above.net<at>devnull.spamcop.net

* 1384193150 ( http:// dvdwholesaler.jillianentertainment.com ) To: abuse#above.net<at>devnull.spamcop.net

* 1384193148 ( http:// dvdwholesaler.jillianentertainment.com ) To: abuse<at>gblx.net

* 1384193140 ( http:// www.jilliandistributors.com/unsubscribe.... ) To: abuse<at>ipowerweb.com

* 1384193139 ( http:// dvdwholesaler.jillianentertainment.com ) To: abuse<at>ipowerweb.com

* 1384193138 ( http:// www.jilliandistributors.com/unsubscribe.... ) To: abuse<at>above.net

* 1384193137 ( http:// dvdwholesaler.jillianentertainment.com ) To: abuse<at>above.net

* 1384193136 ( 207.234.147.127 ) To: spamcop<at>imaphost.com

* 1384193131 ( 207.234.147.127 ) To: abuse<at>affinity.com

Submitted: Friday, March 18, 2005 08:58:56 -0500:

greg winski

* 1383954755 ( http:// www.ntesoft.com/software/emc/systemr/r.a... ) To: abuse<at>interland.net

* 1383954753 ( http:// jstraw.simpleasabc.com/story ) To: paul<at>rydell.com

* 1383954748 ( http:// jstraw.simpleasabc.com/story ) To: abuse<at>mci.com

* 1383954743 ( 207.234.147.127 ) To: spamcop<at>imaphost.com

* 1383954737 ( 207.234.147.127 ) To: abuse<at>affinity.com

Submitted: Thursday, March 17, 2005 13:28:07 -0500:

Quit Your 9-5 !

* 1383397215 ( http:// www.ntesoft.com/software/emc/systemr/r.a... ) To: abuse<at>interland.net

* 1383397213 ( http:// www.jstraw.simpleasabc.com ) To: paul<at>rydell.com

* 1383397212 ( http:// www.jstraw.simpleasabc.com ) To: abuse<at>mci.com

* 1383397210 ( 207.234.147.127 ) To: spamcop<at>imaphost.com

* 1383397206 ( 207.234.147.127 ) To: abuse<at>affinity.com

Share this post


Link to post
Share on other sites

I own 3 different domain names that I use to market my products. Over the last four years, I have built a subscriber database of 12,000 OPT IN's ONLY. I don't send out newsletters very frequently. Usually, I'll send one every 2 months.

I am hardly a spammer, but I was kicked off my mail server because of one complaint. Even with the evidence that I send mass mailing very infrequently, my mail server provider still canceled my account.

My hosting provider claimed I sent email to a honeypot? I had no idea what a honeypot was until doing some research. If there is a honey pot address in my list, it is because someone intentionally entered it into my opt in form. The problem is I don't know what email address it is to remove it!

My hosting provider recommends I use a double opt in method which makes sense to me at this point. (I never recognized why this was important) But at this point, I have spent 4 years building a list that contains 1 honeypot address. How can I clean up my list?

Another problem with my list is I have never used software to remove bounced emails. With many email addresses 4 years old, I usually get 1,500 bounces out of the 12,000 emails. I never recognized the importance of removing bounces until now. I just bought software that will remove bounces after 2 times.

I found this forum because my domain names are posted above. jilliandistributors.com and jillianleather.com

Unfortunately, there is no book "Everything you need to Know about Internet Marketing". I have learned most of my lessons as I go.

Can someone please tell me what method I need to use to clean up my lists, and keep from being confused with a spammer?

Thanks for your help,

Brent Crouch

brent[at]jilliandistributors.com

Share this post


Link to post
Share on other sites

You are in a bad position. First of all, there is some data found in the FAQ here that attempts to talk about the handling of mailing-lists .. have you been there yet (noting the read before posting verbiage) ...

The cite of a honeypot suggests that the issue isn't with one of the addresses in the "bounced" list, as the honeypot would accept anything so it could do its thing. One could suggest that if all this happened recently, based on your last (infrequent) e-mail output, then perhaps removing all those addresses added after your previous e-mail (prior to the complaint) would be a starting point. However, a previous post in this Topic shows multiple e-mail servers / ISPs involved, along with a bit of recorded evidence of complaints made (kind of changing the "one report" side of the story) ... so I'm not sure if this is really a possible solution at all ... maybe ought to leave things at pointing to the FAQ for right now ..???

The fact that your ISP killed your account based on a single complaint seems pretty over-reactive, but .... have to note that there is only your side of the story presented here ... spammers have spoiled many wells .... and the data above and in the previous post does appear to shade the scenario a bit ...

No MX records found for jilliandistributors.com

No MX records found for jillianentertainment.com

ns1.ipowerweb.net reports the following MX records:

Preference Host Name IP Address

10 mail.jillianleather.com 66.235.219.133

66.235.219.133 not listed in bl.spamcop.net

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.2 .. 33%

Last 30 days .. 4.3 .. 56%

Average ........ 4.1

http://groups-beta.google.com/group/news.a...575d92a5876a672 shows a listing from last year for the existing server ...it got fixed, right?

Share this post


Link to post
Share on other sites

Hi, Brent!

<snip>

My hosting provider recommends I use a double opt in method which makes sense to me at this point.

<snip>

Unfortunately, there is no book "Everything you need to Know about Internet Marketing".  I have learned most of my lessons as I go. 

Can someone please tell me what method I need to use to clean up my lists, and keep from being confused with a spammer?

29996[/snapback]

...First, I recommend you purge the term "double opt in" from your vocabulary. To the knowledgeable, it will mark you as a spammer. "Confirmed opt-in" is the preferred term.

...Second: if after perusing the FAQ (as suggested above by Wazoo) you do not find the mailing list information, post a follow-up here and I'll point you to it.

...Good luck!

Share this post


Link to post
Share on other sites
"However, a previous post in this Topic shows multiple e-mail servers / ISPs involved, along with a bit of recorded evidence of complaints made (kind of changing the "one report" side of the story) ... ""

I said one complaint, because that is what I was told by the ISP. If there has been more than one complaint, I don't know about it.

I signed up with the hosting company that canceled me about 6 months ago. I kept my website hosted at the same provider I have always used. I just decided to change my outgoing mail server to a new one because of problems at my original hosting company.

The problem with the original hosting company was they did not require authorization for outgoing mail. So literally anyone with this knowledge could send mail from any domain on the server. My website was also hosted on a server with many other websites, and my outgoing mail could be shut down once every 2 - 3 months due to problems with other users on the server. At this point, the hosting provider put a 1,000 a day limit on outgoing mail. This was not a problem for me until the once every 2 months I wanted to send to my mail list. So that is why I made the change.

"The fact that your ISP killed your account based on a single complaint seems pretty over-reactive, but .... have to note that there is only your side of the story presented here ... spammers have spoiled many wells .... and the data above and in the previous post does appear to shade the scenario a bit ..."

I thought it was very over reactive myself. I made the case that they had access to my outgoing mail and know I only emailed to my list very rarely. It made no difference. They still canceled my account.

I guess I don't understand the data you mention. I have no idea how this implicates me as a "spammer" or more than one time offender.

No MX records found for jilliandistributors.com

No MX records found for jillianentertainment.com

ns1.ipowerweb.net reports the following MX records:

Preference Host Name IP Address 

10 mail.jillianleather.com 66.235.219.133

66.235.219.133 not listed in bl.spamcop.net

Volume Statistics for this IP 

Magnitude Vol Change vs. Average

Last day ........ 4.2 .. 33%

Last 30 days .. 4.3 .. 56%

Average ........ 4.1

http://groups-beta.google.com/group/news.a...575d92a5876a672 shows a listing from last year for the existing server ...it got fixed, right?

29997[/snapback]

Yes, when there have been problems from the server, IPOWER has fixed the problem very quickly. There has no been a shutdown of outgoing mail on this server for many months.

Thanks for you reply. I'll read the FAQ you suggest.

Brent

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×