On Blacklist, need help

[WebZm]

Hello everyone,

I have found myself on the blacklist, but I cannot find where to see the message(s) that have put me on that list. I close accounts that are reported more them one message of spam.

I suspect that is a series of complaints I have continued to recieve even though I have shut of the site weeks ago. The client hired a Marketing company that did a spam listing of their site. They sent the messages using their own servers so they were not run thru my mail server. I shut off the site but still have recieved complaints for several weeks. My concern is that mail mail server was listed even though my mail server was not the one sending the messages.

Please help me find where I can see the message that was the reason for the black list.

Thanks,

WebZm

Edit --- Sorry, i posted this in the wrong subject. Can one of the moderators move it for me? Thanks.

[Wazoo]

Moved post from Reporting to Blocklist section.

No IP offered, no rejection notice offered, so no idea just what you say is blocked.

FAQ has various entried that voth explain and play havoc with your situation. The "Wha am I Blocked?" FAQ entry and Pinned item offers up a bunch of data ... however, other entries in the FAQ also show that the SpamCop parser doesn't accept spam over 48 hours old, so there's a real issue with your "stuff was killed weeks ago" scenario.

Was thinking that as you'd noticed the different Forun sections, perhaps you'd have done some more reading and come back with yet another edit with some additional data .... gave up waiting on that and typed this in ...

[WebZm]

The IP that was blocked was 64.94.102.5. The message that one of my clients brought to my attention was:

Hi. This is the qmail-send program at bouncehost.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<XXXXXX[at]buteykoabc.com>:

67.19.161.34 does not like recipient.

Remote host said: 550-Message rejected because mail.zeonhost.com

[64.94.102.5]:33978 is

550-blacklisted at bl.spamcop.net see Blocked - see 550 http://www.spamcop.net/bl.shtml?64.94.102.5

Giving up on 67.19.161.34.

I've read thru the 'why am I blocked' but what I'm trying to find is if it's a message or messages I have not gotten notices about.

I never get sent messages directly from SPAMCOP. They usually notify my provider and they forward it to me. I would prefer that SPAMCOP sends the messages to me directly. I found and signed up for the "Alert" which says only "IPs reported in past hour:64.94.102.5" but does not give any details about the message. Is there a way I can make sure I get notified?

Regarding the 48 hour, I understand that. The problem is that the message were continuing to be sent by that other company. They have effectively put my client out of business as his site was his means of income. They took a week and an half to return my client's messages to stop. It was my client's bad choice to us them, but I was still getting forwarded complaints about it till about 3 days ago. It's the only complains I've gotten from my upstream provider so I have to assume that this is what got me blocked, even though I killed the account. The marketing company continued to send mail.

Thanks for you help.

[Wazoo]

http://www.spamcop.net/w3m?action=blcheck&ip=64.94.102.5 currently states;

64.94.102.5 not listed in bl.spamcop.net

http://www.senderbase.org/?searchBy=ipaddr...ing=64.94.102.5 shows;

Date of first message seen from this address 2003-09-29 so we're not talking "new"

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.2 .. 36%

Last 30 days .. 4.1 ... 9%

Average ........ 4.1

seems to show a rather 'healthy' ramp-up in e-mail traffic ... would you think that this is strictly based on this one company and hired outfit?

There are a few spam samples showing in http://groups-beta.google.com/groups?scori...5+group:*abuse* that don't quite jive with your good company hiring a responsible agent ....???

The SpamCop parser is currently showing;

SpamCop v 1.466 © Ironport Systems Inc., 1998-2005 , All rights reserved.

Parsing input: 64.94.102.5

host 64.94.102.5 = mail.zeonhost.com (cached)

Routing details for 64.94.102.5

[refresh/show] Cached whois for 64.94.102.5 : abuse[at]internap.com

Using abuse net on abuse[at]internap.com

abuse net internap.com = abuse[at]internap.com

Using best contacts abuse[at]internap.com

A long while back, one could fill out a form and get a listing of "third-party is interested" ... which a lot of folks would uncheck ... but this was dropped for a couple of reasons, the critical one being that so many spammers were doing this in order to 'game' the system ... This was replaced by a non-interactive signup for some summary reports, which as you state, don't include a lot of data. I believe you can still manually make the request for third-party-interested notifications, but this also requires the approval of the upstream ISP involved .... you can try deputies <at> admin.spamcop.net with your particulars, but just remember that spammers have tainted the well .. and the few Deputies are extremely overloaded with e-mail from folks that don't even try to perform the research you've attempted (thanks for that by the way)

[turetzsr]

Hi, WebZm!

The IP that was blocked was 64.94.102.5.

29564[/snapback]

...Thanks!

I've read thru the 'why am I blocked' but what I'm trying to find is if it's a message or messages I have not gotten notices about.

I never get sent messages directly from SPAMCOP. They usually notify my provider and they forward it to me. I would prefer that SPAMCOP sends the messages to me directly. I found and signed up for the "Alert" which says only "IPs reported in past hour:64.94.102.5" but does not give any details about the message. Is there a way I can make sure I get notified?

<snip>

29564[/snapback]

...As far as I know, SpamCop will only send complaints to providers (usually the "abuse" e-mail address of the registrant of the IP address through which the spam was sent). However, you may wish to address this matter with the SpamCop deputies (e-mail address deputies <at> spamcop <dot> net) -- if an exception is possible, they would know.

...Good luck!

[StevenUnderwood]

From the [report history] link:

Report History:

--------------------------------------------------------------------------------

Submitted: Thursday, June 23, 2005 11:59:21 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Thursday, June 23, 2005 11:58:12 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Wednesday, June 22, 2005 10:24:02 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Wednesday, June 22, 2005 6:20:51 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Tuesday, June 21, 2005 1:29:23 PM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

It appears someone using the same email server took a chance at a get rich quick scheme that affected your client.

[WebZm]

From the [report history] link:

Report History:

--------------------------------------------------------------------------------

Submitted: Thursday, June 23, 2005 11:59:21 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Thursday, June 23, 2005 11:58:12 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Wednesday, June 22, 2005 10:24:02 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Wednesday, June 22, 2005 6:20:51 AM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

Submitted: Tuesday, June 21, 2005 1:29:23 PM -0400:

NEW Instant Kava Powder

--------------------------------------------------------------------------------

It appears someone using the same email server took a chance at a get rich quick scheme that affected your client.

29582[/snapback]

Hey, thanks to everyone for the help. I will send messages to the addresses suggested to try to get in the third-party notification.

Also Steve, where did you get the information about "NEW Instant Kava Powder" This is one of my reseller client's and we have now removed the account. I only 1 notice from Internap so was unaware of more then one. How do I go about finding that information when we are researching why we are blocked? This way I can spot problems and deal with them after I get that alert.

Many Thanks to everyone.

Cheers,

[turetzsr]

<snip>

Also Steve, where did you get the information about "NEW Instant Kava Powder"

<snip>

29602[/snapback]

...Steven is a paying SpamCop user, so he has a special link called a "report history" link that allows him to see that information. Your provider should also be receiving them (unless they were reported by "spam traps"). If you can get a SpamCop deputy to agree to also send the reports to you, then you will get them, as well (again, unless they are reported by "spam traps"). Note, however, if you are set up as an "interested third party," whether the reports are sent to you depends on whether the SpamCop user reporting the spam allows it -- we have the option of not sending reports to specific abuse and third-party e-mail addresses.

[WebZm]

Well, some reporting is better then none.

I've sent off request to be added as 3rd party.

Again, thanks to everyone for help.

Cheers,

[WebZm]

I got added to the 3rd party notification

Now, today, I've gotten 3 alerts. Apparently the people submitting the alerts didn't allow 3rd party notification, and I have received nothing from Internap.

Is there something I can join to get access to the notifications? I just want to be able to head off problems before they get my servers in trouble.

Thanks Again.

[Jeff G.]

As an Internap customer, you don't have access to their support system?

[Wazoo]

I got added to the 3rd party notification

Now, today, I've gotten 3 alerts. Apparently the people submitting the alerts didn't allow 3rd party notification, and I have received nothing from Internap.

As I suggested earlier, spammers have poisoned that well. And I will also note, to the masses, there's that question (again, based on previous spammer abuse) that would come up with the following data;

Parsing input: 64.94.102.5

host 64.94.102.5 = mail.zeonhost.com (cached)

Routing details for 64.94.102.5

[refresh/show] Cached whois for 64.94.102.5 : abuse[at]internap.com

Using abuse net on abuse[at]internap.com

abuse net internap.com = abuse[at]internap.com

Using best contacts abuse[at]internap.com

Routing details for 64.94.102.5

Statistics:

64.94.102.5 listed in bl.spamcop.net (127.0.0.2)

Reporting addresses:

abuse[at]internap.com

Third parties interested in reports:

abuse[at]zeonhost.com

First thought for some folks may be the simple "who the heck is zeonhost?" as compared to the (assumed) spamvertised websites, the above noted internap connection to the IP address .... again, from the view of folks complaining about receiving 20-200-2000 spams a day, that 5 second decision may well be "I'm sure not going to send this to the spammer" ..... no accusation here, just trying to explain the background of not getting the results you wanted.

Is there something I can join to get access to the notifications? I just want to be able to head off problems before they get my servers in trouble.

If one was to recommend signing up for a SpamCop account, the next thing one would hear would be someone screaming blackmail, coersion, or some other nasty word, so I'm not going to be the one to bring that possible solution up <g>

If we're talking the same IP address, there are more issues than just the "three alerts" you say you received. http://www.spamcop.net/w3m?action=blcheck&ip=64.94.102.5 shows both user complaints and spamtrap hits. For that, I'm going to suggest the Forum FAQ once again. You might be able to get "some" data about the spamtrap hits, but .... it does appear that someone is going to have to grab hold of that server and find out what is really going on and who's creating the problem.

[Jeff G.]

Is there something I can join to get access to the notifications? I just want to be able to head off problems before they get my servers in trouble.

29649[/snapback]

If you are writing about gaining access to the History mentioned above, I believe that can be done with a paid reporting account (for which the minimum investment is only $2.00).

[swingspacers]

Is there something I can join to get access to the notifications?

29649[/snapback]

It looks like your most recent listing is based at least in part on messages sent to spam traps. AFAIK, nobody but the deputies gets to see them.

[WebZm]

Hi Jeff - Internap usually automatically forwards me any complaints they recieve, but I called them and they say they have not received any in the past couple of day. Now I am blacklisted again and cannot find out the source. I've deleted the last 2 accounts that have been reported to me for the past couple of weeks. They were deleted when they recieved more then on complain.

Also, are you refering to a "Mail" account for $2.00? I'm not finding the signup. $2.00 is more then fair to fid out what is going on and to get unlisted.

Hi swingspacers - If something is only being reported to the deputies, then how are we to eliminate the problem? There has to be a effective way for me (and other hosting companies) to get notified of what is putting us on a blacklist. Just blacklisting us will not help us eliminate the account or fix the problem.

According to the site report for the IP:

Causes of listing:

-System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

-SpamCop users have reported system as a source of spam less than 10 times in the past week

While I understand the need to keep the spamtraps as a necessary hidden info, isn't there a way to get the address it was sent from?

I will look around some more to see if I can find which account will give me access to the reports.

Thanks,

[DavidT]

Also, are you refering to a "Mail" account for $2.00? I'm not finding the signup. $2.00 is more then fair to fid out what is going on and to get unlisted.

Here's the page that describes the "premium" (paid) account process:

http://www.spamcop.net/fom-serve/cache/288.html

You sign up first for a free reportig account, then follow the directions found on the page above.

If something is only being reported to the deputies, then how are we to eliminate the problem? There has to be a effective way for me (and other hosting companies) to get notified of what is putting us on a blacklist.

The things that only the Deputies can see are spams that hit "spamtrap" addresses, which is apparently happening in your case. Due to the secrecy necessary for spamtraps to be effective, reports can't be sent. Please contact the Deputies for clarification at:

deputies <at> spamcop <dot> net

DT

[WebZm]

Here's the page that describes the "premium" (paid) account process:

http://www.spamcop.net/fom-serve/cache/288.html

You sign up first for a free reportig account, then follow the directions found on the page above.

I've been on that page and login into my free account. But when I try to follow the directions:

"To upgrade to a premium SpamCop account, you must first sign up for and verify a free account. Then, from your SpamCop access page, simply click on the "Preferences" link and "Add Fuel" to your account. "

I cannot find "Add Fuel" on the page. I've even searched the page with the "find" in IE to make sure I was not missing the words.

I did send a message off to the deputies to get more info if they will send it.

Thanks.

[DavidT]

I just logged into the SpamCop.net page, using my old reporting account (before I bought several email accounts), clicked on the "Preferences" tab near the top of the page and I can see the "Add Fuel" link. Here are the contents of the Preferences page:

User Preferences

Report Handling Options

Non-critical, but possibly interesting options for more technical users. Report copies, confirmation dialog selection.

Change Email address or name

Change your display name and email address

Change Password

Make it a good one, and change it frequently.

Add Fuel

SpamCop service is metered by the byte. Fill up here when you run low. Or just buy fuel to donate money to this worthy cause!

Estimate Usage

Estimate price based on your SpamCop usage. How much do you pay to use SpamCop?

Each of the five subtitles above are clickable links on that page. Perhaps you didn't quite make it to the Preferences page? Once you've logged in, it's at this address:

http://www.spamcop.net/mcgi?action=prefmenu

DT

[Wazoo]

I cannot find "Add Fuel" on the page. I've even searched the page with the "find" in IE to make sure I was not missing the words.

Not knowing what else you did or did not see .. based on previous problems with "I can't find it anywhere" issues .. I'm going to take a stab that you managed to sign up for an ISP account (again?) .... For instance, your 'logged-in' www.spamcop.net page would contain a "paste-your-spam-in-the-box" thing abount mid-screen. If I'm guessing right, you're not seeing this big box. If all this is true, suggestion would be to sign up again for a free-reporting account, but use a different e-mail address ...(noting that you may have to work around the cookies you've now got in place ..??)

[WebZm]

Not knowing what else you did or did not see .. based on previous problems with "I can't find it anywhere" issues .. I'm going to take a stab that you managed to sign up for an ISP account (again?) ....  For instance, your 'logged-in' www.spamcop.net page would contain a "paste-your-spam-in-the-box" thing abount mid-screen.  If I'm guessing right, you're not seeing this big box.  If all this is true, suggestion would be to sign up again for a free-reporting account, but use a different e-mail address ...(noting that you may have to work around the cookies you've now got in place ..??)

29678[/snapback]

That was it, My original account was an ISP account.

I've created a new one and can see the "Add fuel".

Thanks,