Jump to content
Sign in to follow this  
hariador

Blacklisted via Spam Traps

Recommended Posts

Hello,

I was wondering if I could get some assistance in identifying messages that have hit some spam trap addresses causing our mail servers to be blacklisted.

First, some background information. I work for a company that provides spam filtering services to other companies. Part of that service also involves filtering the outbound traffic from customer for content and policy. Over the last few days our servers have started getting listed on spamcop.net.

We believe what is happening is that some of our customers are being sent messages with spoofed sender addresses, which we accept and then relay to the customer. The customer will then bounce the message for some reason, which will then be relayed back out through our servers, hit the spam trap and cause the listing. The other possible alternative is that one or more of our customers have virus infected computers which are sending out the messages.

The first scenario is more likely as we have tools and reports that we use to detect suspicious outbound traffic spikes from customers and spoofed outbound traffic through our network.

The problem that we are having is that without knowing what these spamtrap addresses are, there really is no way for us to pick out which messages are causing the problem and the trace them back to either the customer or the original sending IP address.

Below are the listed IP addresses, if a Moderator could contact me with any information regarding the messages that hit the spamtraps, I would really appricieate it. Thanks for your assistance and taking the time to read this.

Listed IP address

216.148.222.61

63.161.60.29

12.129.199.61

63.161.60.61

206.16.192.253

217.117.146.230

Jonathan Reichert

Network Operations Center

Exchange FrontBridge

Share this post


Link to post
Share on other sites

Hi, Jonathan,

...Sorry, only the SpamCop Deputies have access to detailed information about spam traps. Please send an e-mail to the Deputies at address deputies[at]spamcop.net and provide sufficient information to allow them to determine that you are a server admin responsible for the listed IPs.

...Good luck!

Share this post


Link to post
Share on other sites

Does not looks like you do this for the first time

start with:

http://www.spamcop.net/w3m?action=blcheck&ip=216.148.222.61

http://www.spamcop.net/w3m?action=blcheck&ip=12.129.199.61

(3 times blocked in only 11 days?)

you really have a 127.0.0.2 attitude

Senderbase:

http://www.senderbase.org/?searchBy=ipaddr...g=12.129.199.61

good job !

and even more fun at Google

http://groups.google.com/groups?scoring=d&...1+group:*abuse*

http://groups.google.com/groups?scoring=d&...1+group:*abuse*

You need some serious help, else this will for sure be noticed by other Blocklists and some of them are really difficult to get rid of their listings

Share this post


Link to post
Share on other sites
Hi, Jonathan,

...Sorry, only the SpamCop Deputies have access to detailed information about spam traps. Please send an e-mail to the Deputies at address deputies[at]spamcop.net and provide sufficient information to allow them to determine that you are a server admin responsible for the listed IPs.

...Good luck!

37467[/snapback]

Sorry, I misread a line from the FAQ, thought I saw an OR. I've sent an email to the deputies, thanks for the advise.

And yes, we do attempt to get our customers to handle bounces responsibly, but the sad fact of the matter is that a lot of companies have poor IT staff that really don't have any idea how to properly configure their mail servers.

Thanks

Share this post


Link to post
Share on other sites
...You also seem to have a much bigger problem than just hitting spam traps. For the first IP in your list, for example, please see Google search hits in abuse USENet newsgroups.

37473[/snapback]

No, this is pretty much exactly what I was talking about, a message to one of our customers, that they bounced back out through our network. Without direct control of the recipient mail servers, we unfortunaly cannot prevent this from happening in every case.

-Jon

Share this post


Link to post
Share on other sites
Does not looks like you do this for the first time

start with:

http://www.spamcop.net/w3m?action=blcheck&ip=216.148.222.61

http://www.spamcop.net/w3m?action=blcheck&ip=12.129.199.61

(3 times blocked in only 11 days?)

you really have a 127.0.0.2 attitude

Senderbase:

http://www.senderbase.org/?searchBy=ipaddr...g=12.129.199.61

good job !

and even more fun at Google

http://groups.google.com/groups?scoring=d&...1+group:*abuse*

http://groups.google.com/groups?scoring=d&...1+group:*abuse*

You need some serious help, else this will for sure be noticed by other Blocklists and some of them are really difficult to get rid of their listings

37474[/snapback]

No, this is certainly not the first time that we have been listed by spamcop, let alone by other blacklists. And yes, I have more than enough experience with how difficult it can be to get off other lists.

I am sort of confused by your "Good Job" comment with relation to senderbase however...

-Jon

Share this post


Link to post
Share on other sites
Hi, Jonathan,

...Sorry, only the SpamCop Deputies have access to detailed information about spam traps. Please send an e-mail to the Deputies

<snip>

Sorry, I misread a line from the FAQ, thought I saw an OR. I've sent an email to the deputies, thanks for the advise.

37475[/snapback]

...No problem! Glad I could help.
And yes, we do attempt to get our customers to handle bounces responsibly, but the sad fact of the matter is that a lot of companies have poor IT staff that really don't have any idea how to properly configure their mail servers.

37475[/snapback]

...Not to tell you how to run your business but ... I believe most people would conclude that what goes out over your servers is your responsibility and this is not an excuse that is likely to gain much sympathy. Have you considered contractually obligating your customers to act responsibly and to not abuse your servers (and, thereby, the rest of the internet and its users)? Thanks.

Share this post


Link to post
Share on other sites

I suggest that you and your contract lawyers create two classes of customers. The first class is responsible, doesn't send backscatter, uses most of your outgoing mailservers, and pays a lower rate. The second class is irresponsible, sends backscatter, uses one of your outgoing mailservers (that's already listed by the SCBL), pays a higher rate, and gets charged cleanup fees. That's if you even want to deal with the second class customers, and your ISP lets you.

Share this post


Link to post
Share on other sites
I suggest that you and your contract lawyers create two classes of customers.  The first class is responsible, doesn't send backscatter, uses most of your outgoing mail servers, and pays a lower rate.  The second class is irresponsible, sends backscatter, uses one of your outgoing mail servers (that's already listed by the SCBL), pays a higher rate, and gets charged cleanup fees.  That's if you even want to deal with the second class customers, and your ISP lets you.

37501[/snapback]

Edit: Post from frustrated Frontbridge customer retracted, SpamCop and FrontBridges issues apprear to be resolved....

Edited by mrtibsvideo

Share this post


Link to post
Share on other sites
Edit: Post from frustrated Frontbridge customer retracted, SpamCop and FrontBridges issues apprear to be resolved....

38256[/snapback]

Thanks, it was a bit of a rant and, as you will appreciate there was nothing to denigrate FrontBridge and their good netizens, in fact later discussion - of ways and means to avoid future inconvenience to the great majority who certainly do not deserve to suffer for their virtue - recognized the efforts they have made.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×