Spamcop does enlist innocents

[simonlange]

Dear Developers and responsible Administrators of SpamCop,

we have a problem with you. Usually we do like AntiSpam Systems, thats why we use since years several machanisms (recpt verify, sender verify, spf, no relay but for authed and own domains, blacklists, ...).

But sum Blacklists dont do their job correctly.

FIRST; i think you agree that it is important that no IPs should be enlisted where is no evidence.

SECOND; you may agree also to the fact that it is not the ISPs job to read the mails of his customers (btw: it is forbidden by law)

this gives us:

IF someone "reports" spam, before YOU enlist any IPs (and disturbing by this our business by publishing wrong unproven information), its YOUR job - at least - to:

- contact or forward the evidence to the postmaster/hostmaster or at least to the abuse contact email enlisted in the ROLE for the network (e.g. RIPE).

- coorperate with the postmasters u blaim!

Now something from the reality u practice:

suddenly we did get aware that our main mailserver was enlisted (84.254.70.21) for sumthing u call "trap", what ever YOU understand by that.

You did NOT notify us about the enlistment.

You did NOT give us any evidence or samples what where when has been done by who.

As far as we know there is no spam send by us at any time. If u have other information - notify us AND send us copies of ur "evidence". Just logical, since WE need those to put it down to ONE person whoever was it. However, right now our Statement is that we never sent out any spam.

WE DO ONLY relay for OUR domains

WE USE for ALL domains SPF

WE USE blacklists

ONLY AUTHED customers may send mails

ALL MAILS are filtered by hourly updating viruswalls

ALL MAILS are processed by spamassassin

ALL MAILS (incoming and outgoing) are checked for correct and valid envelope-from

No Offense, but meanwhile we get really upset since this is a repeating event every year. We expect to be informed and getting all neccessary evidence which helps US (not YOU) to investigate potential spammers.

best regards

Simon

PS: postmaster[at]polynaturedesign.com hostmaster[at]polynaturedesign.com or just abuse[at]polynaturedesign.com if you cant use whois

[dra007]

You appear to have posted in the wrong section. You have not spent a millisecond trying to understand what spamTRAPS are, the answer can be found in the FAQ's provided. A moderator may or may not move this to the appropriate section so you get some answers to your queries. Remember, this is a peer to peer support group, in addition no evidence can be provided in regard to spam-traps, they are secret and kept that way because spammers have abused that knowledge in the past. Hope you will do your homework. Good luck.

In case you don't find the search engine at the top of front page, click on the following:

spam-TRAP

[simonlange]

You appear to have posted in the wrong section. You have not spent a millisecond trying to understand what spamTRAPS are, the answer can be found in the FAQ's provided. A moderator may or may not move this to the appropriate section so you get some answers to your queries. Remember, this is a peer to peer support group, in addition no evidence can be provided in regard to spam-traps, they are secret and kept that way because spammers have abused that knowledge in the past. Hope you will do your homework. Good luck.

38668[/snapback]

then tell me which is the RIGHT section... i could not find any "discussion" board for ISPs, complaining about mistakes of SpamCop

i DONT have to try understand our spamTRAPS, since they are UR biz and not mine. but nice to see that you dont have any clue of ISP biz and usual human behaviour. you could have at least answered by questions since i got seceral points but u have none.

When there is no evidence for spam-traps they are not evidence at all and no IPs shall be enlisted when there is nothing more as this. If u must make a secret of ur evidence our whole concept is wrong. I dont think u do understand how mtas do work and how ISP and lawsuits work. ALL WE can do is to run the mailservers secure. they ARE secure. we CANNOT read customers mails. even spamassassin is a greyzone, but we use it anyway.

I DID my homework but spamcop didnt. otherwise they wouldnt had enlist us in the past.

seems spamcop need sum pracitce in democracy. everyone is innocent until its proven they are guilty. well, we never saw any evidence, we were never notified, we were never heard before being enlisted... maybe spamcop should work in china and chasing students...

Simon

[Jeff G.]

84.254.70.21 is not listed by the SCBL. You probably waited too long before posting.

WHOIS data for 84.254.70.21 follows:

12/30/05 10:25:10 whois 84.254.70.21[at]whois.ripe.net

whois -h whois.ripe.net 84.254.70.21 ...

% This is the RIPE Whois query server #2.

% The objects are in RPSL format.

%

% Note: the default output of the RIPE Whois server

% is changed. Your tools may need to be adjusted. See

% http://www.ripe.net/db/news/abuse-proposal-20050331.html

% for more details.

%

% Rights restricted by copyright.

% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.

%      To receive output for a database update, use the "-B" flag

% Information related to '84.254.70.0 - 84.254.70.255'

inetnum:      84.254.70.0 - 84.254.70.255

netname:      HOST-MEDIA-Germany

descr:        Host-Media Internet Colocation Services

descr:        located in Frankfurt, GERMANY

country:      DE

admin-c:      SGR10-RIPE

tech-c:      SGR10-RIPE

status:      ASSIGNED PA

mnt-by:      MNT-HOST-MEDIA

source:      RIPE # Filtered

person:      Sebastian Grund

address:      Host-Media.de

address:      Im Dorfband 43

address:      65428 Rüsselsheim

address:      GERMANY

fax-no:      +49 6142 7389972

remarks:      Professional Internet Colocation

mnt-by:      MNT-HOST-MEDIA

phone:        +49 6142 7389971

nic-hdl:      SGR10-RIPE

source:      RIPE # Filtered

% Information related to '84.254.64.0/18AS34039'

route:        84.254.64.0/18

descr:        Host-Media

origin:      AS34039

mnt-by:      MNT-HOST-MEDIA

source:      RIPE # Filtered

Note the distinct lack of an email address.

Please see Spamtrap for more information about Spamtraps and how they operate.

You posted this Topic in the "Geek/Tech Things" Forum. I have moved it to the correct Forum, "SpamCop Blocklist Help".

[agsteele]

then tell me which is the RIGHT section... i could not find any "discussion" board for ISPs, complaining about mistakes of SpamCop

i DONT have to try understand our spamTRAPS, since they are UR biz and not mine. but nice to see that you dont have any clue of ISP biz and usual human behaviour. you could have at least answered by questions since i got seceral points but u have none.

When there is no evidence for spam-traps they are not evidence at all and no IPs shall be enlisted when there is nothing more as this.

38671[/snapback]

Simon,

Perhaps an Admin for the forums will move the discussion to a better location. The Geek/Tech forum really isn't the best but it isn't obvious which forum might be better - perhaps the Lounge.

dra007 pointed you to a discussion which highlighted the use of spam Traps. Sure, you aren't obliged to understand spam Traps, but if you don't take the option to read what was offered you will not have discovered that the evidence you request can be obtained by sending a request to: deputies<at>admin.spamcop.net

Because spam Traps are 'hidden' mailboxes that are never used to send Email, anything they receive is, by definition, unsolicited and therefore spam. If you have users sending messages to spam traps then they are spamming. To keep these addresses confidential the 'evidence' is not released publicly. hence the link to the spam Trap discussion which would have allowed you to request the evidence you require.

One of the most common causes of spam Trap listings is the misconfiguration of auto-responders. See http://www.spamcop.net/fom-serve/cache/329.html

FWIW, your mail server is not currently listed in the SpamCop BL.

Andrew

ps. As I typed the Admins have moved the discussion to a better location - thanks.

[simonlange]

84.254.70.21 is not listed by the SCBL.  You probably waited too long before posting.

WHOIS data for 84.254.70.21 follows:Note the distinct lack of an email address.

Please see Spamtrap for more information about Spamtraps and how they operate.

You posted this Topic in the "Geek/Tech Things" Forum.  I have moved it to the correct Forum, "SpamCop Blocklist Help".

38672[/snapback]

well,

Registrant:
PolyNature Design
   c/o Simon Lange Neuetorstrasse 17
   Lueneburg, NDS 21339
   DE

   Domain Name: POLYNATUREDESIGN.COM

   Administrative Contact:
      Lange, Simon              hostmaster[at]POLYNATUREDESIGN.COM
      PolyNature Design
      c/o Simon Lange
      Lueneburger Str 15
      Voegelsen, NDS 21360
      DE
      +49-4131-220121 fax: +49-4131-52205

   Technical Contact:
      PolyNature Design         hostmaster[at]POLYNATUREDESIGN.COM
      c/o Simon Lange Neuetorstrasse 17
      Lueneburg, NDS 21339
      DE
      +49 4131 225660 fax: +49 4131 225661

   Record expires on 06-May-2012.
   Record created on 06-May-1999.
   Database last updated on 30-Dec-2005 10:37:43 EST.

   Domain servers in listed order:

   SRV1.POLYNATUREDESIGN.COM    84.254.70.21
   SRV2.POLYNATUREDESIGN.COM    84.254.70.11

should work, at least finding mx server for sending mail and not lookin for a mx for the host srv1

however, i do still expect ur apologies since we never did send any spam and therefore we should NOT be enlisted. sending bounces is comon ISP work and respect to several RFCs. since we DONT bounce to wrong envelopes (we do check them before accepting mails) its not our fault if domain owners dont use SPF... ban them if you want... if the envelopefrom ist existing (user does exist at domain's mta) we do accept the mail for processing with spamassassin. we are NOT allowed in germany to kill any mail - even tagged by spamassassin. its forbidden by law! since the mail is property of the sender and the receiver...

i dont make the rules - i just have to live with them

Simon

[agsteele]

however, i do still expect ur apologies since we never did send any spam and therefore we should NOT be enlisted. [snip]

i dont make the rules - i just have to live with them

38675[/snapback]

Simon,

You'll not get an apology in these forums - at least not in general. The support provided is peer-to-peer - by users. If you want to get an explanation and assistance you've been offered the appropriate Email address further up.

If the ISPs your users are sending Email to, wish to use the SpamCop block list to reject incoming mail then that is their choice. Misdirected bounces and auto-responders are a major problem shifting the pain of spam onto generally innocent third-parties. I commend the latest, best practice for auto-responders as mentioned above to you.

Andrew

[SpamHater]

This morning I also found out that our server is blocked in hard way: I got some email rejected. Spamcop reported spam trap. It also provides enough information to find out what it is. It also explaines that trap is usualy activated by spam sent by trojans/viruses directly to spamcop triggers and not via mail servers.

At first I ws upset about spam cop since I am sure that our mail server is secure and cannot be used to send spam that easily, especialy, that we have hard antispam policy enforced toward our users and it is hardly likely that any of them would spam with intention.

You have option to ask to unblock your IP, and if you proove that you are administrator responsible for that IP, spamcop admins will even provide you log about trapped spamming attempts.

I followed their instructions and in short time I got information what was trapped and god clues how toprevent it in future.

I am pretty sure you may do the same. Your mail server is probabbly secured, but if your users have access to SMTP servers all over the world, then it is possible they created spam which you are not awareof and you cannot control in any other manner but to block outgoing SMTP connections for your users.

[Jeff G.]

I'm sorry that I didn't get to your post quickly enough while your IP Address was still listed by the SCBL. Your best option at this point is to write to the SpamCop Deputies via deputies[at]spamcop.net requesting more specific categorization of the problem behind the email message(s) sent to the SpamCop Spamtrap(s) by your server(s). Please do not expect complete headers for such (an) email message(s).

Regarding your other server's IP Address:

ISP does not wish to receive report regarding 84.254.70.11

ISP does not wish to receive reports regarding 84.254.70.11 - no date available

Would you care to explain that? Thanks!

[Merlyn]

however, i do still expect ur apologies since we never did send any spam and therefore we should NOT be enlisted.

No apologies are necessary since you DID send spam to addresses that never requested it.

sending bounces is comon ISP work and respect  to several RFCs. since we DONT bounce to wrong envelopes (we do check them before accepting mails)

Then bounce during the smtp transaction using a 5xx error instead of accepting email and the sending it back to someone who never sent it.

its not our fault if domain owners dont use SPF... ban them if you want...

No, but it is your fault for sending junk back to people who never sent it to begin with.

if the envelopefrom ist existing (user does exist at domain's mta) we do accept the mail for processing with spamassassin. we are NOT allowed in germany to kill any mail - even tagged by spamassassin. its forbidden by law! since the mail is property of the sender and the receiver...

You do what you have to do and we block what we have to block.

i dont make the rules - i just have to live with them

That is very sad for the people receiving junk from your server that never sent or requested it. You should apologize to those people.