Jump to content
Sign in to follow this  
Frank

Help with more Info and a Few Questions

Recommended Posts

One of my clients (I host websites on 4 different servers) has informed me the server he uses for mail is on the SpamCop black list. I noticed that it said this server has been listed 6 times in the last 127 days and I have only known about three. My other three mail servers haven't been listed on SpamCop.

  • I would like to get information not only on this instance of why we were added but also on the other instances so I can research and see if it is the same user is causing all of the problems (it wasn't the same user the first two times I checked into it).
  • I would also like to know if there is some sort of service I can sign up for to be notified when someone (either one of your spam traps or a live person) has reported spam being sent from our server so I can investigate it and kill the problem before it gets to the point where massive amounts of spam is sent out and also my server gets listed on your black list.

I think the service you provide is awesome and I want to try and help any way I can. I apologize if I missed something and shouldn't have posted this question but I looked around and didn't see where I could pull the above info about the spam Lists or any info on joining a "notification" list.

Any help is greatly appreciated.

Share this post


Link to post
Share on other sites

Not sure how you might have missed all the links placed that lead one to a version of the SpamCop FAQ .. the Start Here thing on the front page leads to a listing of several resources .... the How to post a question link on the entry page to most Forum sections does point out that for any kind of an attempt at a specific answer on a specific issue, some specific data needs to be provided, in this case, the IP address of the server in question. In the SpamCop FAQ found as links at the top of every page here, under the section Help for abuse-desks and administrators is a link titled How can I get SpamCop reports about my network? which would seem to answer your second question.

but I looked around and didn't see where I could pull the above info

You have no idea how much this remark frustrates me, in that I have no idea how to make that data more "visible" .... and noting that there are calls to remove a number of these links as they clutter up the screen. Yet another query made as to how to place these FAQs and instructional items such that someone "looking around" does actually find them .... please, please offer up a clue ....

Share this post


Link to post
Share on other sites

I apologize for not leaving my IP address. That is one piece of information that I thought I originally posted but obviously I left it out. The IP address in question is 69.93.36.161.

I was on your site for almost a hour before I posted this information. The first place I looked was on the Blocking List page under the More information for report recipients and I didn't see the link to sign up for (probably because I was looking for a way to gather specific information about the violations).

I also clicked on the login tab where I thought I would find a link to register a new account but unless again I overlooked/misread something on that page there is no link to sign up.

Truthfully if you want my opinion (I am not sure if the last sentence was meant to be a insult or you were sincerely asking for it) your website (along with the forums) has tons of information about your services which is great but I think you have too much listed for someone to read over ALL of it and not miss one important piece of the puzzle.

I have admitted it was my fault and even apologized before I was done posting if I missed something I needed but yet I still get what I feel is a condescending remark (again I could be mistaken... it is almost 1:00AM here) from an employee (even if you are just a volunteer) of a company that I am a "client" of. I realize you probably deal with these questions all day long and the answer is staring them right in the face but it is still not a way to answer to someone who is asking a question.

Share this post


Link to post
Share on other sites
I was on your site for almost a hour before I posted this information.  The first place I looked was on the Blocking List page under the More information for report recipients and I didn't see the link to sign up for (probably because I was looking for a way to gather specific information about the violations).

No idea what site is being described here, though might assume www.spamcop.net ....???? The years of complaints about the FAQ there led to a bit of a hack here that has resulted in the single-page access point to that same FAQ plus additional content. Complaints about the size of that led to a beginning on the SCFAQ ... An attempt at an 'easy' starting pont with links and answers was started at a Portal Page .. additional links and Pinned items have been placed throughout this Forum. But the suspicions remain, your "hour" was spent on the side of the system that are only accesible by less than a handful of people as far as making changes, updating, adding, etc. And just a small repeat, those pages have been complained about for years.

I also clicked on the login tab where I thought I would find a link to register a new account but unless again I overlooked/misread something on that page there is no link to sign up.

Pretty much a repeat of the above. Signing up for a Reporting account, an e-mail account, an ISP account are all there, but finding them has been the issue, thus all these other attempts at trying to present that same data.

Truthfully if you want my opinion (I am not sure if the last sentence was meant to be a insult or you were sincerely asking for it)

I have yet to understand why people get ticked when asked a simple question about trying to resolve an issue. As above, I have tried several mothods in trying to put the data up so it can be seen, found, sometimes even understood, yet ..... and when asked what it is that is still missing, this "I'm insulted" things keeps coming up.

your website (along with the forums) has tons of information about your services which is great but I think you have too much listed for someone to read over ALL of it and not miss one important piece of the puzzle.

As above, I and fellow Moderators, other users, etc. can only influence the data found "here" .... Please contact those few folks involved as the paid staff to complain about "their" web-page.

I have admitted it was my fault and even apologized before I was done posting if I missed something I needed but yet I still get what I feel is a condescending remark (again I could be mistaken... it is almost 1:00AM here) from an employee (even if you are just a volunteer) of a company that I am a "client" of.  I realize you probably deal with these questions all day long and the answer is staring them right in the face but it is still not a way to answer to someone who is asking a question.

40016[/snapback]

Once again, you raise an issue, I ask for help in resolving it, and you take umbrage. Absurd. Yes, I understand that you would have no knowledge of any/all of this background, but you're the one that once again brought up the infamous "I looked all over but couldn't find ..." scenario. I am trying to figure out just how that's possible. Pinned items, Bold text, links, pointers, Google search, multiple forms of data content, display, and tools ... and the same statement gets made tonight (and yes, it's after 0200 here, banging on code for yet aother tool for someone to find answers in) .... how the he** does "please, please offer up a clue" get translated into being an insult?

Share this post


Link to post
Share on other sites

http://www.spamcop.net/w3m?action=checkblock&ip=69.93.36.161

69.93.36.161 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam about 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

In the past 127.5 days, it has been listed 6 times for a total of 6.8 days

IP address got listed for both complaints and spamtrap hits.

http://www.senderbase.org/?searchBy=ipaddr...ng=69.93.36.161

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 3.6 .. -28%

Last 30 days ... 3.4 .. -51%

Average ......... 3.7

Not your typical "spammer took over the server" numbers.

However, the ownership of the server may be a but questionable ....

Network Owner THEPLANET.COM INTERNET SERVICES

Domain myhostserver.com

Date of first message seen from this address 2004-01-24

CIDR range 69.93.0.0/17

# of domains controlled by this network owner 7578

As it stands rght now, complaints would go to:

Parsing input: 69.93.36.161

host 69.93.36.161 = server1.myhostserver.com (cached)

Routing details for 69.93.36.161

[refresh/show] Cached whois for 69.93.36.161 : abuse[at]theplanet.com

Using abuse net on abuse[at]theplanet.com

$ whois 69.93.36.161[at]whois.arin.net

[whois.arin.net]

OrgName: ThePlanet.com Internet Services, Inc.

OrgID: TPCM

Address: 1333 North Stemmons Freeway

Address: Suite 110

City: Dallas

StateProv: TX

PostalCode: 75207

Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 69.93.0.0 - 69.93.255.255

CIDR: 69.93.0.0/16

NetName: NETBLK-THEPLANET-BLK-9

NetHandle: NET-69-93-0-0-1

Parent: NET-69-0-0-0-0

NetType: Direct Allocation

NameServer: NS1.THEPLANET.COM

NameServer: NS2.THEPLANET.COM

Comment:

RegDate: 2003-11-19

Updated: 2004-03-15

RTechHandle: PP46-ARIN

RTechName: Pathos, Peter

RTechPhone: +1-214-782-7800

RTechEmail: adimns[at]theplanet.com

OrgAbuseHandle: ABUSE271-ARIN

OrgAbuseName: Abuse

OrgAbusePhone: +1-214-782-7802

OrgAbuseEmail: abuse[at]theplanet.com

This doesn't quite easily match your "my servers" description. Do you in fact "own" those servers or are they being shared by other "thePlanet" customers, thereby placing "your customers" at the mercy of the actions and results caused by people that are not "your customers" ...?????

Share this post


Link to post
Share on other sites

Like you said most of the time looking around was spent on the SpamCop website. I did scan through some of the FAQ's listed in your forums but I didn't take enough time to realize it was better laid out then the FAQ's listed on the main page.

I think this is a simple case of "text lacks tone". When I first read your post it seemed IMO at the time your "tone" was condenscending, which is why I responded the way I did.

The "I looked all over and couldn't find it" remark probably could have been better stated.

--------------------

We do not personally own the server but we do not share it with The Planet. We pay a monthly fee for them to provide a dedicated server on their network. They give us a certain number of dedicated IP addresses with each server that is strictly used for our business and not shared with The Planet or any of their other clients.

We sell Shared and also Reseller hosting. That specific server hosts our reselling clients which is why the host name is myhostserver.com. It provides them with a little more anonymity when there clients go looking around to see if they are hosted on a shared server or if they "own" the server they are on.

Share this post


Link to post
Share on other sites

neither http://www.senderbase.org/?sb=1&searchBy=o...osting%2C%20LLC

or http://www.senderbase.org/?sb=1&searchBy=d...ontrasthost.com list the IP address in question. Just kind of interesting compared to your 'other three" with no problem.

However, the data seen at http://www.senderbase.org/?sb=1&searchBy=d...yhostserver.com seems to raise a question, especially when compared to data in the previous response.

Volume Statistics for this Domain

Magnitude Vol Change vs. 30 Day

Last day ......... 4.1 .. 398%

Last 30 days ... 3.4

Most of the IP address data pages show traffic as falling, so I'm not sure at all what's behind the increase depicted here.

Share this post


Link to post
Share on other sites

I am not sure what to do at this point.

We have currently dropped off of the "waiting list" but if we can't figure out the mails info that put us on this list there is no way to stop it from continuing to happen.

Anyway I can do that (I have already emailed the client but not sure when he will get back to me)?

Share this post


Link to post
Share on other sites
I am not sure what to do at this point.

We have currently dropped off of the "waiting list" but if we can't figure out the mails info that put us on this list there is no way to stop it from continuing to happen.

40021[/snapback]

Hi Frank,

Those of us who have paid-up accounts are able to access the report history. Does this help?

Report History:

Submitted: Fri, 03 Feb 2006 12:24:16 GMT:

Oi, espero que leia o meu e-mail.

    * 1645517446 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Fri, 03 Feb 2006 12:24:07 GMT:

Oi, espero que leia o meu e-mail.

    * 1645507069 ( 69.93.36.161 ) To: spamcop[at]imaphost.com

    * 1645507051 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Fri, 03 Feb 2006 10:05:19 GMT:

Oi, espero que leia o meu e-mail.

    * 1645390398 ( http://ewebdealer.com/.filez/fotos/user193/foto... ) To: abuse[at]bluetowerhosting.com

    * 1645390376 ( 69.93.36.161 ) To: spamcop[at]imaphost.com

    * 1645390344 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Fri, 03 Feb 2006 05:10:03 GMT:

Oi, espero que leia o meu e-mail.

    * 1645144690 ( http://ewebdealer.com/.filez/fotos/user193/foto... ) To: abuse[at]bluetowerhosting.com

    * 1645144687 ( 69.93.36.161 ) To: spamcop[at]imaphost.com

    * 1645144681 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Thu, 02 Feb 2006 16:10:31 GMT:

Oi, espero que leia o meu e-mail.

    * 1644536005 ( http://ewebdealer.com/.filez/fotos/user193/foto... ) To: abuse[at]bluetowerhosting.com

    * 1644535980 ( 69.93.36.161 ) To: spamcop[at]imaphost.com

    * 1644535955 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Thu, 02 Feb 2006 15:49:05 GMT:

Oi, espero que leia o meu e-mail.

    * 1644496559 ( 69.93.36.161 ) To: spamcop[at]imaphost.com

    * 1644496516 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Sun, 29 Jan 2006 19:01:06 GMT:

Oi, espero que leia o meu e-mail.

    * 1639935549 ( http://www.conartel.gov.ec/fotos/user193/foto_2... ) To: jcastill[at]gye.satnet.net

    * 1639935525 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Sun, 29 Jan 2006 12:37:47 GMT:

Marcela lhe enviou uma musica.

    * 1639581414 ( http://www.conartel.gov.ec/terra/cpm22_um_minut... ) To: jcastill[at]gye.satnet.net

    * 1639581413 ( 69.93.36.161 ) To: abuse[at]theplanet.com

Submitted: Sun, 29 Jan 2006 10:52:20 GMT:

Oi, espero que leia o meu e-mail.

    * 1639497788 ( http://www.conartel.gov.ec/fotos/user193/foto_2... ) To: jcastill[at]gye.satnet.net

    * 1639497787 ( 69.93.36.161 ) To: spamcop[at]imaphost.com

    * 1639497786 ( 69.93.36.161 ) To: abuse[at]theplanet.com

It would seem that one of your clients is sending mail to people who have not requested it. Mailing list issue?

Edit: there are two pages of reports with this same subject, then two older reports of pump-and-dump scams.

Edited by Derek T

Share this post


Link to post
Share on other sites
I would also like to know if there is some sort of service I can sign up for to be notified when someone (either one of your spam traps or a live person) has reported spam being sent from our server so I can investigate it and kill the problem before it gets to the point where massive amounts of spam is sent out and also my server gets listed on your black list.

40014[/snapback]

Other parts of your question seem to have been answered. I will address this one.

In order to get the default reports you need to be the registered owner of the IP in the whois records. That means getting theplanet to register you as the admin of those IP's. The current routing for abuse messages for the mentioned IP address is:

Reports routes for 69.93.36.161:

routeid:17912559 69.93.0.0 - 69.93.255.255 to:abuse[at]theplanet.com

Administrator found from whois records

You may also be able to sign up for an ISP type account with spamcop and in there setup which IP's you want reports for.

The spamtraps are different in that no reports are sent. You will need to contact deputes[at]spamcop.net for more information on those reports.

For more information, click the SpamCop FAQ link at the top of this page. Toward the top there is a "Jump To Section Links ->" area with a link Help for abuse-desks and administrators. The top of that section has a link to the original SpamCop FAQ of the same name: SpamCop FAQ : Help for abuse-desks and administrators. Both these pages (Original SpamCop FAQ and the expanded forum version) have links to more specific answers, including: How can I get SpamCop reports about my network? and How do I register an abuse[at] email address?.

Both of those should help you along with the other links on those pages.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×