matthewuw Posted March 6, 2004 Share Posted March 6, 2004 Hi, I am one of those people who hate spam. I use spamassasin on my webhost and am pretty happy with the reduction in spam. Recently my web hosting company received a number of complaints about spam which the complainers associated with my hosting account (based on the ip of my domain). Of course the complaining party (in this case spamcop) threatened to blacklist the server I am on and my hosting company threatened to suspend my account. Here is the problem for me. There are NO mailing lists on my server, NO formmail on my server, and only 2 email accounts on the server. One for my mom which she doesn't use, and one for me. I don't ever BCC lots of people. I know my computers have not been compromised by a virus and I know that my email account is secure because the password is changed regularly. According to my host, they doubt that the spam was actually coming from my server, but believe that someone chose to spoof email addresses using my domain. Somehow that translated into my server being threated with a blacklist. I am surely not as knowledgable about spam as people like spam cop and the aol spam police (the latter of which love to throw their weight around in regards to spam even though they are a huge culprit), however, i am clearly aware that spammers spoof email addresses and mail headers all the time. So given that this is public knowledge, why does spamcop assume that it is me that is sending the spam? I have had to disable my domain, just unplugged it from my hosting company. This won't stop the spam of course because it wasn't coming from there in the first place. What happens now is that when there is a spam complaint about an email from someone at mydomain, they won't connect my domain with my hosting company and won't threaten to blacklist them. Now as much as this sounds like a complaint, this is a real problem. The point of this post is to ask what i am i supposed to do in this situation. I am not at all at fault, but if i use my domain, then whatever hosting company it is attached to will get threatened by a blacklist. i get spoofed mail from *[at]microsoft.com or *[at]ebay.com all the time. surely they aren't getting blacklisted because it obviously isn't them. i just don't know what to do. i have this domain and i can't use it because some jerk-off out there is using it when they spoof email addresses. Please advise, I really appreciate any help I can get on what i am supposed to do here. Kind regards, Matthew Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 6, 2004 Share Posted March 6, 2004 Before anyone can help you, you need to provide the IP address. If you read the FAQ at the top of the forum, it explains in more detail how spamcop's blocklist works and possible causes of IP addresses being listed. However, spamcop only lists IP addresses that cannot be forged. It never threatens people; it simply sends a report that spam has been reported by a user as coming from that IP address. If there is a problem and it is not fixed and more people report that they have received spam from that IP address, then the IP address will be listed on a blocklist which other ISP's use to block spam to their customers. Responsible ISP's welcome spamcop reports so that they can stop any spammer who may have slipped onto their network. There are not as many people who post on the weekends, but if you post your IP address (not your email address, but the IP address that looks 111.111.11.11), someone knowledgable will help discover what could have gone wrong. If you had a decent hosting company, they would also help you to discover what the problem is instead of just shutting you down. Spammers have really ruined the internet for lots of people and made life much more difficult. Think of it as getting stuck in traffic because a reckless driver had an accident. Or that a careless backhoe operator cut your cable. Life's like that some days. But someone here who knows what they are doing will help. (I am just an end user so I am not much practical help). Miss Betsy Link to comment Share on other sites More sharing options...
ishtar Posted March 6, 2004 Share Posted March 6, 2004 I'm having a similar problem Dont yell at me please, i'm kinda new at this... I have people sending me spam from my tld. I'm getting all those spams, from horse porn to viruses, including those return to sender emails. I cannot tell if those are real senders, but after contact with the "sender's" .edu admins, they sometimes tell me the account does not exist, or that the user does not seem to be sending out such mail. Like I said before, those emails come to my inbox as my_normal_email[at]addresss.tld but as management[at]my.tld So, if i submit a spam report, will it end up blacklisting my ldt? Or will you guys only blacklist those .edu senders? I really dont feel like getting blacklisted for a report i submited, especially when someone else is the culprit. Thanks in advance. Courtney Link to comment Share on other sites More sharing options...
Merlyn Posted March 6, 2004 Share Posted March 6, 2004 No one can assist you without any information. Please post the IP address of the server in question. Link to comment Share on other sites More sharing options...
turetzsr Posted March 6, 2004 Share Posted March 6, 2004 Hi, Courtney! I'm having a similar problem Dont yell at me please, i'm kinda new at this... I have people sending me spam from my tld. ...This is probably a dumb question but: what is a tld? I'm getting all those spams, from horse porn to viruses, including those return to sender emails. I cannot tell if those are real senders, but after contact with the "sender's" .edu admins, they sometimes tell me the account does not exist, or that the user does not seem to be sending out such mail. Like I said before, those emails come to my inbox as my_normal_email[at]addresss.tld but as management[at]my.tld So, if i submit a spam report, will it end up blacklisting my ldt? Or will you guys only blacklist those .edu senders? I really dont feel like getting blacklisted for a report i submited, especially when someone else is the culprit. Thanks in advance. Courtney ...You may want to have a look at the Pinned and FAQ messages about what SpamCop is and how it works. A few of what I believe will be the most helpful to you are: Pinned: FAQ Entry: Why am I getting all these bounces? Pinned: FAQ Entry: Why is my email blocked? My web site got terminated/threatened because of SpamCop, but I did not send the spam. What's the big idea? The Net Abuse Jargon File ...If you still have questions after looking over these articles, please do come on back and ask here. Link to comment Share on other sites More sharing options...
Wazoo Posted March 6, 2004 Share Posted March 6, 2004 Of course the complaining party (in this case spamcop) threatened to blacklist the server I am on This sounds very much like the crap going around a year or so ago ... some lowlife masquerading as SpamCop ... SpamCop complaints / reports carry no "threat" notification ... basic message in a standard format advising the ISP of a specific incident tracked to a specific IP (or a website in some cases) ... Would you share a bit of this "threat" that you're describing? For example, did it come from a SpamCop server (probably a bad question this week, but I'm pretty sure JT's got that under control by now ..?) Link to comment Share on other sites More sharing options...
Wazoo Posted March 6, 2004 Share Posted March 6, 2004 if i submit a spam report, will it end up blacklisting my ldt? If your e-mail server is correctly configured, no ... but you're asking a hypothetical here ... as there's no way "we" can tell from this end .. you've not offered an IP address, no software list, no OS ... so, this is the best I can tell .. it shouldn't ... and as far as blocking, ".edu" has no bearing on anything, it's all done by the IP address of the offending server. And no, the majority of the bounces you're talking about all include forged addresses .... we're all seeing / getting them .. if you look around in here, you'll see many others asking for help on this very subject. Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 6, 2004 Share Posted March 6, 2004 To Ishtar: I hope you have read the items that Steve listed, but you may have more questions now. The address that you get on the spam you receive is usually forged. There is a way to find out what IP address the spam came from (but not the email address). The spamcop software does this automatically for you (and more accurately if you don't know how to read headers). Occasionally your ISP does not do your headers correctly and the spamcop parser(software) will stop at your IP address. However, if you read the reports and do not send a report to your ISP, you won't report them. You cannot report bounces and viruses with spamcop. If what you are getting are bounces from spam sent to unused email addresses, spamcop can't help you. Usually the spammer will change to another email address after a while and you stop getting bounces. No one else who has the knowhow to block addresses would block yours because your email address is in the return path because forging the return path is common. If you do have questions still, or want to learn how to use spamcop, come back here and ask them. Some of the regular posters still remember the first time we came to spamcop; others teach people about computers for a living. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted March 6, 2004 Share Posted March 6, 2004 turetzsr .... tld = top level domain Link to comment Share on other sites More sharing options...
turetzsr Posted March 8, 2004 Share Posted March 8, 2004 turetzsr .... tld = top level domain ...Thanks, Wazoo. ...And, unless you have a good reason to not do so, please refer to me as "Steve" (my name), not "turetzsr" (my user id). Link to comment Share on other sites More sharing options...
Loex Posted March 9, 2004 Share Posted March 9, 2004 For years I've reported my spam to Spamcop. I hate spam! And now I'm blacklisted myself! I have the same probs as matthewuw and Ishtar. I use IPS www.deheeg.nl where my domain www.schutters.net is hosted. Since this morning several ISP's refuse my email: http://www.spamcop.net/bl.shtml?212.203.14.111 My ISP says the header given as example of my "spam" on the link mentioned above is not a header they use? Well great, but I'm in deep sh*t since my email gets refused. My pc is free of virii and trojans AFAICS and no webmail used, no mailinglist used or mailscripts on my part of the serverspace. I've read the pinned articles, but they do not bring me any further and it's too technical for English is not my native language What can I do next? Thanx Loex Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 9, 2004 Share Posted March 9, 2004 Since spamtraps are involved, possibly you are sending automatic "bounce" email messages. This has been a problem since the latest round of viruses. You can email deputies at spamcop.net for help since the spamtraps are involved. Miss Betsy Link to comment Share on other sites More sharing options...
Loex Posted March 9, 2004 Share Posted March 9, 2004 Thank you very much Miss Betsy. I will take it up with the deputy. Link to comment Share on other sites More sharing options...
petzl Posted March 10, 2004 Share Posted March 10, 2004 Of course the complaining party (in this case spamcop) threatened to blacklist the server I am on and my hosting company threatened to suspend my account. SpamCop would not send threats. This is a spammer fraud tactic just report such frauds through SpamCops spam reporting to see where this rubbish is comming from. SpamCop is a "BOT" that just tries to find the source IP of spam and blocks it automatically if "tripped" If your computer is "SpyBot" free and secure with a firewall with no as in zero open proxies it cannot be hijacked. "SpyBot's" can be installed by anyone just by clicking a "*.exe" file Windows by default hides extensions such as exe(?) and files are sent like flowers.JPG.exe and a user sees this as flowers.JPG (the exe is hidden) It would help if you provided an IP or headers of offending email (you should mung email addresses it, replaced by (X) instead of xx[at]xx.xx ) Also read my sig Link to comment Share on other sites More sharing options...
matthewuw Posted September 19, 2004 Author Share Posted September 19, 2004 well i forgot i posted this which is why i never came back with a response. happened to come across it on google. i "re-attached" my domain to my hosting account have haven't been having any problems since....so who knows. nothing has been changed email wise, just the nameservers my domain is setup with that connect it to my hosting account. don't know what the problem was other than what i told you and my server's ip won't help you this late in time. but i know that mail wasn't coming from my account/server but spamcop was still sending complaints to my hosting company about my account... you say that you don't report any "unverified" spam ips...and i am absolutely positive it wasn't coming off my server...no formmail, mailing lists and only two accounts which it wasn't coming from. anyway, so something went wrong and it wasn't anything on my end but reports were issued. wish i had come back to this sooner so you could have checked the ip. Link to comment Share on other sites More sharing options...
Derek T Posted September 20, 2004 Share Posted September 20, 2004 you say that you don't report any "unverified" spam ips...and i am absolutely positive it wasn't coming off my server...no formmail, mailing lists and only two accounts which it wasn't coming from. anyway, so something went wrong and it wasn't anything on my end but reports were issued. wish i had come back to this sooner so you could have checked the ip. 17384[/snapback] It's not too late. Post yout IP here, along with your OS, server details etc. and 'we' (or the deputies) will be able to help. If you are a victim of the SMTP/Auth hack rest assured that the spammers will be back and you will be listed again: help us to help you. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.