Jump to content
Sign in to follow this  
matthewuw

blacklist threats, help!

Recommended Posts

Hi,

I am one of those people who hate spam. I use spamassasin on my webhost and am pretty happy with the reduction in spam.

Recently my web hosting company received a number of complaints about spam which the complainers associated with my hosting account (based on the ip of my domain). Of course the complaining party (in this case spamcop) threatened to blacklist the server I am on and my hosting company threatened to suspend my account.

Here is the problem for me. There are NO mailing lists on my server, NO formmail on my server, and only 2 email accounts on the server. One for my mom which she doesn't use, and one for me. I don't ever BCC lots of people. I know my computers have not been compromised by a virus and I know that my email account is secure because the password is changed regularly.

According to my host, they doubt that the spam was actually coming from my server, but believe that someone chose to spoof email addresses using my domain. Somehow that translated into my server being threated with a blacklist.

I am surely not as knowledgable about spam as people like spam cop and the aol spam police (the latter of which love to throw their weight around in regards to spam even though they are a huge culprit), however, i am clearly aware that spammers spoof email addresses and mail headers all the time. So given that this is public knowledge, why does spamcop assume that it is me that is sending the spam?

I have had to disable my domain, just unplugged it from my hosting company. This won't stop the spam of course because it wasn't coming from there in the first place. What happens now is that when there is a spam complaint about an email from someone at mydomain, they won't connect my domain with my hosting company and won't threaten to blacklist them.

Now as much as this sounds like a complaint, this is a real problem. The point of this post is to ask what i am i supposed to do in this situation. I am not at all at fault, but if i use my domain, then whatever hosting company it is attached to will get threatened by a blacklist. i get spoofed mail from *[at]microsoft.com or *[at]ebay.com all the time. surely they aren't getting blacklisted because it obviously isn't them. i just don't know what to do. i have this domain and i can't use it because some jerk-off out there is using it when they spoof email addresses.

Please advise, I really appreciate any help I can get on what i am supposed to do here.

Kind regards,

Matthew

Share this post


Link to post
Share on other sites

Before anyone can help you, you need to provide the IP address. If you read the FAQ at the top of the forum, it explains in more detail how spamcop's blocklist works and possible causes of IP addresses being listed.

However, spamcop only lists IP addresses that cannot be forged. It never threatens people; it simply sends a report that spam has been reported by a user as coming from that IP address. If there is a problem and it is not fixed and more people report that they have received spam from that IP address, then the IP address will be listed on a blocklist which other ISP's use to block spam to their customers. Responsible ISP's welcome spamcop reports so that they can stop any spammer who may have slipped onto their network.

There are not as many people who post on the weekends, but if you post your IP address (not your email address, but the IP address that looks 111.111.11.11), someone knowledgable will help discover what could have gone wrong. If you had a decent hosting company, they would also help you to discover what the problem is instead of just shutting you down.

Spammers have really ruined the internet for lots of people and made life much more difficult. Think of it as getting stuck in traffic because a reckless driver had an accident. Or that a careless backhoe operator cut your cable. Life's like that some days. But someone here who knows what they are doing will help. (I am just an end user so I am not much practical help).

Miss Betsy

Share this post


Link to post
Share on other sites

I'm having a similar problem

Dont yell at me please, i'm kinda new at this...

I have people sending me spam from my tld.

I'm getting all those spams, from horse porn to viruses, including those return to sender emails.

I cannot tell if those are real senders, but after contact with the "sender's" .edu admins, they sometimes tell me the account does not exist, or that the user does not seem to be sending out such mail. Like I said before, those emails come to my inbox as my_normal_email[at]addresss.tld but as management[at]my.tld

So, if i submit a spam report, will it end up blacklisting my ldt?

Or will you guys only blacklist those .edu senders?

I really dont feel like getting blacklisted for a report i submited, especially when someone else is the culprit.

Thanks in advance.

Courtney

Share this post


Link to post
Share on other sites

No one can assist you without any information. Please post the IP address of the server in question.

Share this post


Link to post
Share on other sites

Hi, Courtney!

I'm having a similar problem

Dont yell at me please, i'm kinda new at this...

I have people sending me spam from my tld.

...This is probably a dumb question but: what is a tld?

I'm getting all those spams, from horse porn to viruses, including those return to sender emails.

I cannot tell if those are real senders, but after contact with the "sender's" .edu admins, they sometimes tell me the account does not exist, or that the user does not seem to be sending out such mail. Like I said before, those emails come to my inbox as my_normal_email[at]addresss.tld but as management[at]my.tld

So, if i submit a spam report, will it end up blacklisting my ldt?

Or will you guys only blacklist those .edu senders?

I really dont feel like getting blacklisted for a report i submited, especially when someone else is the culprit.

Thanks in advance.

Courtney

...You may want to have a look at the Pinned and FAQ messages about what SpamCop is and how it works. A few of what I believe will be the most helpful to you are:

...If you still have questions after looking over these articles, please do come on back and ask here.

Edited by turetzsr

Share this post


Link to post
Share on other sites
Of course the complaining party (in this case spamcop) threatened to blacklist the server I am on

This sounds very much like the crap going around a year or so ago ... some lowlife masquerading as SpamCop ... SpamCop complaints / reports carry no "threat" notification ... basic message in a standard format advising the ISP of a specific incident tracked to a specific IP (or a website in some cases) ... Would you share a bit of this "threat" that you're describing? For example, did it come from a SpamCop server (probably a bad question this week, but I'm pretty sure JT's got that under control by now ..?)

Share this post


Link to post
Share on other sites
if i submit a spam report, will it end up blacklisting my ldt?

If your e-mail server is correctly configured, no ... but you're asking a hypothetical here ... as there's no way "we" can tell from this end .. you've not offered an IP address, no software list, no OS ... so, this is the best I can tell .. it shouldn't ... and as far as blocking, ".edu" has no bearing on anything, it's all done by the IP address of the offending server.

And no, the majority of the bounces you're talking about all include forged addresses .... we're all seeing / getting them .. if you look around in here, you'll see many others asking for help on this very subject.

Share this post


Link to post
Share on other sites

To Ishtar:

I hope you have read the items that Steve listed, but you may have more questions now.

The address that you get on the spam you receive is usually forged. There is a way to find out what IP address the spam came from (but not the email address).

The spamcop software does this automatically for you (and more accurately if you don't know how to read headers). Occasionally your ISP does not do your headers correctly and the spamcop parser(software) will stop at your IP address. However, if you read the reports and do not send a report to your ISP, you won't report them. You cannot report bounces and viruses with spamcop.

If what you are getting are bounces from spam sent to unused email addresses, spamcop can't help you. Usually the spammer will change to another email address after a while and you stop getting bounces. No one else who has the knowhow to block addresses would block yours because your email address is in the return path because forging the return path is common.

If you do have questions still, or want to learn how to use spamcop, come back here and ask them. Some of the regular posters still remember the first time we came to spamcop; others teach people about computers for a living.

Miss Betsy

Share this post


Link to post
Share on other sites
turetzsr .... tld = top level domain

...Thanks, Wazoo.

...And, unless you have a good reason to not do so, please refer to me as "Steve" (my name), not "turetzsr" (my user id).

Share this post


Link to post
Share on other sites

For years I've reported my spam to Spamcop. I hate spam!

And now I'm blacklisted myself! :ph34r:

I have the same probs as matthewuw and Ishtar.

I use IPS www.deheeg.nl where my domain www.schutters.net is hosted. Since this morning several ISP's refuse my email:

http://www.spamcop.net/bl.shtml?212.203.14.111

My ISP says the header given as example of my "spam" on the link mentioned above is not a header they use? Well great, but I'm in deep sh*t since my email gets refused.

My pc is free of virii and trojans AFAICS and no webmail used, no mailinglist used or mailscripts on my part of the serverspace.

I've read the pinned articles, but they do not bring me any further and it's too technical for English is not my native language :unsure:

What can I do next?

Thanx

Loex

Edited by Loex

Share this post


Link to post
Share on other sites

Since spamtraps are involved, possibly you are sending automatic "bounce" email messages. This has been a problem since the latest round of viruses.

You can email deputies at spamcop.net for help since the spamtraps are involved.

Miss Betsy

Share this post


Link to post
Share on other sites

Thank you very much Miss Betsy. I will take it up with the deputy.

Share this post


Link to post
Share on other sites
Of course the complaining party (in this case spamcop) threatened to blacklist the server I am on and my hosting company threatened to suspend my account.

SpamCop would not send threats. This is a spammer fraud tactic just report such frauds through SpamCops spam reporting to see where this rubbish is comming from.

SpamCop is a "BOT" that just tries to find the source IP of spam and blocks it automatically if "tripped"

If your computer is "SpyBot" free and secure with a firewall with no as in zero open proxies it cannot be hijacked. "SpyBot's" can be installed by anyone just by clicking a "*.exe" file

Windows by default hides extensions such as exe(?) and files are sent like flowers.JPG.exe and a user sees this as flowers.JPG (the exe is hidden)

It would help if you provided an IP or headers of offending email (you should mung email addresses it, replaced by (X) instead of xx[at]xx.xx )

Also read my sig

Edited by petzl

Share this post


Link to post
Share on other sites

well i forgot i posted this which is why i never came back with a response. happened to come across it on google.

i "re-attached" my domain to my hosting account have haven't been having any problems since....so who knows. nothing has been changed email wise, just the nameservers my domain is setup with that connect it to my hosting account.

don't know what the problem was other than what i told you and my server's ip won't help you this late in time. but i know that mail wasn't coming from my account/server but spamcop was still sending complaints to my hosting company about my account...

you say that you don't report any "unverified" spam ips...and i am absolutely positive it wasn't coming off my server...no formmail, mailing lists and only two accounts which it wasn't coming from. anyway, so something went wrong and it wasn't anything on my end but reports were issued. wish i had come back to this sooner so you could have checked the ip.

Share this post


Link to post
Share on other sites
you say that you don't report any "unverified" spam ips...and i am absolutely positive it wasn't coming off my server...no formmail, mailing lists and only two accounts which it wasn't coming from.  anyway, so something went wrong and it wasn't anything on my end but reports were issued.  wish i had come back to this sooner so you could have checked the ip.

17384[/snapback]

It's not too late. Post yout IP here, along with your OS, server details etc. and 'we' (or the deputies) will be able to help. If you are a victim of the SMTP/Auth hack rest assured that the spammers will be back and you will be listed again: help us to help you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×