Jump to content
Sign in to follow this  
vwalton

[Resolved] Another innocent spam trap victim

Recommended Posts

Our server 216.219.126.101 keeps getting blocked due to email sent to spam traps. I am the administrator of this server, and this server does not spam, it does not allow relaying from anywhere outside our domain, send NDRs, or auto-reply to the internet. I do not have a virus. I am at my wit's end trying to find out what is causing this to be blacklisted by your service (and ONLY your service) 5 times in the past week. If I knew ANYTHING about the email that your spam trap caught I might be able to find the sender. Was it an NDR? Who sent it? What is the subject line? Please reply ASAP to help me find the cause of this problem.

Share this post


Link to post
Share on other sites

Your SenderBase statistics don't look good (546% over average). All 11-20 instances submitted to SpamCop were SpamTrap hits; there is no other Report History. Please see Why am I Blocked?.

Share this post


Link to post
Share on other sites

Sorry, but there are no 'innocent victim's of spamtraps. Spamtrap addresses have NEVER sent e-mail and therefore CAN NOT POSSIBLY have solicited any mail. All mail to spamtraps is, by definition, unsolicited. All IPs sending mail to them are, by definition, 'guilty' of sending unsolicited mail. That's why they are weighted heavily in the SpamCop algorithm.

An email to deputies[at]spamcop.net asking, in general terms, what sort of message is hitting the traps is the quickest way of getting a clue as to what is going wrong. We fellow-users have no access to the evidence.

Share this post


Link to post
Share on other sites

Expertcity.com, the company assigned to that IP has a long history of ABUSE, that doesn't bode with your assertion that SpamCop is your only problem.

Share this post


Link to post
Share on other sites
Expertcity.com, the company assigned to that IP has a long history of ABUSE, that doesn't bode with your assertion that SpamCop is your only problem.

40509[/snapback]

I wouldn't call 7 posts to ABUSE since 8/2003 a very damning history. I have written to the deputies but they have not replied - I was hoping someone from spamcop might be monitoring this forum and could help me out. If someone in my organization is spamming in violation of our policies, I need to know who it is and stop it - isn't that the point of spamcop?? If it is an NDR or virus or God knows what, I'd like to get to the bottom of that as well.

As for innocence, in one of spamcop's own FAQs there is the statement "If the blocklist only lists spamtraps, then the likely culprits are auto-responders or misdirected bounces..." Auto-responders and NDRs are not wise, but they are not spam - they are victims of spammers with spoofed reply-to addresses.

Share this post


Link to post
Share on other sites
As for innocence, in one of spamcop's own FAQs there is the statement "If the blocklist only lists spamtraps, then the likely culprits are auto-responders or misdirected bounces..."  Auto-responders and NDRs are not wise, but they are not spam - they are victims of spammers with spoofed reply-to addresses.

40512[/snapback]

Like the Austrians were victims of the Nazis. Right.

As far as I am concerned, and many others too, they are spam because they are unsolicited. Spammers have spoilt it for everyone. There is absolutley no excuse for allowing new mails to spoofed return envelopes in this millennium. Reject with a 5xx at the time of the SMTP trandaction or forever hold your peace.

Share this post


Link to post
Share on other sites
I wouldn't call 7 posts to ABUSE since 8/2003 a very damning history.

40512[/snapback]

...It could be the tip of the iceberg, since many spam victims simply delete their spam (or, worse, reply!) without complaining to anyone.
I have written to the deputies but they have not replied - I was hoping someone from spamcop might be monitoring this forum and could help me out.

40512[/snapback]

...You appear to understand that most of us who frequent these forums are just SpamCop users, not employees (thanks). The Deputies sometimes get overloaded and aren't able to reply for a day or three. If it starts to get near a week without a reply from them, please try again -- sometimes e-mail to them gets "lost" or, since they are human, they might accidentally overlook it.
If someone in my organization is spamming in violation of our policies, I need to know who it is and stop it - isn't that the point of spamcop??  If it is an NDR or virus or God knows what, I'd like to get to the bottom of that as well.

40512[/snapback]

...Thank you for taking this seriously. Unfortunately, it would be self-defeating to make the information you need public, that's why the apparent bureaucracy.
As for innocence, in one of spamcop's own FAQs there is the statement "If the blocklist only lists spamtraps, then the likely culprits are auto-responders or misdirected bounces..."  Auto-responders and NDRs are not wise, but they are not spam - they are victims of spammers with spoofed reply-to addresses.

40512[/snapback]

...Answered by others (although somewhat overzealously, IMHO). Since server admins can stop such blowback, they should. If they don't, and the autoresponders and NDRs go to people (or spam traps) who didn't send the original e-mail (because their e-mail addresses are forged in the "From" address), then it's considered spam here and reportable as such.

Share this post


Link to post
Share on other sites
Answered by others (although somewhat overzealously, IMHO). Since server admins can stop such blowback, they should. If they don't, and the autoresponders and NDRs go to people (or spam traps) who didn't send the original e-mail (because their e-mail addresses are forged in the "From" address), then it's considered spam here and reportable as such.

40516[/snapback]

Thanks for your reply and thanks to the deputy who replied to my earlier email. We found the answer: someone out there in the world apparently didn't like an answer they got from our customer service department and put their email address in at least one Yahoo group. A spammer sent an email with a forged "From" address to this group, a server in our customer service department POP3'd the message from my server, and in the interest of better customer service, auto-replied. Unfortunately this auto-reply ended up in the spam trap. NONE of this was spam-related OTHER than the spam that we received and (incorrectly I admit) auto-replied to.

Share this post


Link to post
Share on other sites
Thanks for your reply ...

40517[/snapback]

...You're quite welcome!
... and thanks to the deputy who replied to my earlier email.  We found the answer: someone out there in the world apparently didn't like an answer they got from our customer service department and put their email address in at least one Yahoo group.  A spammer sent an email with a forged "From" address to this group, a server in our customer service department POP3'd the message from my server, and in the interest of better customer service, auto-replied.  Unfortunately this auto-reply ended up in the spam trap.  NONE of this was spam-related OTHER than the spam that we received and (incorrectly I admit) auto-replied to.

40517[/snapback]

...Thanks for taking the time to return and post the result. Based on this information, I shall mark this thread "resolved."

Share this post


Link to post
Share on other sites
Thanks for your reply and thanks to the deputy who replied to my earlier email.  We found the answer: someone out there in the world apparently didn't like an answer they got from our customer service department and put their email address in at least one Yahoo group.  A spammer sent an email with a forged "From" address to this group, a server in our customer service department POP3'd the message from my server, and in the interest of better customer service, auto-replied.  Unfortunately this auto-reply ended up in the spam trap.  NONE of this was spam-related OTHER than the spam that we received and (incorrectly I admit) auto-replied to.

40517[/snapback]

Appreciate the feedback. However, I'm really trying hard to follow that a single e-mail would tip the scales into a SpamCopDNSBL listing.

Share this post


Link to post
Share on other sites

You know as well as I do that it wouldn't.

Just a nice way to bow out of the thread so no one will dig any deeper.

I believe the following apply:

Rule #1: Spammers lie.

Russel's Admonition: Always assume that there is a measurable chance that the entity you are dealing with is a spammer.

Lexical Contradiction: Spammers will redefine any term in order to disguise their abuse of Internet resources.

Sharp's Corollary: Spammers attempt to re-define "spamming" as that which they do not do.

Rule #2: If a spammer seems to be telling the truth, see Rule #1.

Crissman's Corollary: A spammer, when caught, blames his victims.

Rule #3: Spammers are stupid.

Krueger's Corollary: Spammer lies are really stupid.

Pickett's Commentary: Spammer lies are boring.

Russell's Corollary: Never underestimate the stupidity of spammers.

Spinosa's Corollary: Spammers assume everybody is more stupid than themselves.

Spammer's Standard of Discourse: Threats and intimidation trump facts and logic.

Share this post


Link to post
Share on other sites

Hey Merlyn

Autoreplying, although spam if it auto-replies to spam, is not quite the same as 'spammers lie.'

There probably should be another corollary for those who think their emails should never be blocked - even if they are annoying the rest of the internet with their autoreplies and 'fake bounce' messages to spam.

Sample adjectives: selfish, egotistical, annoying, irresponsible, me-first, whining, careless, ignorant for a start.

Miss Betsy

Share this post


Link to post
Share on other sites

Merlyn, I posted that google first and their reply was that 6 pages represented only 7 complaints...Rather silly, no one picked up on that..(the clickable ABUSE)

Expertcity.com, the company assigned to that IP has a long history of ABUSE, that doesn't bode with your assertion that SpamCop is your only problem.

40509[/snapback]

Edited by dra007

Share this post


Link to post
Share on other sites

Sorry, missed it.

I have a problem with this company as I tried to get off their mailing list a very long time ago and the crap never stopped so they made our block lists and I might add that they lost a lot of business because many people asked me about them and I let them know what I thought.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×