Jump to content
Sign in to follow this  
ScottMayo

Blacklisted, No idea why, harming my business

Recommended Posts

I don't spam. I hate spam. I email my customers when they email me. I suspect one of them (I can't prove it) has been cheerfully accepting my email and responding, but then quietly categorizing my email as spam - and as a result my emails are getting bounced all over the country.

I want to know who reported me as a spammer so I can make sure I never send him an email again - or if this whole thing is a huge mistake on spamcop's part, I need it cleaned up ASAP. This is doing measurable harm to my audio business - I have customers who think I'm ignoring them, and I am losing sales. I NEED THIS FIXED.

I've submitted several web forms to spamcop - no reply. Every time I look, it claims the ban will be lifted in a few hours, but it never is, and the number of hours leaps up again. The count of spam reports is not going up (it seems to think there were two incidents).

Here's an example of a bounce (customer name x'd out):

The original message was received at Wed, 24 May 2006 19:35:50 -0400

from localhost.localdomain [127.0.0.1]

----- The following addresses had permanent fatal errors -----

<xxxxxxxx[at]cayuse.net>

(reason: 550-Message rejected because ensimrhel02.net1plus.com

[66.205.79.5]:45034 is)

----- Transcript of session follows -----

... while talking to cayuse.net.:

>>> DATA

<<< 550-Message rejected because ensimrhel02.net1plus.com [66.205.79.5]:45034 is

<<< 550-blacklisted at bl.spamcop.net see Blocked - see

<<< 550 http://www.spamcop.net/bl.shtml?66.205.79.5

550 5.1.1 <xxxxxxxxx[at]cayuse.net>... User unknown

<<< 503 valid RCPT command must precede DATA

Share this post


Link to post
Share on other sites
I want to know who reported me as a spammer so I can make sure I never send him an email again - or if this whole thing is a huge mistake on spamcop's part, I need it cleaned up ASAP. This is doing measurable harm to my audio business - I have customers who think I'm ignoring them, and I am losing sales. I NEED THIS FIXED.

Wecome to the forum and thanks for providing the reject message.

I suspect that you do not run your own mail-server but are sharing it.

Someone behind that IP (probably not yopu) is probably trojanned. Whatever the reason there is a colossal amount of spam coming from that server.

Report on IP address: 66.205.79.5

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 4.7 1893%

Last 30 days 3.8 144%

Average 3.4

That equates to about 100,000 spams per day.

You should contact your mail-service providor and ask them what they are doinf to control the spam from that server and why they are not giving you the service you pay for.

While you wait for a reply yopumight like to peruse the FAQs we try to put in your way before posting and come back with anything you don't understand. No-one is accusing you of spamming, but you are sending ypour mail out through a VERY spammy server at present.

Share this post


Link to post
Share on other sites
I suspect that you do not run your own mail-server but are sharing it.

...

You should contact your mail-service providor and ask them what they are doinf to control the spam from that server and why they are not giving you the service you pay for....

Thanks. Just called my ISP, they are giving me a sing and dance about how they don't think they can change what email server I'm attached to, so here I am with a DSL line tying me to an ISP, an ISP that is scratching their heads, and folk telling me to use a different email account - as if I want my business email showing up with a yahoo address. This really, really sucks.

Actually I'm a little confused about this. Most folk in my area have DSL or cable connections to an ISP. I can't believe the ISP has no idea whose generating 100,000 email a day - it's got to be possible to "follow the wire back" and get right to the source, and shut it down. How it is that ISPs DON'T know where they are getting flooded from? Why isn't anyone sending that kind of volume automatically shut down?

Share this post


Link to post
Share on other sites
Actually I'm a little confused about this. Most folk in my area have DSL or cable connections to an ISP. I can't believe the ISP has no idea whose generating 100,000 email a day - it's got to be possible to "follow the wire back" and get right to the source, and shut it down. How it is that ISPs DON'T know where they are getting flooded from? Why isn't anyone sending that kind of volume automatically shut down?

All VERY good questions! If the ISP has its mail-server configured properly then SpamCop traces right back to the originationg compuer. E.g. if I submit a test mail from myself to spamcop it is MY IP address (not my ISP's) that is identified as the source. Basically, it seems you have a clueless ISP. Your dollar, your rules. The ISP, if it can be arsed, can examine its logs and find out who is responsible and 'pull the plug'. If it can't be arsed then you can draw your own conclusions!

Share this post


Link to post
Share on other sites
>>> DATA

<<< 550-Message rejected because ensimrhel02.net1plus.com [66.205.79.5]:45034 is

<<< 550-blacklisted at bl.spamcop.net see Blocked - see

<<< 550 http://www.spamcop.net/bl.shtml?66.205.79.5

550 5.1.1 <xxxxxxxxx[at]cayuse.net>... User unknown

<<< 503 valid RCPT command must precede DATA

More information from the link you provided:

66.205.79.5 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 23 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam about 10 times in the past week

So not only have there been human reports (the part that allows paying customers access to those is having problems) but that server has also sent email to addresses that have never been used to send email, so could not have requested any in return. You seem to be on the right thrack with your ISP, but they don't see very interested in helping.

Share this post


Link to post
Share on other sites

If the ISP has its mail-server configured properly then SpamCop traces right back to the originating computer. E.g. if I submit a test mail from myself to SpamCop it is MY IP address (not my ISP's) that is identified as the source.

Derek T is "bang on" your ISP has it's email server misconfigured and is not logging in the email headers the Source IP of the computer that is sending the spam

Example of how a Source IP is detected with a properly configured email server

http://www.spamcop.net/sc?id=z954372779zccd9c25447bb065338ed20eb5b48aabaz

In this example it is my Computers IP (210.50.143.20) detected and SpamCop would, only after telling my ISP, block my computer (Not my ISP's email server) This message was sent through hotmail Note how spamcop optionally sends Abuse Reports to third parties

If the only IP listed by an incompetent provider is their email server it (after sending a great many abuse reports, more than would be sent by SpamCop for a single computer) It will eventually by listed by our SpamCop Members SCBL

Do not automatically accept an ISP's compulsory email address

Consider using a state of art SpamCop Email Address

Share this post


Link to post
Share on other sites
Thanks. Just called my ISP, they are giving me a sing and dance about how they don't think they can change what email server I'm attached to, so here I am with a DSL line tying me to an ISP, an ISP that is scratching their heads, and folk telling me to use a different email account - as if I want my business email showing up with a yahoo address. This really, really sucks.

Hi Scott!

Most of the folk reading these forums find it hard to understand why the ISP wouldn't want to fix the problem since it will affect ALL their customers using this SMTP server to send Email.

However, you do have other options. You can still purchase your DSL connection from whomever is best for you and obtain outgoing mail service from alternative providers. Indeed you can run your own mail server to send mail but that may not be a good idea unless your ISP can offer you a fixed IP address. Guessing you are in the USA, I'll leave others to suggest companies that might be able to assist as I'm in the UK. But you do have options other than abandoning your DSL provider.

That said, if you have the option to find another ISP you may want to make a point and take your custom elsewhere.

Andrew

Share this post


Link to post
Share on other sites
Actually I'm a little confused about this. Most folk in my area have DSL or cable connections to an ISP. I can't believe the ISP has no idea whose generating 100,000 email a day - it's got to be possible to "follow the wire back" and get right to the source, and shut it down. How it is that ISPs DON'T know where they are getting flooded from? Why isn't anyone sending that kind of volume automatically shut down?

You are answering your question. A competent ISP knows, sometimes even before getting complaints to the abuse desk, that one of their customers has a problem. A responsible ISP does shut them down and helps them fix the problem.

Miss Betsy

Share this post


Link to post
Share on other sites

Still the spew goes on:

Report on IP address: 66.205.79.5

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 4.7 1532%

Last 30 days 3.9 153%

Average 3.5

and the delist counter keeps being re-set - back to 20 hours at the time of this post.

Any news of progress towards a resolution Scott?

Share this post


Link to post
Share on other sites

Sunday morning here in the UK and it looks like the problem has been resolved:

Report on IP address: 66.205.79.5

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day 3.2 -60%

Last 30 days 3.9 155%

Average 3.5

so either the ISP suddenly 'got a clue' and did something about it OR the infected computer has been switched off for the weekend. Let's see what happens tomorrow.

Two things still worry me about this ISP though: why doesn't it put the IP of the originating computer in the headers AND why are SpamCop reports being devnulled?

Share this post


Link to post
Share on other sites
The ISP, if it can be arsed, can examine its logs and find out who is responsible and 'pull the plug'. If it can't be arsed then you can draw your own conclusions!

OK. What I have here is a question of great cultural and linguistic significance.

I know (as a semiregular BOFH reader) that 'arsed' means 'bothered'. I know that arse is right-side-of-the-pond for 'ass.' So how did an innocent and hard working muscle mass get associated with 'bothered'? Enquiring left-siders with a lingering tendency to spell behavior as 'behaviour' (probably due to reading Tolkein and CSLewis as a child), really want to know.

(Obligatory SpamCop related content: My ISP did in fact shut down the spammer and I seem to be back to normal, so apparently they did trace back. So they say. SpamCop was slow to forgive, though. Monday is a national holiday over here, so I probably won't know if it's over 'til Tuesday.)

Share this post


Link to post
Share on other sites
... I know (as a semiregular BOFH reader) that 'arsed' means 'bothered'. I know that arse is right-side-of-the-pond for 'ass.' So how did an innocent and hard working muscle mass get associated with 'bothered'? ...
"Couldn't be arsed" is the half-arsed version of "I couldn't be bothered getting off my arse." Darn, now I need the obligatory SC-related content. Nah, can't be ...

Share this post


Link to post
Share on other sites

SpamCop was slow to forgive, though. Monday is a national holiday over here, so I probably won't know if it's over 'til Tuesday.)

"Spamcop" is a completely automated process which starts timing off the list after each subsequent report. Once the last report has been made, there is an amount of time for it to completely age off the list and then some additional time for all the mirrors to get updated. It can not be "slow to forgive" as it is all math based, either it fits the model for listing or it doesn't.

Share this post


Link to post
Share on other sites
OK. What I have here is a question of great cultural and linguistic significance.

I think has the same pedigree as 'pull your finger out' which has been around at least since the forces in WWII. It means pull your finger out of your backside and DO something.

SpamCop can be slow to de-list if the ISP has been slow to respond. It's a mathematical formula that involves things like offending again after delisting. Every fresh complaint re-sets the counter (fresh as in the time of transmission, not the time of complaint).

Share this post


Link to post
Share on other sites
SpamCop can be slow to de-list if the ISP has been slow to respond. It's a mathematical formula that involves things like offending again after delisting. Every fresh complaint re-sets the counter (fresh as in the time of transmission, not the time of complaint).

The ISP only accepts "unmunged" reports so many compliants it wouuld not be gettting

sent to abuse#net1plus.com[at]devnull.spamcop.net

many would be just bitbined and added to SpamCops statistics and SCBL

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×