Jump to content
Sign in to follow this  
Gridironcoach

Help - I've been blacklisted

Recommended Posts

If you look here: http://www.spamcop.net/w3m?action=checkblo...=209.239.45.101

You'll see that the machine in question has been sending to spamtraps.

If this machine is solely your it looks like it's been compromised.

If this machine is used to host multiple users, or handle mail from multiple people then it appears that the provider has a spammer on their network.

The IP will be removed about 48 hours after the most recent spam report.

Share this post


Link to post
Share on other sites

Hi Dan,

This is the current status of your IP address:

209.239.45.101 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 110 times by about 10 users. It has been sending mail consistently for at least 22.9 days. In the past 744.4 days, it has been listed 6 times for a total of 25.4 days

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been detected sending mail to spam traps

Been witnessed sending mail about 310 times

Other hosts in this "neighborhood" with spam reports:

209.239.45.15

209.239.46.38

209.239.46.39

A sample sent sometime during the 24 hours beginning Sat, 24 Jan 2004 00:00:00 UTC:

Received: from - ([209.239.45.101]) by -.-.com ([-.-.-.-45]) with -

Sat, - Jan 2004 - -

Subject: - you win -

From: bk.. at ..g.com

It has clearly been in recent use by spammer(s).

Others will be able to give you more advice, but if this is a mail server shared with other users I would suggest that you contact the owner of the mail server and ask them to deal urgently with the spammers who are abusing their service. The block will be removed 48 hours after the last spam report. If this is your own mail server, you may have open relay or other configuration problems that allow spammers to make use of your server without your knowledge - the FAQs on the www.spamcop.net Web site will provide more information.

Share this post


Link to post
Share on other sites

I've been out of town for the past 5 days and there is no way any emails have been sent from my system. So are you saying that I'm sharing the Mail server?

Thanks

Dan

Share this post


Link to post
Share on other sites
I've been out of town for the past 5 days and there is no way any emails have been sent from my system. So are you saying that I'm sharing the Mail server?

I really don't know. Only you and/or your ISP can answer that question. I'm guessing that since the reverse lookup of the IP is host100.apollohosting.com that it's a shared server. You'll want to call your ISP and ask them why they are allowing people to spam from their network.

Edited by Chris Parker

Share this post


Link to post
Share on other sites
I've been out of town for the past 5 days and there is no way any emails have been sent from my system. So are you saying that I'm sharing the Mail server?

Do you send your email via a mail server provided by your ISP? If so, this will almost certainly be shared with other email users, some of whom are in the habit of sending spam.

(I don't know your level of technical knowledge so it's difficult to ask the right questions - sorry if I am not helping.)

Share this post


Link to post
Share on other sites
I just confirmed with Apollo that the Mail Servers are shared and they are going to look into why it is being abused. Should I change hosting company's???

That is of course your only recourse if they don't fix the problem fast (except using an email account that doesn't depend on that mail server, e.g. a hotmail one). Your ISP's reaction so far sounds encouraging, though.

Let us know if we can help further.

All the best

Mandy

Share this post


Link to post
Share on other sites
I don't know what you are saying is "unlikely", but I know for certain that Earthlink's mail server got hit by that virus yesterday because I was on the phone with my domain support because I wasn't getting e-mails. They explained that they got hit by the virus and mail would be backed up for a while.

Unlikely that this listing has anything to due with viruses.

Publishing my business name as a spammer when it isn't is a legal matter. That is called defamatory libel. I do understand the issues, as they pertain to me.

Spamcop has not published your business name as a spammer. Spamcop has published a list of IP addresses that people have complained about.

Restricting my access is yet another matter.

Spamcop has not restricted your access to anything. Mail admins have chosen to consult the spamcop blocklist. *They* have restricted your access to their mail server. You can contact them by phone, snail mail, fax, or from a different email address and ask them to whitelist that particular Earthlink server.

If the virus/worm keeps replicating in my name, I will be blacklisted into infinity + 48 hours. Does anyone get what this problem is????

This listing does not appear to have anything to do with virus activity. Spamcop does not look at the from addresses is messages.

The listing is because Earthlink has configured that particular mail server is such a way that *anyone* in the world can send spam from it.

This listing issue is not about *you*. It's about Earthlink allowing anyone to send spam from that machine who wants to.

I'm just someone trying to do my business (legitimately) and communicate with a friend who is traveling in Israel.

I don't think that anyone is is doubting that. You may wish to use a hotmail, yahoo, or other webmail account until Earthlink secures their server.

Share this post


Link to post
Share on other sites
According to my hosting compay (Apollo) they do NOT show any spamming occuring over the past 48 hours. They are waiting for a reply back from Spamcop.

Reports we sent to : abuse(at)alabanza.com

You may want to direct them here: http://www.spamcop.net/w3m?action=checkblo...=209.239.45.101

Share this post


Link to post
Share on other sites
According to my hosting compay (Apollo) they do NOT show any spamming occuring over the past 48 hours. They are waiting for a reply back from Spamcop.

Not sure who they may be contacting, but based on data posted by Mandy Shaw a bit ago, the first conjectured problem is that e-mail has been hitting "spamtraps", so no, spam complaints may not have been sent to your ISP. If your ISP was to send data to one of the Deputy or Admin addresses that includes the IP in question,

they may be able to take a look at the spamtrap data and verify that things are what they seem. That said, the IP wil remain listed until the spam stops hitting those addresses or one of the SpamCop Admins decides that there's something else going on.

Edited by Wazoo

Share this post


Link to post
Share on other sites

Response for IP 209.239.45.101

there is spam being sent thru this IP -- it may be a machine behind your nat that has a worm/viurs; it may be the machine on the blocked IP -- it may also be an insecure formmail cgi scri_pt. You can write to me at deputies[at]admin.spamcop.net where I can share a bit more information with you.

Share this post


Link to post
Share on other sites
Apparently I'm sending my email through my mail-server [at](www.GridironPublications) which is hosted at Apollo. I'm not sending the email through my ISP.

OK, change my "ISP" to read "Host" .... but, I see Ellen has already responded also, giving you an address for further data submission ....

Share this post


Link to post
Share on other sites

Hey there

My ISP is 216.65.3.236 (I think)

Anyways my Hotmail seemingly is okay, I can send and receive. However I also use www.another.com for e-mail and I can send but all e-mail to it gets blocked. Is this down to another.com? they are changing a few things around so things may be messing up but recently no messages have been getting few bar one of the times I tried.

Share this post


Link to post
Share on other sites

My ISP is 216.65.3.236 (I think)

Anyways my Hotmail seemingly is okay, I can send and receive.  However I also use www.another.com for e-mail and I can send but all e-mail to it gets blocked.  Is this down to another.com?  they are changing a few things around so things may be messing up but recently no messages have been getting few bar one of the times I tried.

I have no idea what the IP you posted is supposed to represent. I see that it's part of a good sized allocation of numbers to an outfit called Maxim, our of Fremont, CA. Is this "your" IP, your e-mail server IP, ... hey, I'm not going to try to guess.

And as for so many thousands of others, your HotMail account works. Not sure what bearing that has on anything.

"www.another.com" - ??? appaerntly some web-based e-mail thing?

Gads, took a look ... what a load of ...????

Your query states that "all mail TO" this place is blocked. For anyone to take a guess, you're going to have to provide some clue as to how you figure that this is happening. If you're not seeing any incoming, what makes you think that there is any incoming?

Yes, based on the words you've used to ask your question, I haven't a clue why you'd be asking in a SpamCop Forum why some other web-based e-mail server (?) is not receiving "any" e-mail. Yes, you need to go take it up with whoever runs "another.com" ....

Share this post


Link to post
Share on other sites
Please see the "Pinned: FAQ Entry: Why is my email blocked?" Topic at http://forum.spamcop.net/forums/index.php?showtopic=35 for more information.

Thanks!

Ok, one response pointing to the Help "icon" to have a question answered. And now you're doing repeated "Look at the FAQ", even though there is only the one, and it's in BOLD letters at the very top of the Forum listing ... yet another suggestion for a separate "Forum" section, probably with FAQ spelled out completely?

Share this post


Link to post
Share on other sites
I just confirmed with Apollo that the Mail Servers are shared and they are going to look into why it is being abused. Should I change hosting company's???

Your host doesn't have too bad of a record considering how long it's been around. Every host is going to attract spammers from time to time and Apollohosting doesn't seem to harbor spammers. n.a.n-a.sightings only shows 133 hits spread out over a 3+ year period. Soime spammers can generate that many 'sightings' in a day or two.

However, according to the SC evidence page at The SpamCop Evidence Page for 209.239.45.101

209.239.45.101 has been listed about 26 days during the last 745 days. That's an average of a little less than 2 weeks per year so you can probably expect occasional brief listings in the future if you stay with them.

You could probably do a little better elsewhere but there are no guarantees you will, and you could easily do a lot worse. I'd suggest staying where you are unless you know something you're not saying.

If your email is time sensitive you should probably find an alternate method of transmission for use as a backup. It's a good idea for anyone in business to have alternatives planned out before they need them.

In addition to being useful during the brief periods your host might be listed with SC it's a good idea in case your host's server goes down, or if bad weather (like a tornado), a natural disaster or act of terrorism takes their server off line.

If your email isn't time sensitive you might just use the time to sit back, relax, and take a deserved rest and send the email a day or two later.

Share this post


Link to post
Share on other sites
yet another suggestion for a separate "Forum" section, probably with FAQ spelled out completely?

I understand your frustration, but JT has not chosen that option or anything similar yet. Please be patient. Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×