How can our Mailserver block be removed immediatly??

[hhlaw]

Hello,

We are a law firm using email server services of lunarpages.com. During the last week we have greatly suffered from our emails being returned due to spamcop blocking and are not recieving emails although we know the people are sending them to us. The blocking was removed after couple of days but now it returned

Our domain is hh-law.co.il

We are obvisouly not spammers and spamcop are causing us enormous damages.

We require your advice regarding parmently remove us from any kind of spamcop listings and verifying that problem will not return. We will appreciate your immediate reply.

I can be contacted via my office email (the blocked one) - tal.p[at]hh-law.co.il or my personal mail at ta_per[at]hotmail.com.

attached is an example to a blocking message we've recieved:

From: Mail Delivery System [mailto:Mailer-Daemon[at]gioho.lunarpages.com]

Sent: Monday, August 28, 2006 10:12 AM

To: amos.hacmun[at]hh-law.co.il

Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

kobyc[at]chaos2000.co.il

SMTP error from remote mail server after RCPT

TO:<kobyc[at]chaos2000.co.il>:

host mailin.barak.net.il [212.150.49.2]: 530 5.7.1 Blocked - see

http://www.spamcop.net/bl.shtml?216.193.248.183:

kobyc[at]chaos2000.co.il

------ This is a copy of the message, including all the headers. ------

Return-path: <amos.hacmun[at]hh-law.co.il>

Received: from [192.116.245.75] (helo=Amosh)

by gioho.lunarpages.com with esmtpa (Exim 4.52)

id 1GHcED-0005Bu-9V

for kobyc[at]chaos2000.co.il; Mon, 28 Aug 2006 01:12:19 -0700

Reply-To: <amos.hacmun[at]hh-law.co.il>

From: "Amos Hacmun, Adv." <amos.hacmun[at]hh-law.co.il>

To: "'Koby Cohen'" <kobyc[at]chaos2000.co.il>

Subject: FW: Chaos - H&O

Date: Mon, 28 Aug 2006 11:21:36 +0200

Organization: Heskia - Hacmun Law Firm

MIME-Version: 1.0

Content-Type: multipart/related;

boundary="----=_NextPart_000_001A_01C6CA94.24755E40"

X-Mailer: Microsoft Office Outlook, Build 11.0.6353

X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2962

Thread-index: AcbJ+nNlaavgY7uySEyyV7+vuNSWOQAfzLxQAAJsBjA=

This is a multi-part message in MIME format.

[agsteele]

I presume you have followed the link you provided which reveals the following:

Causes of listing

	* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems
(these factors do not directly result in spamcop listing)

	* DNS error: 216.193.248.183 is gioho.lunarpages.com but gioho.lunarpages.com has no DNS information

Because of the above problems, express-delisting is not available

Checking the reports it is evident that the mail server is bouncing undeliverable message reports and these are what are causing the listings. See http://www.spamcop.net/fom-serve/cache/329.html for more information.

You should work with your ISP or your Email manager if you run the server yourselves to turn off message bouncing.

Additionally the ISP does not accept notification of problem reports which means that you and they will not be getting the advanced warning of a problem.

ISP does not wish to receive report regarding 216.193.248.183
ISP does not wish to receive reports regarding http://216.193.248.183/ - no date available

Because you are sharing this mail server with the other customers of lunarpages the listing may becaused by a completely different customer. You should work with lunarpages to resolve the problem, switch your mail service to another company, or run your own mail server so that you have full control and are not at the nercy of other Email users.

Andrew

[Wazoo]

The SpamCopDNSBL is "automatic" .. meaning that if an IP address is seen spewing bad e-mail in a noticeable proportion to good e-mail, it gets listed. When the spew stops, it gets de-listed. Explained in the SpamCop FAQ here, in the Pinned entry "Why am I Blocked?" ... among other places, to include the numerous previous posts/discussions within this Forum section alone.

http://www.spamcop.net/w3m?action=checkblo...216.193.248.183

216.193.248.183 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Additional potential problems

DNS error: 216.193.248.183 is gioho.lunarpages.com but gioho.lunarpages.com has no DNS information

http://www.senderbase.org/?searchBy=ipaddr...216.193.248.183

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ......... 3.7 .. -56%

Last 30 days ... 3.4 .. -75%

Average ......... 4.0

SenderBase's "Magnitude" Explained suggests 10-13 thousand e-mails a day. If all f these e-mails are not from your office, then you are apparently using a shared e-mail server. As stated, spamtrap hits do not generate a notification, but it is also seen that one of the ISP's (your immediate upstream) has decided to not receive any notifications anyway. Apparently, you're going to have to advise them that they have a problem.

The link you provided has entries dealing with Misdirected Bounces .... the SpamCop FAQ 'here' offers up more entries/explanation on "Why am I Blocked?" issues .....

Parsing input: 216.193.248.183

host 216.193.248.183 = gioho.lunarpages.com (cached)

host 216.193.248.183 = gioho.lunarpages.com (cached)

ISP does not wish to receive report regarding 216.193.248.183

ISP does not wish to receive reports regarding http://216.193.248.183/ - no date available

Routing details for 216.193.248.183

Cached whois for 216.193.248.183 : hostmaster[at]lunarpages.com abuse[at]mzima.net

Using abuse net on hostmaster[at]lunarpages.com

abuse net lunarpages.com = abuse[at]lunarpages.com

Using abuse net on abuse[at]mzima.net

abuse net mzima.net = abuse[at]mzima.net

Using best contacts abuse[at]mzima.net abuse[at]lunarpages.com

Reports routes for 216.193.248.183:

routeid:21423786 216.193.192.0 - 216.193.255.255 to:abuse[at]mzima.net

Administrator found from whois records

routeid:13110489 216.193.248.0 - 216.193.248.255 to:hostmaster[at]lunarpages.com

Administrator found from whois records

Removing old cache entries.

Tracking details

Display data:

"whois 216.193.248.183[at]whois.arin.net" (Getting contact from whois.arin.net )

checking NET-216-193-248-0-1

"whois NET-216-193-248-0-1[at]whois.arin.net" (Getting contact from whois.arin.net )

216.193.248.0 - 216.193.248.255:hostmaster[at]lunarpages.com

whois.arin.net contact: hostmaster[at]lunarpages.com

checking NET-216-193-192-0-1

"whois NET-216-193-192-0-1[at]whois.arin.net" (Getting contact from whois.arin.net )

Found AbuseEmail in whois abuse[at]mzima.net

216.193.192.0 - 216.193.255.255:abuse[at]mzima.net

Routing details for 216.193.248.183

Using abuse net on hostmaster[at]lunarpages.com

abuse net lunarpages.com = abuse[at]lunarpages.com

Using abuse net on abuse[at]mzima.net

abuse net mzima.net = abuse[at]mzima.net

Using best contacts abuse[at]mzima.net abuse[at]lunarpages.com

[Derek T]

The ISP you have chosen to provide important services and to whom you pay your firm's good money obviously doesn't give a damn about providing those services. I suggest you find one who does. But as Israel is a major source of spam and is home to the world's most notorious spammer, I don't know how easy that will be.

[dra007]

As pointed out, most reports are spamtrap hits, though peppered with an occasional phisher:

Report History:

--------------------------------------------------------------------------------

Submitted: Tuesday, August 22, 2006 2:22:17 AM -0400:

Mail delivery failed: returning message to sender

1886812104 ( 216.193.248.183 ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Saturday, August 19, 2006 9:23:44 PM -0400:

Mail delivery failed: returning message to sender

1883519889 ( 216.193.248.183 ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 5:40:18 PM -0400:

Mail delivery failed: returning message to sender

1879413504 ( 216.193.248.183 ) To: abuse[at]lunarpages.com

--------------------------------------------------------------------------------

Submitted: Wednesday, August 16, 2006 2:40:16 AM -0400:

[at]tonyawise.com

1878960776 ( 216.193.248.183 ) To: spamcop[at]imaphost.com

1878960763 ( http://www.tonyawise.com/ ) To: abuse[at]lunarpages.com

1878960751 ( 216.193.248.183 ) To: abuse[at]lunarpages.com

--------------------------------------------------------------------------------

Submitted: Monday, August 07, 2006 5:35:17 PM -0400:

Mail delivery failed: returning message to sender

1867986386 ( 216.193.248.183 ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, August 07, 2006 3:08:14 PM -0400:

Mail delivery failed: returning message to sender

1867857404 ( 216.193.248.183 ) To: uube[at]devnull.spamcop.net

----------------------------------------------------------------------------------

Submitted: Tuesday, July 18, 2006 7:11:01 PM -0400:

Account Suspension Warning

1842335452 ( http://200.86.73.84:84/paypal.wbscr.secureauthe... ) To: gerencia[at]vtr.cl

1842335450 ( http://200.86.73.84:84/paypal.wbscr.secureauthe... ) To: postmaster#vtr.cl[at]devnull.spamcop.net

1842335447 ( http://200.86.73.84:84/paypal.wbscr.secureauthe... ) To: lsoto[at]vtr.cl

1842335441 ( http://200.86.73.84:84/paypal.wbscr.secureauthe... ) To: dominios[at]vtr.cl

1842335433 ( 216.193.248.183 ) To: spamcop[at]imaphost.com

1842335426 ( 216.193.248.183 ) To: abuse[at]lunarpages.com

--------------------------------------------------------------------------------

Submitted: Friday, July 14, 2006 9:16:06 AM -0400:

Mail delivery failed: returning message to sender

1837124262 ( Forwarded spam ) To: [concealed user-defined recipient]

1837124242 ( 216.193.248.183 ) To: spamcop[at]imaphost.com

1837124217 ( 216.193.248.183 ) To: abuse[at]lunarpages.com

--------------------------------------------------------------------------------

Submitted: Wednesday, June 28, 2006 11:38:19 AM -0400:

Mail delivery failed: returning message to sender

1816778549 ( 216.193.248.183 ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, May 29, 2006 10:36:28 PM -0400:

1770620184 ( Forwarded spam ) To: [concealed user-defined recipient]

1770620178 ( 216.193.248.183 ) To: spamcop[at]imaphost.com

1770620164 ( 216.193.248.183 ) To: abuse[at]lunarpages.com

[StevenUnderwood]

During the last week we have greatly suffered from our emails being returned due to spamcop blocking and are not recieving emails although we know the people are sending them to us.

Others have made responses, but I noticed one thing about your question: You are talking about 2 different processes above.

On messages you are sending that are being bounced, that would be due to the listing on spamcop.

On not receiving emails "although we know the people are sending them to us", that would only involve spamcop if YOU (or your mail service) are using spamcop to block incoming messages.

[istracpsboss]

We've a similar problem. I'm not a techie. We are estate agents in Croatia and whenever I have sent emails to my wife who is the lawyer who runs our legal department in another city over the last two days I've been getting a block.

Since it is screwing up contracts which are time sensitive it is causing real problems. Clients arrive from abroad expecting to sign contracts for buying houses, which we then need to take to a notary before they close and they aren't ready because the documentation has been blocked. If anyone can help I'd be very grateful. Thanks.

Here is the most recent one's headers:

Hi. This is the qmail-send program at se-l4.avalon.lu.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<kcobal[at]globalnet.hr>:

213.149.32.10 does not like recipient.

Remote host said: 553 Blocked - see http://www.spamcop.net/bl.shtml?209.61.218.134

Giving up on 213.149.32.10.

--- Below this line is a copy of the message.

Return-Path: <peter.ellis[at]croatiapropertyservices.com>

Received: (qmail 11750 invoked by uid 89); 2 Sep 2006 08:03:17 -0000

Received: from unknown (HELO localhost) (127.0.0.1)

by se-l4.avalon.lu with SMTP; 2 Sep 2006 08:03:17 -0000

Received: (qmail 11474 invoked by uid 89); 2 Sep 2006 08:02:54 -0000

Received: from 195-29-85-236.adsl.net.t-com.hr (HELO peterdesktop) (peter.ellis[at]croatiapropertyservices.com[at]195.29.85.236)

by se-l4.avalon.lu with ESMTPA; 2 Sep 2006 08:02:54 -0000

From: "Peter Ellis" <peter.ellis[at]croatiapropertyservices.com>

To: "Ksenija Ellis" <kcobal[at]globalnet.hr>

Subject: RE: Certificate of Title

Date: Sat, 2 Sep 2006 10:07:52 +0200

Message-ID: <DBENILCIBFOPEONBDIGDAEMACAAA.peter.ellis[at]croatiapropertyservices.com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0281_01C6CE77.A7104810"

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)

Importance: Normal

In-Reply-To: <20060901180416.0BA3D130805D[at]ls422.t-com.hr>

X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4963.1700

[Farelf]

... whenever I have sent emails to my wife who is the lawyer who runs our legal department in another city over the last two days I've been getting a block. ...

Hi istracpsboss - you have presumably followed the link from the rejection notice you provided (and the links from that page) and understand it is not your messages that are causing the problem. "Something" sharing your IP address 209.61.218.134 is sending to spamtraps - in that circumstance no detailed reports are sent to your provider abuse address: abuse[at]hopone.net ('phone +1-202-318-0530). These are the people who need to work on getting blocklist removal - which will happen automatically within 24 hours of no more "spam" but it is likely to go straight back on again unless the cause has been found and eliminated. Is your wife able to get you whitelisted by globalnet.hr? That might be something the two of you could work on because the blocklist itself is a matter for your provider to fix.

[Derek T]

Hi istracpsboss - you have presumably followed the link from the rejection notice you provided (and the links from that page) and understand it is not your messages that are causing the problem. "Something" sharing your IP address 209.61.218.134 is sending to spamtraps -

There are plenty of human reports too, which have apparently been ignored by your ISP - all but one are misdirected bounces.

[Miss Betsy]

Or you can have an alternative email address (such as hotmail) for emailing your wife or use the fax. That's what's good about blocking, you *do* get a rejection notice and know that the email hasn't been received.

That would be a good idea to have an alternate any way since there are other reasons why email is sometimes unavailable.

Miss Betsy

[StevenUnderwood]

There are plenty of human reports too, which have apparently been ignored by your ISP - all but one are misdirected bounces.

Derek:

The UUBE reports do not appear to go to the ISP but rather to: uube[at]devnull.spamcop.net. Only that one report went to the ISP. I believe this step was done to give a little more information on misdirected bounces.

"failure notice" is the subject of the bounces seen.

Report History:

Display UUBE

--------------------------------------------------------------------------------

Submitted: Sunday, August 13, 2006 5:11:08 PM -0400:

Small Cap Stocks

1875498502 ( 209.61.218.134 ) To: relays[at]admin.spamcop.net

1875498497 ( 201.37.57.160 ) To: spamcop[at]imaphost.com

1875498494 ( 201.37.57.160 ) To: abuse[at]embratel.net.br

1875498492 ( 201.37.57.160 ) To: sistemas[at]intelignet.com.br

1875498487 ( 201.37.57.160 ) To: mail-abuse[at]cert.br

1875498480 ( 201.37.57.160 ) To: abuse[at]poa.virtua.com.br

Report History:

Don't Display UUBE

--------------------------------------------------------------------------------

Submitted: Friday, September 01, 2006 11:34:35 AM -0400:

failure notice

1902174864 ( 209.61.218.134 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Friday, September 01, 2006 9:59:06 AM -0400:

failure notice

1902042282 ( 209.61.218.134 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Friday, September 01, 2006 3:27:16 AM -0400:

failure notice

1901563888 ( 209.61.218.134 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 29, 2006 12:22:22 PM -0400:

failure notice

1897471771 ( 209.61.218.134 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Tuesday, August 29, 2006 1:37:41 AM -0400:

failure notice

1896714428 ( 209.61.218.134 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, August 28, 2006 7:58:52 PM -0400:

failure notice

1896402867 ( 209.61.218.134 ) ( UUBE ) To: uube[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Monday, August 28, 2006 8:50:21 AM -0400:

failure notice

1895585856 ( 209.61.218.134 ) ( UUBE ) To: uube[at]devnull.spamcop.net

Older Reports

[Derek T]

The UUBE reports do not appear to go to the ISP but rather to: uube[at]devnull.spamcop.net. Only that one report went to the ISP. I believe this step was done to give a little more information on misdirected bounces.

I didn't realise that. Nor do I understand it! Why would not warning them give more info?

BTW, forgive my ignorance but what does UUBE stand for? It's a new one on me.

[StevenUnderwood]

I didn't realise that. Nor do I understand it! Why would not warning them give more info?

BTW, forgive my ignorance but what does UUBE stand for? It's a new one on me.

Per an email from a deputy: UUBE - Unwanted/Unsolicited Bounce Email It was recently added to the glossary: http://forum.spamcop.net/forums/index.php?...ost&p=29916 (Thanks dbiel)

It gives more info than not showing any listings like it used to be. Now at least the subject line is seen and approximate times as well without contacting the deputies. One example I saw the other day all had [spam] at the start of the subject line, so the administrator could deduce it was his spam-filter that was causing the misdirected bounces.

[dra007]

I think there is a consensus uube signifies spamtrap reports.

[Derek T]

I think there is a consensus uube signifies spamtrap reports.

Light dawns so a devnulled UUBE indicates a spamtrap hit and the volume of them indicates to 'us' how many and when. That makes sense, more info indeed! Thanks both.

[DavidT]

One example I saw the other day all had [spam] at the start of the subject line, so the administrator could deduce it was his spam-filter that was causing the misdirected bounces.

Wait a moment. I've received bounces that my *incoming* filtering system had tagged with [spam], but that wasn't the *cause* of the bounce. I think there's also a bit of conjecture in the recent messages in this topic that may or may not be reality. We need to check this out with the deputies. For example, those UUBE items showing up associated with a particular IP may very well have been reported by SC users. Maybe those aren't spamtrap hits at all (I rather suspect not).

DT

[StevenUnderwood]

Wait a moment. I've received bounces that my *incoming* filtering system had tagged with [spam], but that wasn't the *cause* of the bounce. I think there's also a bit of conjecture in the recent messages in this topic that may or may not be reality. We need to check this out with the deputies. For example, those UUBE items showing up associated with a particular IP may very well have been reported by SC users. Maybe those aren't spamtrap hits at all (I rather suspect not).

Yes. And some of those programs can be made to bounce the error back to the originator. I know Norton AV for Notes used to do that... had to turn the outside notification off.

You can try to get a better answer than I did. It was not confirmed or denied.

[Miss Betsy]

I don't think that uube address can be a mix of spam traps and reports by reporters. Reports by reporters should go to the source. spam traps don't make reports.

My guess is that there were so many requests for what was in the email that hit the spam trap, that they started creating 'reports' that could be accessed using the data that they would give if asked. Now the deputies can simply point requests to the 'report' instead of looking it up and making a 'report' themselves in reply.

Also, it is probably where the spam tag is placed that it can be seen if it is a misdirected bounce or a report. The tag would be after the rejection statement if it was a misdirected bounce and before the rejection statement if were a report.

Miss Betsy

[DavidT]

Reports by reporters should go to the source.

The key word might be "should." What if the "powers that be" have decided that excessive UUBE reports going to ISPs have made those ISPs decide to stop paying attention to SpamCop reports? If that were the case, then isn't it also possible that they've decided to "dev/null" the sending of the actual emails, and yet create a new way of handling those in the database/reporting system?

I think that before we tell people "these are spamtrap-related" that we need clarification from the people who actually administer the reporting system.

DT

[edit] I have sent a detailed email to the "deputies" address, asking for clarification on the UUBE items in the reporting database. I'll report back here if and when I hear from a deputy...whether I'm right or wrong. ;-)

[Miss Betsy]

If ISPs don't want to get reporter reports, there is already a mechanism for that. It might be that reports about misdirected bounces go to a dev/null address, but it is more probable, to me, that it would follow the current system of the address/dev/null than to send them to a special address for misdirected bounces.

At least we can tell people that they are misdirected bounces. That's the important part.

Miss Betsy

[StevenUnderwood]

If ISPs don't want to get reporter reports, there is already a mechanism for that. It might be that reports about misdirected bounces go to a dev/null address, but it is more probable, to me, that it would follow the current system of the address/dev/null than to send them to a special address for misdirected bounces.

At least we can tell people that they are misdirected bounces. That's the important part.

Miss Betsy

In the past week I have seen IP's with both reports going to the devnull address and to the ISP with the same subjects. I will keep my eyes open for more cases.

Either scenario is possible, but I still think it is spamtrap hits. I await the deputies reply, if they allow it to be published.