Jump to content
Sign in to follow this  
gubbe

E-mail blocked, IP not on Blocking List

Recommended Posts

E-mail from: schaddo.de

E-mail to: thusgaard.com

IP-tracking: http://www.spamcop.net/bl.shtml?81.169.145.181

>554 5.0.0 Service unavailable

><<< 554 Error: no valid recipients

*** 81.169.145.181 not listed in bl.spamcop.net ***

I feel fairly helpless in this particular situation. It would seem that it's no problem to send e-mail from that domain to other e-mail address on the recipient's domain. Very odd.

So what do I need to do? Who do I need to contact?

The sender's ISP?

The sender's SMTP or mail hosting provider?

The receipient's mail hosting provider?

Thanks in advance!

Share this post


Link to post
Share on other sites

Filtering takes place at the individual recipients mail server, and since not every mail server admin uses the same blacklists, only those using the SCBL to block mail would result in this problem. As for correcting it, there are a number of people you can contact:

Sending mail host provider (owner of 81.169.145.181):

The best solution is for the sending ISP to correct the problem with spam originating from their network. When the spam stops, the listing in the SCBL will automatically go away within 24 hours.

Receiving mail host provider:

In many cases it is possible for the receiving ISP to whitelist the sender, or senders entire server. This depends on the software they are using, and whether or not they are willing to do it. They can also use the SCBL as part of a scoring system, rather than to directly block email. This is the recommended use of the SCBL and will help reduce false positives.

Share this post


Link to post
Share on other sites

http://www.spamcop.net/w3m?action=checkblo...=81.169.145.181

81.169.145.181 not listed in bl.spamcop.net

History shows both spam complaints and spamtrap hits.

http://www.senderbase.org/?searchBy=ipaddr...=81.169.145.181

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 5.6 .. 264%

Last 30 days .. 5.2 ... 18%

Average ........ 5.1

Do you know why the traffic is increasing?

Bit of more interest is the line;

Real-time blacklists

dnsbl.sorbs.net spam source - http://www.dnsbl.sorbs.net/cgi-bin/lookup?IP=81.169.145.181

Which identifies spamtrap hits that caused it to be listed there.

The SpamCopDNSBL does not use e-mail addresses. The SpamCopDNSBL is very dynamic, being based on variables such as traffic "seen" and the ration of traffic "reported" ...

The "other addresses work" .. possibly something as "odd" as their customers' e-mail are split across several servers, perhaps broken out alphabetically, and not all servers are configured the same way?

Who to contact kind of depends on just which part of the 'problem' you're going to try to resolve.

Share this post


Link to post
Share on other sites

There doesn't appear to be a major spam problem - the bulk of reported messages look like UUBE with a few suspicious subjects appearing such as:

Submitted: 04 September 2006 06:34:27 +0100:

WINNING NOTIFICATION 2006!!!

Submitted: 03 September 2006 20:23:19 +0100:

REQUEST FOR PARTNERSHIP

Submitted: 31 August 2006 09:20:01 +0100:

Wanna do it once again?

So, although you are not currently listed you do seem to have a small issue to address. I'd look at misdirected bounces first off. They seem to be the larger issue.

Andrew

Share this post


Link to post
Share on other sites
So, although you are not currently listed you do seem to have a small issue to address. I'd look at misdirected bounces first off. They seem to be the larger issue.

How can I "look at misdirected bounces"? I do not control the server and don't have any way of administrating it.

I've raised a case with the recipient mailhosting provider, Unoeuro.com, hoping that they can assist and configure their spamcop to help the problem for this particular sender domain.

Share this post


Link to post
Share on other sites

Unoeuro.com - my hosting company claim they have zero influence on what's blocked and what's not.

In the mean time I found out that this error has at least been in effect since end of July:

http://www.spamcop.net/bl.shtml?81.169.145.183.

Now that one party has been eliminated, I don't know where to go!

I guess my best guess is to contact Strato in Germany. They are responsible for the listed servers and could probably get the servers delisted...

Share this post


Link to post
Share on other sites
How can I "look at misdirected bounces"? I do not control the server and don't have any way of administrating it.

??? not sure we're together on things yet. If you are not an Admin for the server in question, then there isn't anything "you" can do directly about any of this. The "misdirected bounces" involved here are those e-mails that are directed to spamtrap addresses.

I've raised a case with the recipient mailhosting provider, Unoeuro.com, hoping that they can assist and configure their spamcop to help the problem for this particular sender domain.

There is no "configuring their spamcop" thing .... there is configuration of their e-mail server tool set that includes the use of various BLs and actions performed by the results of those BL checks. What you'd be asking about is a whitelisting capability, but again, that's entirely up to that ISP.

Unoeuro.com - my hosting company claim they have zero influence on what's blocked and what's not.

Well, it's their server, in theory, what leaves that server should be under some kind of control ...???

Or, are we talking about the situation where your hosting company is only reselling the services of someone else, and this is wy they "have no controll" .. as it really isn't their server to begin with? Though even then, they should be complaining to the folks they are getting their services from ...????

In the mean time I found out that this error has at least been in effect since end of July:

http://www.spamcop.net/bl.shtml?81.169.145.183.

Now that one party has been eliminated, I don't know where to go!

Eliminated ...???? Let's just say that this issue hasn't happened enough to get/keep the server listed in the SpamCopDNSBL.

I guess my best guess is to contact Strato in Germany. They are responsible for the listed servers and could probably get the servers delisted...

As above and at the SpamCop.met parsing & reporting page, this is who would be receiving the reports about the spam/spew ,,,,

http://mailsc.spamcop.net/sc?track=81.169.145.181

Parsing input: 81.169.145.181

host 81.169.145.181 (getting name) = natblert.rzone.de.

host 81.169.145.181 = natblert.rzone.de (cached)

[report history]

Routing details for 81.169.145.181

[refresh/show] Cached whois for 81.169.145.181 : abuse[at]strato.de

Using abuse net on abuse[at]strato.de

abuse net strato.de = abuse[at]strato.de

Using best contacts abuse[at]strato.de

Statistics:

81.169.145.181 not listed in bl.spamcop.net

More Information..

81.169.145.181 not listed in dnsbl.njabl.org

81.169.145.181 not listed in dnsbl.njabl.org

81.169.145.181 not listed in cbl.abuseat.org

81.169.145.181 listed in dnsbl.sorbs.net ( 127.0.0.6 )

81.169.145.181 not listed in relays.ordb.org.

Reporting addresses:

abuse[at]strato.de

Share this post


Link to post
Share on other sites
E-mail from: schaddo.de

E-mail to: thusgaard.com

IP-tracking: http://www.spamcop.net/bl.shtml?81.169.145.181

>554 5.0.0 Service unavailable

><<< 554 Error: no valid recipients

*** 81.169.145.181 not listed in bl.spamcop.net ***

<snip>

<snip>

http://mailsc.spamcop.net/sc?track=81.169.145.181

Parsing input: 81.169.145.181

host 81.169.145.181 (getting name) = natblert.rzone.de.

host 81.169.145.181 = natblert.rzone.de (cached)

[report history]

Routing details for 81.169.145.181

[refresh/show] Cached whois for 81.169.145.181 : abuse[at]strato.de

Using abuse net on abuse[at]strato.de

abuse net strato.de = abuse[at]strato.de

Using best contacts abuse[at]strato.de

Statistics:

81.169.145.181 not listed in bl.spamcop.net

More Information..

81.169.145.181 not listed in dnsbl.njabl.org

81.169.145.181 not listed in dnsbl.njabl.org

81.169.145.181 not listed in cbl.abuseat.org

81.169.145.181 listed in dnsbl.sorbs.net ( 127.0.0.6 )

81.169.145.181 not listed in relays.ordb.org.

Reporting addresses:

abuse[at]strato.de

...Sometimes this kind of thing (receiving server sends error message mentioning SpamCop but the IP address in question is not on the SpamCop blacklist) is due to the actual criterion resulting in the block being something else -- in this case, perhaps SORBS).

Share this post


Link to post
Share on other sites

As above and at the SpamCop.met parsing & reporting page, this is who would be receiving the reports about the spam/spew ,,,,

http://mailsc.spamcop.net/sc?track=81.169.145.181

Parsing input: 81.169.145.181

host 81.169.145.181 (getting name) = natblert.rzone.de.

host 81.169.145.181 = natblert.rzone.de (cached)

[report history]

Routing details for 81.169.145.181

[refresh/show] Cached whois for 81.169.145.181 : abuse[at]strato.de

Using abuse net on abuse[at]strato.de

abuse net strato.de = abuse[at]strato.de

Using best contacts abuse[at]strato.de

Statistics:

81.169.145.181 not listed in bl.spamcop.net

More Information..

81.169.145.181 not listed in dnsbl.njabl.org

81.169.145.181 not listed in dnsbl.njabl.org

81.169.145.181 not listed in cbl.abuseat.org

81.169.145.181 listed in dnsbl.sorbs.net ( 127.0.0.6 )

81.169.145.181 not listed in relays.ordb.org.

Reporting addresses:

abuse[at]strato.de

This is very helpful - I'll get back to those guys! Thanks!

Share this post


Link to post
Share on other sites

From what I gather, SORBS includes lists of ip addresses that are sometimes used to block mail, but shouldn't be used that way. It is run by a rather strange individual who is sometimes referred to as a maverick and the service relies a lot on ISPs sending "accurate" lists of dynamic/static addresses to SORBS.

The person running the service has a day job and puts in a couple of hours a day on SORBS, refusing to delegate any decisions to his "helpers", which means it can take weeks to get an IP address delisted, even if it shouldn't have been there in the first place. Based on extensive comments by him in other discussion groups, he seems relatively unfazed about the way his list is used by others, regardless of the commercial losses suffered by inaccuracies in the list. He also tries to extort funds from ISPs and others to delist ip addresses - and the funds are to go to a charity of SORBs choice. Many ISPs simply don't cough up - especially the larger ones.

The list may be okay if used to support evidence of spamming, but quite unreliable on its own. It should never be used to block emails, it can be useful to tag suspected spam.

It cannot be considered a reputable antispam service at all IMO. Certainly not in the same league as SpamCop and SpamHaus / CBL etc.

Share this post


Link to post
Share on other sites

On SORBS:

It cannot be considered a reputable antispam service at all IMO. Certainly not in the same league as SpamCop and SpamHaus / CBL etc.

OK, so why is it still used together with Spamcop. The error in question was returned with a spamcop error! How can SORBS be switched off?

Thanks

Share this post


Link to post
Share on other sites

The lists used and the error message returned is controlled entirely by the receiving ISP, they are the only ones who can decide which BLs to use and how to use them.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×