Jump to content
Sign in to follow this  
JohnnyB

Why is my mail server being blocked?

Recommended Posts

Oy, what went wrong with the quoting in the previous post?

Way too much quoted content included .... in the process, the number of [ q ] and [ / q ] don't match, so none of them got processed. had thoughts of editing it so it looked like someone knew what they were doing, but ... hard to get excited in helping someone after they've slapped me around, you know ???

Share this post


Link to post
Share on other sites

Oy, what went wrong with the quoting in the previous post?

dt

I dropped an extra quote in there by accident and missed it when editing. Fixed.

Adam Maas

Internet Security Specialist

MCI Canada

Share this post


Link to post
Share on other sites
The only way it could have happened is if said spam with a forged From: address hit a box set with an Out of Office autoreply. That is NOT a Bounce. And it is NOT UCE. Such Autoreplies are a required function of email for the Business World. If you are listing because of them, SpamCop needs to fix it's listing criteria. As this functionality cannot be used to spam anybody

Hi Adam!

You are right, in as much as many business people want to use Vacation/Out-of-Office messages. I think that there are many folk around who would query their value however.

Take my own experience... My Email address was forged by a spammer. The spam flood went out and in reply I received hundreds of vacation messages (sadly the spammer chose my address during the summer vacation period). So, as a result I had a mammoth task to address and our mail server had to handle the flood, we had to pay for bandwidth for the excess load etc. Each of these messages also carried the spammers advertising.

So it is a major problem. It can be addressed if the incoming flood of spam is stopped before arriving at the destination mailbox. That's why, I guess, many other ISPs like to use blocklists (including SpamCop's) to control the spew.

Andrew

Share this post


Link to post
Share on other sites
You are right, in as much as many business people want to use Vacation/Out-of-Office messages. I think that there are many folk around who would query their value however.

Take my own experience... My Email address was forged by a spammer. The spam flood went out and in reply I received hundreds of vacation messages (sadly the spammer chose my address during the summer vacation period). So, as a result I had a mammoth task to address and our mail server had to handle the flood, we had to pay for bandwidth for the excess load etc. Each of these messages also carried the spammers advertising.

So it is a major problem. It can be addressed if the incoming flood of spam is stopped before arriving at the destination mailbox. That's why, I guess, many other ISPs like to use blocklists (including SpamCop's) to control the spew.

Andrew,

I do agree that it needs to be addressed. The first way is to ensure that only the actual vacation message is sent in the Autoreply (Sadly, less common than it should be, although MCI Canada does ensure this) which dissuades spammers from using that tactic to spam. The second is of course to prevent the spam from hitting the autoreplier in the first place, something that SpamCop seriously aids with, as do other solutions like Bayesian filtering.

I am a fan of the service that SpamCop supplies. While I've been somewhat aggressive in my post upthread, that's simply a case of frustration over not being able to get the information I need to solve the issue. Thankfully StevenUnderwood's post indicated a problem that had slipped by my testing and MCI is working from that angle.

Share this post


Link to post
Share on other sites

Thankfully StevenUnderwood's post indicated a problem that had slipped by my testing and MCI is working from that angle.

BTW: My testing was not exhaustive as I had no idea what domains that server was supposed to accept. I found one that caused a problem, and stopped. You should of course verify for all domains.

Share this post


Link to post
Share on other sites

Unfortunately, the IP address in question here is once again ON THE SPAMCOP BLOCKLIST!!!!!!

However, I am glad to see that MCI and Spamcop are on the case.

Maybe now, we can get this problem solved forever.

Regards,

p.s. thanks Adam

Share this post


Link to post
Share on other sites
Unfortunately, the IP address in question here is once again ON THE SPAMCOP BLOCKLIST!!!!!!

That's because it would appear that it's still sending crap to people who don't want it, whether those be "vacation messages" or not...here are two items reported by SpamCop users yesterday:

Submitted: Monday, September 25, 2006 9:28:44 AM -0700:

Undeliverable mail: Get rid of the pounds you hate

* 1937740131 ( 142.77.1.111 ) ( UUBE ) To: uube[at]devnull.spamcop.net

Submitted: Monday, September 25, 2006 7:38:55 AM -0700:

WARNING. Mail Delayed: Your 1oan Approval.

* 1937588034 ( 142.77.1.111 ) ( UUBE ) To: uube[at]devnull.spamcop.net

According to the SC system, it wasn't those reports that got the IP back into trouble, but rather spam trap hits (unless those UUBE items actually *do* correspond to spam trap hits, which I doubt, and which the powers-that-be haven't confirmed, have they?). Due to timing issues, it's possible that the issues have been resolved, but the SC reporting system states that "it will be delisted automatically in approximately 8 hours."

Mr. Mass can make all the distinctions he wants between o-o-o responses and UCE, but the messages are most certainly "unwanted" and as such, fall into the definition of spam, even if not into one of the more agregious categories. It appears that SpamCop has drawn a rather clear "line in the sand" regarding these messages, and many other "business-oriented" servers manage to stay off the SCBL....wonder what they're doing right?

DT

Edited by DavidT

Share this post


Link to post
Share on other sites

That's because it would appear that it's still sending crap to people who don't want it, whether those be "vacation messages" or not...here are two items reported by SpamCop users yesterday:

Submitted: Monday, September 25, 2006 9:28:44 AM -0700:

Undeliverable mail: Get rid of the pounds you hate

* 1937740131 ( 142.77.1.111 ) ( UUBE ) To: uube[at]devnull.spamcop.net

Submitted: Monday, September 25, 2006 7:38:55 AM -0700:

WARNING. Mail Delayed: Your 1oan Approval.

* 1937588034 ( 142.77.1.111 ) ( UUBE ) To: uube[at]devnull.spamcop.net

According to the SC system, it wasn't those reports that got the IP back into trouble, but rather spam trap hits (unless those UUBE items actually *do* correspond to spam trap hits, which I doubt, and which the powers-that-be haven't confirmed, have they?). Due to timing issues, it's possible that the issues have been resolved, but the SC reporting system states that "it will be delisted automatically in approximately 8 hours."

Mr. Mass can make all the distinctions he wants between o-o-o responses and UCE, but the messages are most certainly "unwanted" and as such, fall into the definition of spam, even if not into one of the more agregious categories. It appears that SpamCop has drawn a rather clear "line in the sand" regarding these messages, and many other "business-oriented" servers manage to stay off the SCBL....wonder what they're doing right?

DT

DavidT,

We currently have not closed the hole that Steven found, so this is likely the source of the bounces. The issue is being addressed but has proven somewhat more complicated than initially believed.

The Autoreply issue is most likely not the problem here, although it was the source of the hits that the Deputies provided to me.

Adam Maas

Internet Security Specialist

MCI Canada

Share this post


Link to post
Share on other sites

Thanks for your update, Adam. I *do* appreciate your willingness to engage here and work through this on behalf of your customers. The continuing battle against the ever-increasing onslaught of unwanted emails is something that we all care about here very much, and even though most of us are "end users," it's nice for admins to drop by and participate in the solutions.

DT

Share this post


Link to post
Share on other sites

>>>>Please do not write us to tell us that you have fixed the problem and ask for early delisting. The IP will delist automatically within 24 hours, if there are no new reports

That is the part of your FAQ that must really piss off people.

We are held hostage for 24 hours. Like the person who started this thread, he is dead in the water for a whole day.

....and constantly saying that it is not the fault of spamcop, and spamcop is not blocking email rings hollow when your business is screwed over for a day.

Extracted from the hikacked Topic/Discussion at http://forum.spamcop.net/forums/index.php?showtopic=7183 .... This post and the following have been split out from that Topic .. and seeing as how the previous Topic/Discussion that this poster started has been referenced a number of times, this split out stuff will be merged back into that existing Discussion ....

Edited by Wazoo

Share this post


Link to post
Share on other sites

>>>>Please do not write us to tell us that you have fixed the problem and ask for early delisting. The IP will delist automatically within 24 hours, if there are no new reports

The server administrator can (if everything is setup properly), delist themselves after fixing the problem. They can only do this once, however, and too often the administrator tries to take the easy way out by delisting before fixing the problem.

THe 24 hours is there to be sure the problem is fixed. If more spam is reported as being sent within that 24 hours, the problem has NOT been fixed. And the 24 hours is a maximum.

At least the spamcop BL delists servers that are no longer spamming automatically. Some lists you will never get off of.

....and constantly saying that it is not the fault of spamcop, and spamcop is not blocking email rings hollow when your business is screwed over for a day.

Well, the company I work for was being "screwed over" every day by ~80% spam (4400 out of 5700 total messages yesterday) before we started intercepting the garbage. You are known by the company you keep. The company you use to send your email is allowing spam to come from their servers. It is up to you whether to put up with it. It is them you should be complaining to.

In a typical setup, an email is created on your local machine and transferred to a mail server you are allowed to access. That mail server determines where to send the message, contacts that server, and transfer the message to be stored until the recipient picks it up. Nowhere in that scenario do you see spamcop able to intercept the message. It is the choice of the recipients server to use the spamcop list to help reduce the spam coming into the server.

Share this post


Link to post
Share on other sites
We are held hostage for 24 hours.

???? As stated, read more of the FAQ and toss some reality into the mix. "You" can send all the e-mail you want to. The SpamCopDNSBL only comes into play when you attempt to send any of that e-mail to an ISP that has chosen to use the data in the SpamCopDNSBL in a blocking fashion. This is not a 100% universal condition.

The "24 hours" is but one variable .. you seemed to have overlooked the word "within" and not played with the math involved at all ....

Putting your faith and trust into a system not guaranteed to work, world reknowned for "things going wrong" for the strangest of reasons ... kind of silly ...

Like the person who started this thread, he is dead in the water for a whole day.

On the other hand, it's actually hard to work up a whole lot of sympathy for a "business dead in the water" due to the spam-spew problems of a "free" ISP's lack of concern ..... yet also noting that the original poster's primary issue was already handled by using yet another 'free' e-mail service ....

....and constantly saying that it is not the fault of spamcop, and spamcop is not blocking email rings hollow when your business is screwed over for a day.

At this point, the only thing that seems to be valid ... get a clue .... data has been made available here, try to access it, then apply it ....

Share this post


Link to post
Share on other sites

>>>(4400 out of 5700 total messages yesterday) before we started intercepting the garbage. You are known by the company you keep.

You are not unique Mr. Underwood. We have the same problem here.

I block and delete the spam, it is not that great an issue.

I am known by the company I keep???????

I am on a mailserver with thousands of other companies, are you suggesting that I am to blame for spam because of some other unknown company? Or because MCI/UUNET (the backbone of the internet) made some error in the configuration of the mailserver?

We are somehow guilty by association?

This is the entire problem with spamcop. Instead of going after the root cause, spamcop lumps everybody together.

Share this post


Link to post
Share on other sites

I am known by the company I keep???????

I am on a mailserver with thousands of other companies, are you suggesting that I am to blame for spam because of some other unknown company? Or because MCI/UUNET (the backbone of the internet) made some error in the configuration of the mailserver?

We are somehow guilty by association?

This is the entire problem with spamcop. Instead of going after the root cause, spamcop lumps everybody together.

If MCI/UUNET is providing your mail service, then yes, you are paying for the poor service you are getting. At one point, we used UUNET for our internet access (we run our ouw server) and left them when a large amount of the junk we were getting was from virus infected "neighbors" that they would not do anything about after many complaints.

It is not spamcop lumping everybody together. The provider has done that to make more money. If you want to be only affected by your own mail output, you need to have a dedicated IP for your mail. Spamcop only lists the IPs actually sending the spam. If a company has 100 mail servers, but only 1 is sending spam, only that IP address is listed. That server IS the root cause of the problem. There is nothing more granular that is not provided by the sender (i.e. easily forged).

Share this post


Link to post
Share on other sites

>>>If MCI/UUNET is providing your mail service, then yes, you are paying for the poor service you are getting.

Well, its not just the mailserver we use. Its dedicated web hosting and a T1 line too. We need to deal with a big player, not just a little ISP.

We do get good service.

Share this post


Link to post
Share on other sites

We do get good service.

With the exception of your mail service being listed (1/3 of the services you list). If you get good service from them, ask them to fix the problem that keeps getting the server listed. Then you will have nothing to complain about and you will have helped the entire internet community.

You could get mail services from another source (including providing it yourself) while keeping your internet access and hosting with them. Then you wlll not be reliant on them keeping the server clean.

We get internet access from one company, have web hosting through another, and provide our own mail service employing another service for spam filtering.

Share this post


Link to post
Share on other sites

>>>If you get good service from them, ask them to fix the problem that keeps getting the server listed.

I think they are working on it now. It seems they did not have enough information before I brought this forum to their attention.

We can't switch. We have contracts in place. It could apparently (from reading this forum and doing research on spamcop in the web) happen to just about anyone.

Share this post


Link to post
Share on other sites

We can't switch. We have contracts in place.

You need better lawyers looking at your contracts before you sign them.

Ours always add an out clause for not providing the service contracted.

It could apparently (from reading this forum and doing research on spamcop in the web) happen to just about anyone.

Multiple or lenghthy listings can happen to anyone using a shared server where the administrator is not paying attention.

Share this post


Link to post
Share on other sites
It could apparently (from reading this forum and doing research on spamcop in the web) happen to just about anyone.

...and lightning could strike "just about anyone" but that's far more likely if they're doing something stupid like standing out on a golf course or not taking appropriate precautions.

But seriously, if servers are properly configured and managed, then it's FAR less likely. The IP from which all of my hosted domains transmit email doesn't have so much as a *single* report hit in the SpamCop report database, so it's quite possible to "live clean" as far as SpamCop goes.

DT

Edited by DavidT

Share this post


Link to post
Share on other sites

>>>You need better lawyers looking at your contracts before you sign them.

We don't want out of the contracts.

There is just one problem with MCI, and that is spamcop. That problem may be fixed, we will see.

I think you are a little obsessed with spam my friend.

Share this post


Link to post
Share on other sites

I think you are a little obsessed with spam my friend.

I have seen the increased productivity when there is not a ton of spam to wade through on a daily basis both at work and at home.

At work, I actually get support calls about once a month when a single spam gets through asking what is wrong.

At home, I have reduced the spam I see in my inbox from about 125-150 per day before using spamcop to a couple a week simply adding spamcop email service into the mix to maybe one per month by dropping my most spammed account (which I held for ~12 years) and using primarily spamcop addresses.

Share this post


Link to post
Share on other sites

Ok, sure you are getting a lot less spam. But you are likely missing some real email too.

Here is some of the FAQ:

Q: Why me? A: It Happens to the best of us

It is annoying to have your email blocked. It is also annoying to have a backhoe interrupt email service.

However, until the blocking problem is resolved, you can email people through a web based email service (the most familiar web based email services are hotmail and yahoo).

After you have taken care of the immediate problem of being able to communicate with someone by email, the next step is to see what can be done so this inconvenience does not happen to you again.

The one thing you do not want to do is to complain to those correspondents who are using an email service that uses the SpamCop blocklist. They probably really like the reduction in spam!

--------------------------------------------------------------

That first line about the backhoe is a odd thing to say. It does nothing to help somebody who is blocked. Imagine how frustrating it would be to read that?

The last point is very self serving. Maybe complaining is a good idea because if they do not hear the complaint they will not look for a better block list.

That is my BIG PROBLEM with spamcop. You are likely blocking more real email than you are blocking spam. Have you ever considered that? It is the old "throwing out the baby with the bathwater" approach to spam.

Share this post


Link to post
Share on other sites

Spamcop lists IP addresses based on certain criteria. They are not going to change those criteria because you don't like them. The spamcop BL is NOT intended to be used for blocking by itself, in fact, spamcop itself recommends against that configuration. However, they have absolutely no control whatsoever over how an ISP chooses to use the list. If you have a problem with the way the SCBL is being used or misused, the people to complain to would be either:

A) The owner of the receiving server that is misusing the list of IP addresses,

or B ) The owner of the sending server that has allowed a misconfiguration or mismanagement issue to get it listed on the SCBL.

The thing not to do is come here simply to complain. It accomplishes absolutely nothing other than wasting your and others time. There is nothing anyone here can or wants to do to change the way the SCBL works. For what we use it for, it works exactly as expected and intended. We understand what gets listed (per the spamcop FAQ). We understand the pros and cons of using the list in a blocking manner versus a tagging manner. In fact, believe it or not, that very discussion has been had on this forum many many times. If you want to understand how and why the SCBL works, you might want to go back and read some of those many discussions.

Edited by Telarin

Share this post


Link to post
Share on other sites

Ok, sure you are getting a lot less spam. But you are likely missing some real email too.

I am not.

Work: I would prefer to be using a blocklist here because then the sender would know the message did not get through, but that was not my decision. At first, I scanned my Held Mail folder regularly and never found a valid message there. I check it a lot less frequently now. I have nobody in my personal whitelist. There are a couple of entries in our company-wide whitelist for major customers who have had problems getting through.

Home: I check my Held mail folder every time I check my Inbox (several times a day) and report that which is spam. I do have a few whitelisted addresses from when I have found messages in the Held mail folder.

I think it much more important to notify the sending party that there is a problem with delivery. That is why I support blocklists in general and the spamcop blocklist in particular. I found spamcop when searching for something I could do about spam as it was increasing (about 3-4 years ago now) and liked the fact that it attempts to list hosts while the spam is being sent and automatically stops the listing when the spam has stopped for a number of hours. I also liked that they send reports to the responsible ISP to alert them about the spamming.

The line about the backhoe is meant to indicate that email is not now, and never has been a service that can guarantee delivery of the message. Any server can drop the message at any time without notification. There is a member here who tells a story of msn email being delayed by months because of a hardware failure where the machine, with its mail queue, was removed from service for a while. When the machine was returned to service, it delivered those messages queued months earlier.

Share this post


Link to post
Share on other sites
There is a member here who tells a story of msn email being delayed by months because of a hardware failure where the machine, with its mail queue, was removed from service for a while. When the machine was returned to service, it delivered those messages queued months earlier.

The 'glory' days of having a (U.S.) [at]Home account .... before it disappeared, I believe the contest winner of having the 'oldest e-mail delived /today/' came in with something like 14 months betwqeen the time it was accepted at an [at]Home server and the day it was 'delivered' ..... my 'best' was only 11 months delay ....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×