Jump to content
Sign in to follow this  
brucebeardmore

68.167.53.242 Blocked again!

Recommended Posts

for the love of god, someone please tell me what i need to do to stop getting put on spamcop's blocklist. we are a non-profit organization that sends bulk email only to an opt-in list. i've had two seperate network admin companies come in and tell me that my email server is set up properly. we've gone so far as to institute a policy that NO bulk emails go out from our IP address. (contracting with a third party from now on) and yet i keep finding our IP on this list. any advice would be very much appreciated. IP = 68.167.53.242 and should resolve to mail.nic.org

Share this post


Link to post
Share on other sites

Lots of stock spam

Submitted: Tuesday, December 05, 2006 10:58:50 PM -0500:

it's me Billie

Submitted: Tuesday, December 05, 2006 10:58:50 PM -0500:

it's me Jewell

Submitted: Saturday, December 02, 2006 5:12:05 AM -0500:

EQSE News

Submitted: Friday, December 01, 2006 2:58:03 PM -0500:

EQSE News

Submitted: Friday, December 01, 2006 2:23:09 PM -0500:

EQSE News

Share this post


Link to post
Share on other sites
for the love of god, someone please tell me what i need to do to stop getting put on spamcop's blocklist. we are a non-profit organization that sends bulk email only to an opt-in list. i've had two seperate network admin companies come in and tell me that my email server is set up properly. we've gone so far as to institute a policy that NO bulk emails go out from our IP address. (contracting with a third party from now on) and yet i keep finding our IP on this list. any advice would be very much appreciated. IP = 68.167.53.242 and should resolve to mail.nic.org
Hi!

...For some reason, you seem to have missed some of the information we try put in your way to help you find answers to questions such as this, which are frequently asked. For example, there's a big bold red link labeled "------>------> Latest and Current Announcements <------<------" on most all of the SpamCop Forum pages that has a link labeled "My Email is Blocked. I need help!" under a large-font label "Blocked Email because of SpamCopBL - What's happening?" On that same page, right under the aforementioned link, there is a link labeled "End user version" beneath the text "Why am I Blocked?." There are also a number of helpful links in the "SpamCop FAQ," to which there is a link with that label near the top right of most every SpamCop Forum page.

...Fortunately, you have provided the key information needed: the IP address of the blocked machine.

Query bl.spamcop.net - 68.167.53.242

<snip>

68.167.53.242 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 19 hours.

Causes of listing

  • System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
  • SpamCop users have reported system as a source of spam less than 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

  • System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

Listing History

In the past 48.1 days, it has been listed 8 times for a total of 8.6 days

<snip>

Then, clicking on the link labeled "Trace IP":
SpamCop v 1.603 Copyright � 1998-2006, IronPort Systems, Inc. All rights reserved.

Parsing input: 68.167.53.242

host 68.167.53.242 = mail.nic.org (cached)

host 68.167.53.242 = mail.nic.org (cached)

Routing details for 68.167.53.242

[refresh/show] Cached whois for 68.167.53.242 : abuse-isp[at]covad.com

Using abuse net on abuse-isp[at]covad.com

abuse net covad.com = abuse-isp[at]covad.com

Using best contacts abuse-isp[at]covad.com

Statistics:

68.167.53.242 listed in bl.spamcop.net (127.0.0.2)

More Information..

68.167.53.242 not listed in dnsbl.njabl.org

68.167.53.242 not listed in dnsbl.njabl.org

68.167.53.242 not listed in cbl.abuseat.org

68.167.53.242 not listed in dnsbl.sorbs.net

68.167.53.242 not listed in relays.ordb.org.

Reporting addresses:

abuse-isp[at]covad.com

<snip>

So abuse-isp[at]covad.com should be receiving any spam reports (not spam Trap hits) submitted by SpamCop users.

...By the way, thank you for not accusing SpamCop of blocking you! It was the providers of the intended recipients of your e-mail that blocked you (against the recommendation of SpamCop itself).

...If your server is, indeed, set up properly and you are not sending e-mail to just any e-mail address that "opts in" (are you taking care, for example, to keep me from asking you to send your e-mail to someone who doesn't want it?), perhaps you have malware running on your machine or some other machine that has access to yours and is sending out spam. There are lots of zombied machines sending spam these days.

Edited by turetzsr

Share this post


Link to post
Share on other sites

ok, i just went through to all 12 of the machines inside my network and ran updated versions of spyboy s&d and adaware pro.

can someone tell me if there's anything else that i can do to check and see if true spam is going out from my IP address?

Share this post


Link to post
Share on other sites
can someone tell me if there's anything else that i can do to check and see if true spam is going out from my IP address?

??? You said nothing about finding the source of the previously listed spam spew. You said nothing about server logs, firewall logs, etc. You said nothing about reading and (not) understanding any of the FAQs available here. You've not identified any of the parameters involved, OS, software, on and on .....

Nothing said about the results provided in previous Topics such as this, even the ones tagged as [Resolved] ..... There be all kinds of information available for gleaning here .....

Share this post


Link to post
Share on other sites

Hint: zombied machines do not always send email through Port 25; look at other logs to see if email is going out. Since I am not a server admin, I can't be more specific, but often the other logs is where they find the culprit.

Miss Betsy

Share this post


Link to post
Share on other sites

Recently I'd found an infected PC in my net by watching through the list of temporary NAT/firewall port mappings. I have detected multiple outgoing SMTP connections (on port 25) to different servers from one of internal IPs, which were perfectly identified in the mappings table.

The rest wasn't a big problem.

Edited by vzinchenko

Share this post


Link to post
Share on other sites
ok, i just went through to all 12 of the machines inside my network and ran updated versions of spyboy s&d and adaware pro.

can someone tell me if there's anything else that i can do to check and see if true spam is going out from my IP address?

You also just removed yourself from the CBL (was removed at 2006-12-08 19:38 GMT) - If you have not fixed your problem you will not be able to remove yourself so easily next time.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×