Jump to content
Sign in to follow this  
Gigidag

Help to remove from Blocking List

Recommended Posts

Hi,

I'm listed in Spamcop Blacklist and i've checked everything on my lan and servers.

No viruses, no spywares, not in open relay.

My IP is 213.223.154.30.

What can i do to be removed from your list ?

Thanks

Alexandre

Share this post


Link to post
Share on other sites
I'm listed in Spamcop Blacklist and i've checked everything on my lan and servers.

No viruses, no spywares, not in open relay.

My IP is 213.223.154.30.

What can i do to be removed from your list ?

Your listing is caused by spamtrap hits alone. This suggests that you are sending delayed 'bounces' rather than rejecting with a 5xx at the time of the SMTP transaction. Sending new mail as non-delivery notification to the (always forged) from envelope is no longer acceptable. I get more of these than fresh spam. There is a faq here that covers this subject, how did you manage to miss it?

De-listing, like listing is entirely automatic once the abuse stops.

Share this post


Link to post
Share on other sites

What can i do to be removed from your list ?

Stop bouncing email to ficticous addresses called spam traps If you are ding this you are also buncing email to victims

Read the FAQ

http://www.spamcop.net/fom-serve/cache/329.html

[Moderator edit - link changed from ...//members... to ...//www...]

Edited by Farelf

Share this post


Link to post
Share on other sites
I'm listed in Spamcop Blacklist and i've checked everything on my lan and servers.

No viruses, no spywares, not in open relay.

My IP is 213.223.154.30.

I'm sorry to report that the server is sending ordinary spam to our spamtraps. We know for a fact that our trap servers accurately record the source IP when they get mail. A spamtrap is an unused address whose sole reason for existence is to see if people will send unsolicited mail to it. We guard our traps like gold for fear of revealing the email addresses, which is why we don't send any reports about the spam they get, so I'm afraid there aren't many details I can share with you.

All I can say is that there appears to be a compromised machine somewhere on your LAN. There is nothing in the headers that shows a source inside.

Received: from mailserver.amp.tv (HELO localhost) (213.223.154.30)

by [our trap server] with SMTP; 10 Jan 2007 10:xx:xx -0000

Message-ID: x[at]localhost>

From: "Arlen Hoines" <rug[at]lisawear.com>

To: x

Subject: Why be an average guy any longer

- Don D'Minion - SpamCop Admin -

Share this post


Link to post
Share on other sites

The SpamCop Admin can see the actual email and doesn't have to guess if the listing is caused by misdirected bounces or a trojan the way the other two posters did. They guessed misdirected bounces because you said you had looked for viruses.

As he said, he can't give you the email to look at because spam traps are email addresses that are never used for email and therefore, don't send email reports as well as the fact that spammers would use them, if they could, to avoid being listed.

One of the things that other admins have discovered is that although there is no evidence of a compromised machine in their outgoing email logs, sometimes they have found suspicious activity by looking in their firewall logs. Good Luck in finding the compromised machine!

Miss Betsy

Share this post


Link to post
Share on other sites

Address and Port: 213.223.154.30

Record Created: Mon Jan 8 14:37:24 2007 GMT

Record Updated: Wed Jan 10 12:09:32 2007 GMT

Additional Information: spam Sending Trojan or Proxy attempted to send mail from/to from=<scrapping4fun.com[at]lagst.com> to=<fiona.doyle[at]paticipating.domain>

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×