Jump to content
Sign in to follow this  
CarolAN

Is http://unblock.secureserver.net a valid site?

Recommended Posts

Background:

I do not have SPAMCOP, but SPAMCOP was referenced on the website for this problem. I work for an ISP, and we do not send spam. However, I have had spam come in that has spoofed our domain. That could be the cause of this message.

The problem:

I sent a reply mail to tom[at]tomXXX.com. It was rejected. I received an email from my system.

----- The following addresses had permanent fatal errors -----

<tom[at]tomXXX.com>

----- Transcript of session follows -----

.. while talking to smtp.secureserver.net

>>> RCPT To:<tom[at]tomXXX.com>

<<< 553 Attack detected from pool 12.152.XXX.XXX. <http://unblock.secureserver.net/?ip=12.152.XXX.XX>

I have never seen a report like this before. The unblock site showed SPAMCOP as a reference, so it sounds like they do business with SPAMCOP(a highly respected site!). Hoping you have information about them, one way or another, I am coming here for information. Is this a site I should trust? Should I provide information to them, or will I get forever swamped with spam if I do?

Thanks for the help!

Share this post


Link to post
Share on other sites
...Is this a site I should trust? Should I provide information to them, or will I get forever swamped with spam if I do?
If the block is through the SCBL then there's not a lot you can do about it (unless you control 12.152.xxx.xxx). Check your status at http://www.spamcop.net/bl.shtml

Share this post


Link to post
Share on other sites
Should I provide information to them, or will I get forever swamped with spam if I do?

It looks as though you are asking if secureserver.net is trustworthy because it does reference spamcop. The spamcop blocklist is entirely automatic - listing stops when spam stops - so if secureserver is claiming that it can unblock you at spamcop, it probably is not trustworthy. Perhaps someone else who has had experience with that site will have a more informed answer.

BTW, spam is the Hormel meat product. Hormel has been very nice about the fact that its trademark was hijacked and used as a nickname for unsolicited email. All they ask is that unsolicited email be referenced by using lower case letters.

As Farelf said, you can check your IP address on the scbl. spam that spoofs the domain by forging the email addresses at a domain in the return path are usually not the cause of listing on reputable blocklists which use the unforgable IP address only.

If you work for an ISP, then you probably should take some time and read the Why Am I Blocked? FAQ for admins. (it wouldn't hurt to read the part for end users - it might help you to explain to customers how and why emails get blocked) There is lots of information on these pages and in the spamcop wiki that would probably help you to understand what is going on with blocklists so that you can keep your network from being blocked and know what to do if it does happen.

Let us know if you have more questions. Or if you find out whether secureserver is trustworthy.

Miss Betsy

PS Google is your friend. It looks from a quick look at a google search that secureserver.net is GoDaddy. There is even a spamcop discussion from a year ago about problems with forwarding/relaying.

Share this post


Link to post
Share on other sites

It looks as though you are asking if secureserver.net is trustworthy because it does reference spamcop. The spamcop blocklist is entirely automatic - listing stops when spam stops - so if secureserver is claiming that it can unblock you at spamcop, it probably is not trustworthy. Perhaps someone else who has had experience with that site will have a more informed answer.

I just went to the main site http://unblock.secureserver.net/ and it appears to tell me the same thing even though there was no IP address identified: This IP or IP range has been identified as a source of spam or virus email. If this problem has been resolved, please enter the information below to submit an unblock request.

There is a list on the left hand side which is listed as: Other resources

spamhaus.org

spamcop.net

senderbase.org

openrbl.org

It does not look to be legit to me, or at the very best, not a very well designed site.

BTW: Just realized this is in the mailhost configuration forum. Moving it to the Lounge (since it does not directly relate to spamcop) with this post.

Share this post


Link to post
Share on other sites

Ah, more time now. Miss Betsy and StevenUnderwood have filled in the blanks. Further thoughts, trying to make sense of it all if it happened that the link was legitimate. If your IP address is listed in one of the blocklists that service may offer to whitelist your email address. SiteAdvisor offers some pretty comforting information concerning secureserver.net and its affiliations. The GoDaddy (host) support forum just says "use it". LinkScanner finds no obvious exploits at unblock.secureserver.net If your IP address is not listed on any of the referenced BLs, the service could be fronting some sort of a greylisting service. Could be.

But we don't know. Google reveals a number of people who are quite paranoid about it. Another time secureserver was raised in these pages, the unblock. feature was not evident - Secureserver, 553 "relaying denied", secureserver rejecting mail from spamcop. I see *both* secureserver.net and unblock.secureserver.net are hosted by GoDaddy which is slightly reassuring.

You don't have to decide unless the blocking continues and is a problem.

Share this post


Link to post
Share on other sites

The "secureserver.net" domain isn't merely "hosted by GoDaddy"....it's used for parking and SMTP services for millions of GoDaddy-registered domains, so it's an internal domain used only by the GoDaddy company. Sure, the unblock page looks a bit anonymous/clunky, but it's nothing nefarious.

DT

Edited by DavidT

Share this post


Link to post
Share on other sites
The "secureserver.net" domain isn't merely "hosted by GoDaddy"....it's used for parking and SMTP services for millions of GoDaddy-registered domains, so it's an internal domain used only by the GoDaddy company. Sure, the unblock page looks a bit anonymous/clunky, but it's nothing nefarious.

Yeah, now the site contains the following stupidity:

Verify that your rDNS contains a name that includes "mail", "SMTP", "relay", or "MX". For example: mail.example.com, smtp.example.com, or mx1.example.com.

Stupid, but not nefarious. This requirement they've set doesn't match any best practice document I've ever heard of. :(

Share this post


Link to post
Share on other sites
...
Verify that your rDNS contains a name that includes "mail", "SMTP", "relay", or "MX". For example: mail.example.com, smtp.example.com, or mx1.example.com.
Stupid, but not nefarious. This requirement they've set doesn't match any best practice document I've ever heard of. ...
Yet I've seen that quoted elsewhere - and secureserver.net themselves are being quoted by other "sources" - such as AVOIDING ANTI-spam FILTERS. Accordingly I wouldn't take it as trying to stipulate what a particular rDNS name should be (because that certainly shouldn't be taken as arbitrary) but as an indication of what some of the problem might be/help in eliminating possibilities, if mail is being blocked (ie, through not using a 'regular' mail service). I'm sure there is, indeed, a much better way for them to express that if that was the intention. Thinking about just what a more appropriate expression might be (and, as usual, quite undeterred by a lack of knowledge) it seems to me they might be trying to cover 'way too much ground too briefly.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×