hipshot49 Posted March 26, 2004 Share Posted March 26, 2004 I was forced to disable the Korea Net blacklist from my account, as it suddenly and for no apparent reason, began blacklisting mailings from State of Alaska sites of which I am a member of their mailing lists. I am having a hard time understanding why any official state government email would end up on anyone's blacklist. Link to comment Share on other sites More sharing options...
Merlyn Posted March 26, 2004 Share Posted March 26, 2004 Why would The State of Alaska be using Korean IP's? An example header would be nice to see. Your questions are way to general to answer. What List? Where does the listserver reside (IP Address)? Does it use a confirmed opt-in? Does it have a history of spam? Is it sharing a spammy server? Just way too many variables to answer without anything to go on. Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 26, 2004 Share Posted March 26, 2004 Far be it from me to suggest that government employees could make a mistake, but one guess could be that their servers are compromised. Miss Betsy Link to comment Share on other sites More sharing options...
Keithj Posted March 27, 2004 Share Posted March 27, 2004 The short version: Spamcop seems to think Bigfoot is a Korean spammer. The long version: It may or may not be relevant to this issue, but I just "reactivated" a long-dormant e-mail address that I have at bigfoot.com. A couple of years ago that address was being spammed badly, so I turned it off. I've now turned it back on and set it to forward to my Spamcop.net address. I had plans about what I might do with it if it's no longer being spammed to death - but as it turns out, all mail from it gets blacklisted by Spamcop with the message "Blocked korea.services.net" Maybe bigfoot is in Korea (I always thought it was US-based), but otherwise, is there a symptom somewhere in there to explain the problem above? I'm not concerned about the Bigfoot address - that can go. But if the diagnosis can help someone else, that's great. Link to comment Share on other sites More sharing options...
Wazoo Posted March 27, 2004 Share Posted March 27, 2004 Actually, the WHOIS at the moment says: Organization: Bigfoot Communications Ltd. Bigfoot Communications Limited F. Ramos Street Cebu City, PH 6000 PH Phone: 63 32 4118811 Link to comment Share on other sites More sharing options...
hipshot49 Posted March 27, 2004 Author Share Posted March 27, 2004 In reply to Merlyn. The State of Alaska IS NOT using Korean IP's. They, like pretty much every government entity, have their own system. Email addresses are in the form of whoever[at]whateverdepartment.state.ak.us. korea.services.net is one of the available DNS blacklists one can select for SpamCop email accounts. I originally selected the korea.services.net DNS blacklist because of the high volume of junk emails originating from Korean IP's. My question was why would their DNS blacklist be flagging mail originating from Alaska State servers? Because the list continued to flag such emails, I was forced deselect it and thus, once again am observing a higher volume of junk emails originating from Korean servers. As an aside, the cn.rbl.cluecentral.net China DNS blacklist must be completely useless, as probably 90% of the junk I receive and report originates from that country. Link to comment Share on other sites More sharing options...
Wazoo Posted March 27, 2004 Share Posted March 27, 2004 hipshot49, you started this Topic off with complaint about the use of a "country-based" dnsBL. Then you ask question based on a domain-name "location" ... You been asked to provide some additional data (to help us help you) ... but it doesn't seem to have happened. The State of Alaska IS NOT using Korean IP's. They, like pretty much every government entity, have their own system. Email addresses are in the form of whoever[at]whateverdepartment.state.ak.us. E-mail addresses don't help here, especially if you're going to make them up. That they run their own systems doesn't answer any questions, as there is still the question as to where they get their upstream service. As you're the one seeing the newsletter that started all this off, how about getting around to including some header data that includes the source IP address? Link to comment Share on other sites More sharing options...
hipshot49 Posted March 27, 2004 Author Share Posted March 27, 2004 Enough information? Or would you like their shoe size? OrgName: State of Alaska OrgID: STATEO-18 Address: Department of Administration Address: Network Services Address: 333 Willoughby Street 5th Fl City: Juneau StateProv: AK PostalCode: 99811 Country: US NetRange: 146.63.0.0 - 146.63.255.255 CIDR: 146.63.0.0/16 NetName: NETALASKA NetHandle: NET-146-63-0-0-1 Parent: NET-146-0-0-0-0 NetType: Direct Assignment NameServer: ESPRESSO.STATE.AK.US NameServer: DOGWOOD.STATE.AK.US Comment: RegDate: 1991-01-21 Updated: 2002-04-15 TechHandle: LT307-ARIN TechName: Talley, Larry TechPhone: +1-907-465-2220 TechEmail: hostmaster[at]state.ak.us # ARIN WHOIS database, last updated 2004-03-26 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. Link to comment Share on other sites More sharing options...
Wazoo Posted March 27, 2004 Share Posted March 27, 2004 Not really enough, and especially not specific enough. Waht has now been asked for twice .. the specific IP address that allegedly sources the stuff you say is blocked. Bluntly, there's nothing in the WHOIS data you provided that says the first thing about your mailing list item. checked a couple of known KoreaBL's and don't see this IP range listed. http://www.blackholes.us/zones/country/korea.txt 141.223.0.0-141.223.255.255 141.223.0.0/16 kr 143.248.0.0-143.248.255.255 143.248.0.0/16 kr 147.6.0.0-147.6.255.255 147.6.0.0/16 kr 147.43.0.0-147.43.255.255 147.43.0.0/16 kr 147.46.0.0-147.47.255.255 147.46.0.0/15 kr http://korea.services.net/ 146.63.25.25 is not in korea.services.net http://www.moensted.dk/spam/?addr=146.63.25.25&Submit=Submit [<<|<] 146.63.25.25 [>|>>] was found in 2 lists (of 258 tested) note: You are ALWAYS listet on three or more lists. This do not indicate that you are a SPAMmer, or that anyone is actualy using the list to block mail from you! But again, you're forcing "us" to guess at stuff that only you've got the specific data for. So for the third time, how about some specific data from the headers of the problem mailing? Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 27, 2004 Share Posted March 27, 2004 Maybe you should explain to hipshot49 how to get headers? And ask Keith for headers also? And maybe there is a bug somewhere that is using Korea as the scapegoat for the reason for blocking? Miss Betsy Link to comment Share on other sites More sharing options...
Merlyn Posted March 27, 2004 Share Posted March 27, 2004 I believe know what has happened but like explained already there is not enough info. The States website and mail servers are USA IP's. I believe you have signed up for some info, newsletters (whatever) from Alaskan Info sites. But some of these sites run mail servers in third world countries. Why? Probably because they are spammers or do not run clean lists. We could find this out if we know the IP's of the mail being blocked. I think the state site is actually not part of any of this. If someone is blocked by the Korean blocklist it is because their servers are run out of Korean IP space. IMHO Korea deservers to be blocked. Link to comment Share on other sites More sharing options...
Jeff G. Posted March 27, 2004 Share Posted March 27, 2004 ALL of bigfoot.com's mailservers are in Korean netspace: bigfoot.com MX (Mail Exchanger) Priority: 10 mail-kr.bigfoot.com bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr5.bigfoot.com bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr4.bigfoot.com bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr3.bigfoot.com bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr2.bigfoot.com bigfoot.com MX (Mail Exchanger) Priority: 20 mail-kr1.bigfoot.com bigfoot.com MX (Mail Exchanger) Priority: 40 mail2.bigfoot.com mail-kr.bigfoot.com A (Address) 211.115.216.222 mail-kr.bigfoot.com A (Address) 211.115.216.226 mail-kr.bigfoot.com A (Address) 211.115.216.228 mail-kr.bigfoot.com A (Address) 211.115.216.225 mail-kr.bigfoot.com A (Address) 211.115.216.252 mail-kr5.bigfoot.com A (Address) 211.115.216.252 mail-kr4.bigfoot.com A (Address) 211.115.216.228 mail-kr3.bigfoot.com A (Address) 211.115.216.226 mail-kr2.bigfoot.com A (Address) 211.115.216.225 mail-kr1.bigfoot.com A (Address) 211.115.216.222 mail2.bigfoot.com A (Address) 211.115.216.222 mail2.bigfoot.com A (Address) 211.115.216.225 mail2.bigfoot.com A (Address) 211.115.216.226 mail2.bigfoot.com A (Address) 211.115.216.252 mail2.bigfoot.com A (Address) 211.115.216.228 03/27/04 12:33:25 whois 211.115.216.222[at]whois.nic.or.kr whois -h whois.nic.or.kr 211.115.216.222 ... Çѱ¹ÀÎÅͳÝÁ¤º¸¼¾ÅÍ¿¡¼ Á¦°øÇÏ´Â µµ¸ÞÀÎÀ̸§ µî·ÏÁ¤º¸ Á¶È¸(WHOIS) ¼ºñ½º ÀÔ´Ï´Ù. query: 211.115.216.222 # ENGLISH KRNIC is not ISP but National Internet Registry similar with APNIC. Please see the following end-user contacts for IP address information. IP Address : 211.115.216.0-211.115.216.255 Network Name : GNG-IDC-IHEART Connect ISP Name : ENTERPRISENET Connect Date : 20031007 Registration Date : 20031010 [ Organization Information ] Orgnization ID : ORG215444 Org Name : IHEART State : SEOUL Address : 5F Hongeun 824-22 Yeoksam-Dong Kangnam-Gu Zip Code : 135-080 [ Admin Contact Information] Name : Jinsung Yoon Org Name : IHEART State : SEOUL Address : 5F Hongeun 824-22 Yeoksam-Dong Kangnam-Gu Zip Code : 135-080 Phone : +82-2-2105-6205 Fax : +82-2-2105-6208 E-Mail : support[at]i-heart.co.kr [ Technical Contact Information ] Name : Jinsung Yoon Org Name : IHEART State : SEOUL Address : 5F Hongeun 824-22 Yeoksam-Dong Kangnam-Gu Zip Code : 135-080 Phone : +82-2-2105-6205 Fax : +82-2-2105-6208 E-Mail : support[at]i-heart.co.kr -------------------------------------------------------------------------------- If the above contacts are not rechable, please see the following ISP contacts for relevant information or network abuse complaints. [ ISP IP Admin Contact Information ] Name : Hyo-Sun, Chang Phone : +82-2-2105-6082 Fax : +82-2-2105-6100 E-Mail : ip[at]epnetworks.co.kr [ ISP IP Tech Contact Information ] Name : IP Phone : +82-2-2105-6016 Fax : +82-2-2105-6100 E-Mail : ip[at]epnetworks.co.kr [ ISP Network Abuse Contact Information ] Name : Postmaster Phone : +82-2-2105-6016 Fax : +82-2-2105-6100 E-Mail : abuse[at]epnetworks.co.kr # KOREAN [snipped] As I have mentioned before: I am using all the blacklists except South Korea (korea.services.net, only because I can't whitelist bigfoot.com's mailservers in that country). Link to comment Share on other sites More sharing options...
Wazoo Posted March 28, 2004 Share Posted March 28, 2004 That's the answer to Keithj's issue, but "we're" still looking for data from hipshot49 on the source data on the specific mailing list items. Link to comment Share on other sites More sharing options...
Merlyn Posted March 29, 2004 Share Posted March 29, 2004 That's the answer to Keithj's issue, but "we're" still looking for data from hipshot49 on the source data on the specific mailing list items. I agree! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.