Is SpamCop causing my problem????

[rrdavis07]

I'm the new email administrator at my new job, trying to figure out a delivery issue we are having through our Exchange 2003 server. In the process of investigating the problem, I ran across a reference to SpamCop in a problem report peripherally related the the issue I'm investigating. I would appreciate any assistance I can get to rule out (or in) SpamCop as part of our problem.

We have an Exchange 2003 server running over Win2003 server. When I send an email out to a distribution group that is comprised of external email addresses, I get Non-delivery Reports back on probably 20% of the list.

Then, on June 4 I happened to set up my Outlook here at the office to access my home pop3 account and have been receiving my home email here at the office since that time. This was not related to my investigation, but on June 9, I received the following email

-----Original Message-----

From: Texas Christian University LISTSERV Server (14.4) [mailto:LISTSERV[at]LISTSERV.TCU.EDU]

Sent: Saturday, June 09, 2007 12:00 AM

To: Randy Davis

Subject: Your removal from the SCOUTS-L list

Sat, 9 Jun 2007 00:00:27

You have been automatically removed from the SCOUTS-L list (SCOUTS-L - Youth Groups Discussion List) as a result of repeated delivery error reports from your mail system. This decision was based on the automatic error monitoring policy in effect for the list, and has not been reviewed or otherwise confirmed by a human being. If you receive this message, it means that something is wrong: while you are obviously able to receive mail, your mail system has been regularly reporting that your account did not exist, or that you were otherwise permanently unable to receive mail.

Here is some information which may assist you or your local help desk in determining the cause of the problem:

- The failing address is randy[at]DAVISFAMILYONLINE.NET.

- The first error was reported on 2007-06-04.

- Since then, a total of 93 delivery errors have been received.

- The last reported error was: 5.0.0 550 138.237.38.50 is listed at bl.spamcop.net

PLEASE DO NOT IGNORE THIS MESSAGE. While you can of course re-subscribe to the list, it is important for you to report this problem to your mail administrator so that it can be solved. This problem is not specific to the SCOUTS-L list, and also affects your private mail. This means that YOU HAVE PROBABLY LOST SOME PRIVATE MAIL AS WELL. Anyone trying to write to you during the same time frame will probably have received the same errors for the same reason. The SCOUTS-L list is but one of the many people who may have tried to write to you while your mail system was malfunctioning.

DO NOT LET TECHNICAL PEOPLE CONVINCE YOU THAT THIS IS NORMAL. It is never normal for a mail system to claim that a valid, working account does not exist, just as it would not be normal for the post office to return some of your mail with "addressee unknown" when the address was written correctly. It is true that some mail systems are less reliable than others, and your technical people may be doing the best they can with the tools they have. But, ultimately, the level of service that you are receiving is the result of a business decision, and not something due to a universal technical limitation that one can only accept. Reliable mail systems do exist, and it is ultimately up to you to decide whether this level of service is acceptable or not.

Note the bl.spamcop.net reference in the email. This is my only clue that SpamCop might be involved in this issue. While this appears to be peripheral to our Delivery Failure Reports, it is too much of a coincidence to ignore. Outgoing corporate mail is receiving Delivery Failures on certain addresses--most of which are known to be valid, then when I start accessing personal mail, I begin to generate deliver errors on what is obviously a valid address.

I don't know enough about SpamCop to know whether it is part of the problem or not--Please help me rule them in or rule them out. And answer why they were listed in my delivery failure report. What additional information will be useful to make this determination. To my knowledge, we do not use the services of SpamCop. We are an educational institution and only send external emails to parents and other stakeholders of the school, along with other contacts necessary to conduct our business.

Randy Davis

System's Administrator

The Independent School

Wichita, KS

------------------------------------------------------

Additional information that might be useful:

I realize that this may be two unrelated issues, but I doubt it.

Information about SCOUTS-L and my personal mail: I continued receiving messages from the SCOUTS-L List, but apparently, 93 other messages were bounced back. The first bounce occurred the same day I started accessing my personal email through our corporate email server. No problems before this. I continue to receive other email, however I have never received a particular personal email from a sender who assures my he sent a message twice, but I never received it and he never received a delivery failure report.

Information regarding mail sent from our email server: A test email I sent out produced 135 Delivery Failure Reports. 3 of these reports came in messages generated by the recipients mail server (YAHOO). The rest were messages generated by our own server. Error codes included: 5.5.0; 5.1.1; 5.3.0; 2.0.0; and 5.7.1. I realize that some of these errors will be legitimate (address typed in wrong, etc).

[agsteele]

A quick check confirms:

138.237.38.50 not listed in bl.spamcop.net

There are occasional historical reports - the most recent being on 2nd and 4th June.

Submitted: 04 June 2007 10:37:13 +0100:

INTLEVENTS-L: confirmation required (2A1D47C5)

* 2317905193 ( 138.237.38.50 ) To: postmaster[at]tcu.edu

Submitted: 02 June 2007 21:42:17 +0100:

* 2315789192 ( 138.237.38.50 ) To: postmaster[at]tcu.edu

I cannot see the content behind these reports but they may be misreported items. You would need to raise this with deputies[at]spamcop.net to get more information.

There is nothing untoward showing on SenderBase

Andrew

[Wazoo]

My interpretation of your query is flawed, I'm sure. I'm reading your inclusion of apples, oranges, and a few of the red balls from the snooker table tossed into your post. This makes it pretty hard to pin down one answer that resolves 'everything' ... this is also why so many folks spent so much time to generate and provide the data in the FAQs, Dictionary, Glossary, Wiki, etc. such that the requested/suggested plan of attack in How to ask a good question could happen.

I'm the new email administrator at my new job, trying to figure out a delivery issue we are having through our Exchange 2003 server. In the process of investigating the problem,

We have an Exchange 2003 server running over Win2003 server. When I send an email out to a distribution group that is comprised of external email addresses, I get Non-delivery Reports back on probably 20% of the list.

OK, so you're in charge of something and there are issues, starting with an out-of-date list of addresses. There are entries in the SpamCop FAQ here that deal with these types of issues. If this query was actually about "this" server, then I'll also point out that you skipped over other Pinned/Bold titled entries that reflect that the IP address of that server would be an issue to be defined. Yet, further reading of your post seems to suggest that this server doesn't have anything to do with your actual question ... (or does it? I can't figure it out, actually.)

I ran across a reference to SpamCop in a problem report peripherally related the the issue I'm investigating. I would appreciate any assistance I can get to rule out (or in) SpamCop as part of our problem.

You've not mentioned the outgoing IP address involved with this server, not mentioned receiving any SpamCop reports, etc. .... You're posting 'from' an IP address that does track back to a system that calls itself 'mail.xxx.com' (located within a Cox IPA block) ... but this doesn't mean that it is the same outgoing address as actual outgoing e-mail.

Then, on June 4 I happened to set up my Outlook here at the office to access my home pop3 account and have been receiving my home email here at the office since that time. This was not related to my investigation,

As I stated above, this is where the real confusion starts. You started off by talking about the server "at work" but now asking about a rejection message actually received at another ISP hosted e-mail account ... and again, failed to mention any of the specifics involved there.

but on June 9, I received the following email

Note the bl.spamcop.net reference in the email. This is my only clue that SpamCop might be involved in this issue. While this appears to be peripheral to our Delivery Failure Reports, it is too much of a coincidence to ignore.

Having a real hard time discerning your "coincidence" here.

Outgoing corporate mail is receiving Delivery Failures on certain addresses--most of which are known to be valid, then when I start accessing personal mail, I begin to generate deliver errors on what is obviously a valid address.

Sounds like a lot of guesswork going on there. More guesswork would be involved from this side of the screen to come up with anything, based on the lack of data ... noting that nothing said here actually seems to directly involved SpamCop.nat ...????

I don't know enough about SpamCop to know whether it is part of the problem or not--Please help me rule them in or rule them out. And answer why they were listed in my delivery failure report. What additional information will be useful to make this determination. To my knowledge, we do not use the services of SpamCop. We are an educational institution and only send external emails to parents and other stakeholders of the school, along with other contacts necessary to conduct our business.

First of all, you seem to be asking for a complete explanation of how the SpamCopDNSBL works .... that is already addressed in several FAQs, to include the 'official' FAQ, and it's the state of that FAQ that caused the creation of the alternative venues provided 'here' .... As to what other information is required, see the above, read those items that you chose not to look at before making your first post, read some of the other Topics/Discussions already in place to see how things actually work, get resolved, etc.

Information about SCOUTS-L and my personal mail: I continued receiving messages from the SCOUTS-L List, but apparently, 93 other messages were bounced back. The first bounce occurred the same day I started accessing my personal email through our corporate email server. No problems before this. I continue to receive other email, however I have never received a particular personal email from a sender who assures my he sent a message twice, but I never received it and he never received a delivery failure report.

Again, no data provided on this server, but ... could make a guess that it was this server having issues, based on the "probable causes" mentioned in the 'reason for dropping' message. Have you taken this up with that ISP?

Information regarding mail sent from our email server: A test email I sent out produced 135 Delivery Failure Reports. 3 of these reports came in messages generated by the recipients mail server (YAHOO). The rest were messages generated by our own server. Error codes included: 5.5.0; 5.1.1; 5.3.0; 2.0.0; and 5.7.1. I realize that some of these errors will be legitimate (address typed in wrong, etc).

Not even going to try to guess at stuff not defined or seen. When is the last time this mailing list was "cleaned / updated" ?????

What does a Texas based mail-list server have to do with a Witchita school e-mail server? Again, the only thing I can make out of this is that you are using the Witchita server to access your personal e-mail somewhere else, and that 'other InBox' received some personal e-mail that describes issues at that 'other ISP hosted server' .... as stated, I'm having a hard time connecting the dots in order to sort out just what server is actually in question, and just how any of this "delivery issue problem" does relate to SpamCop.net or the SpamCopDNSBL ....

The only "clue" here seems to be that your "other ISP hosted e-mail account" is set up to use the SpamCopDNSBL in a blocking fashion (against SpamCop.net's own recommendations), and at some point in time, the Texas mail-list server was listed, and therefore had that e-mail rejected.

[Telarin]

I can almost guarantee the two events are unrelated. As far as troubleshooting, the first thing we would need to see are the bounces you are getting back from your mailing list. The error numbers simply do not contain enough data to go by, we need to see the reason for the error as well.

On your second question, reguarding the list that you have subscribed to, it appears that the senders server is listed in the spamcop blocklist, and your ISP is using that list for rejecting messages outright (not recommended by spamcop). There are a number of possible approaches you can take here.

The best approach would be to get the sender to address their listing in the SCBL, as it is a widely used list, and almost has to be causing them additional problems. As agsteel points out, their IP address is not currently listed, but apparently has been listed off and on in the past. An email from their mail server admin to the deputies (deputies[at]admin.spamcop.net) would shed some more light on the reason for the listing.

You could also try to convince your ISP to use the SCBL for filtering and tagging of email like spamcop recommends, rather than using it for outright rejection. This is not very likely to be successful however, as your ISP probably saves a substantial sum of money by rejecting these messages and not committing bandwidth, CPU time, and hard drive space to their handling.

[Miss Betsy]

The spamcop blocklist is a list of IP addresses from which spam has been reported as coming. (that's why the IP address of the rejected email is important). If it is a shared mail server, the spam doesn't necessarily come from you, but may be someone else's infected computer.

The spamcop blocklist is entirely automatic. When spam is reported, the IP address goes on the blocklist. When reports stop, the IP address ages off.

IOW, spamcop has nothing to do with why emails bounce. As others have pointed out, some ISPs use the spamcop bl to reject mail at the server level. (although not recommended, IMHO, that is the best use of blocklists because the sender knows the email wasn't delivered. the scbl is very aggressive so that many ISPs use it in conjunction with other blocklists and not as the one that rejects.)

There is also a FAQ item about 'How to use Mailing Lists responsibly' and that includes examining bounces and not sending to that address again. If the people want to be on your list, you must have other ways of contacting them so that they can whitelist your mailing list (just as the mailing list you were on did).

The sending IP address, however, in the end is the only place where things can be fixed. Therefore, the bounces from your mailing list and the bounce you received are not connected.

Spamcop is an early warning system of possible problems. If you are going to use email, then you had better take a crash course on how ISPs handle incoming email to eliminate spam. There are hundreds of blocklists out there - all with different criteria. People here will help you to understand - as long as you realize that you are talking to real people, with all the individual characteristics of real people. No one here is an employee of spamcop - just people interested in the phenomenon of spam and how to combat it. Some, like Wazoo, are very knowledgable; others, like myself, are technically non-fluent (though I understand the concepts).

Miss Betsy