jgrout Posted March 30, 2004 Share Posted March 30, 2004 Since my ISP refuses to accept any email that originates from a server on Spamcop's blocklist, mail sent to my email alias at the IEEE Computer Society (computer.org) is being bounced right now and has been bounced pretty much continuously for the last several days. Right now, the Computer Society's email forwarding servers flemming.computer.org (IP 206.99.235.24) and stibitz.computer.org (IP 206.99.235.25) are blocklisted by Spamcop over a handful of spam reports turned in over the last few days. Since the Computer Society refuses to give out the phone number or email address of their IT folks, it may be days before my problem report to the society's "help" address actually reaches a techie who knows what an IP address (and Spamcop) are. If possible, please unblock these servers ASAP. Thank you, John R. Grout Link to comment Share on other sites More sharing options...
turetzsr Posted March 30, 2004 Share Posted March 30, 2004 Hi, John! ...These servers should be de-listed within about 48 hours after the last spam report, assuming they are not sending e-mail to so-called "spam traps." If they keep sending spam, they will not be de-listed automatically. ...You may want to have a look at SpamCop - Help for spam report recipients Pinned: FAQ Entry: Why is my email blocked? Who appointed you the "cop" of the internet? Where do you get off? How can I be de-listed Pinned: Why Am I Blocked FAQ Pinned: Cost of spam Pinned: FAQ Entry: Why is my email blocked? How can I get removed from SpamCop's blocking system? Link to comment Share on other sites More sharing options...
Ellen Posted March 31, 2004 Share Posted March 31, 2004 Since my ISP refuses to accept any email that originates from a server on Spamcop's blocklist, mail sent to my email alias at the IEEE Computer Society (computer.org) is being bounced right now and has been bounced pretty much continuously for the last several days. Right now, the Computer Society's email forwarding servers flemming.computer.org (IP 206.99.235.24) and stibitz.computer.org (IP 206.99.235.25) John R. Grout Thanks -- I took care of this -- the IPs are in the delist process Link to comment Share on other sites More sharing options...
Wazoo Posted March 31, 2004 Share Posted March 31, 2004 Since my ISP refuses to accept any email that originates from a server on Spamcop's blocklist, mail sent to my email alias at the IEEE Computer Society (computer.org) is being bounced right now and has been bounced pretty much continuously for the last several days. Right now, the Computer Society's email forwarding servers flemming.computer.org (IP 206.99.235.24) and stibitz.computer.org (IP 206.99.235.25) John R. Grout Thanks -- I took care of this -- the IPs are in the delist process Just out of curiosity, what in this case made it so easy for you to "take care of it" ???? From this side of the system, all that can be seen is 20 reports from less than 10 people and samples that certainly have the appearance of being spammy. So, what signs could "we" have seen that would have caused a response other than Steve's for instance? Link to comment Share on other sites More sharing options...
jseymour Posted March 31, 2004 Share Posted March 31, 2004 Just out of curiosity, what in this case made it so easy for you to "take care of it" ???? From this side of the system, all that can be seen is 20 reports from less than 10 people and samples that certainly have the appearance of being spammy. So, what signs could "we" have seen that would have caused a response other than Steve's for instance? None that I can think of. Since Spamcop removed the public evidence for listings, I've stopped defending them when people complain about listings. Link to comment Share on other sites More sharing options...
Max Posted March 31, 2004 Share Posted March 31, 2004 Hey, why not just say "thanks" to SpamCop Ellen for unblocking a site whose "guiltyness" seems rather uncertain ? I thinks it'a a good idea to maintain usefullness and acceptance of SpamCop blacklists by being rather tolerant w.r.t. IP's of "honest" sites, even if a few "bad" elements have discredited these servers be sending some "real" spams. E.g. the network people of my instituion refuse use of blacklist because they say their mission is to assure delivery of 100% of all non spam e-mails. (I agree that that's maybe not a good choice w.r.t. overall productivity...) So it would be better for me if there was a very reduced blacklist of 100% certified "evil" IP numbers, rather that an almost complete and minutewise updated list of IP numbers from which somwhen some spam has been sent (or maybe only reported by error by some unconscious Spamcop user). PS: [added later] The following message of "yourbuddy" explains maybe better what I want to say: http://forum.spamcop.net/forums/index.php?...findpost&p=3149 And as a loyal Spamcop member, I would like to see it staying popular... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 31, 2004 Share Posted March 31, 2004 So it would be better for me if there was a very reduced blacklist of 100% certified "evil" IP numbers, rather that an almost complete and minutewise updated list of IP numbers from which somwhen some spam has been sent (or maybe only reported by error by some unconscious Spamcop user). Then you do not want the SpamCop BL, which is designed to catch spam runs "in progress". It is meant to be quick on the trigger and quick to remove. There are other BL's which might be of use in your situation. Hey, why not just say "thanks" to SpamCop Ellen for unblocking a site whose "guiltyness" seems rather uncertain ? Because from the evidence we can see, that is not the case. The question was "What can we (as ordinary users) use to see this was worthy of delisting and send the original poster to a deputy rather than having then understand why they were blocked, as was done here. We are trying to provide the best accurate help we can here. even if a few "bad" elements have discredited these servers be sending some "real" spams. If spam is currently coming (or recently came) from the server, it is appropriate for the server to be listed as that is the "charter" for this list. Link to comment Share on other sites More sharing options...
jcrm Posted March 31, 2004 Share Posted March 31, 2004 possibly the spams were being passed through the servers as part of their normal email forwarding function. If this were the case then the spam would have been misreported, and Ellen was correcting the mistake (the new mailhost system would take care of this) Link to comment Share on other sites More sharing options...
Wazoo Posted April 1, 2004 Share Posted April 1, 2004 were being passed through the servers as part of their normal email forwarding function This scenario would rather suggest that these servers were mis-configured, thus breaking the chain somewhere during the parse and looking like the injection point. (the new mailhost system would take care of this) and where might this be documented, especially in the suggested case above? Link to comment Share on other sites More sharing options...
Max Posted April 2, 2004 Share Posted April 2, 2004 I have some doubt that mis-configuring a mail server can make it "break the chain" as you say [i.e. making it discard the firstmost 'Received' line, if I understand well...] (well, Microsoft might add such an option and call this a feature...) PS : (concerning former messages) I agree that *quick* spam reporting and blocking is important, the aim being to save internet and personal resources... but one should keep this aim in mind, and why not derogate to the automated procedure if this would be helpful? (e.g. when bounces and complaints of (very) many users create more network traffic than (one or a few but exceptional) spams...?) Link to comment Share on other sites More sharing options...
Wazoo Posted April 2, 2004 Share Posted April 2, 2004 I have some doubt that mis-configuring a mail server can make it "break the chain" as you say [i.e. making it discard the firstmost 'Received' line, if I understand well...] No, it's usually an issue of a larger system that does internal hand-offs between multiple machines, and these hand-offs are notreflected within the headers. Say one server acts as the main gateway, filtering, virus scanning, etc. ... Then when it's done, it passes the e-mail to the next destination server, say one server for Corporate headquarters in "this" building, or Forwarding it across the contry to the Engineering Branch. If these transfers between Corporate servers isn't correctly identified in the headers, then the "alleged spam recipient" reports the spam, but due to the misconfigurations, the "chain test" stops at the Corporate Headquarters server, so that's the one that is determined to be the injection point, because all the ones before / under that one appear to be bogus, as there's no path showing for how the e-mail got from one server to another. Link to comment Share on other sites More sharing options...
yourbuddy Posted April 3, 2004 Share Posted April 3, 2004 Not getting an answer (again) from SpamCop Staff, are you?? Here you are, defending the honesty and integrity of SpamCop and you get no answer as to why these servers were magically delisted. So far, it looks like it is just "up the Wazoo" (pun) Link to comment Share on other sites More sharing options...
jcrm Posted April 3, 2004 Share Posted April 3, 2004 were being passed through the servers as part of their normal email forwarding function This scenario would rather suggest that these servers were mis-configured, thus breaking the chain somewhere during the parse and looking like the injection point. (the new mailhost system would take care of this) and where might this be documented, especially in the suggested case above? I prefer "not behaving as spamcop's parser expects" to misconfigured. Not being able to see the headers for the message, I can't comment further. But should this be the case, and the servers were innocently forwarding spam, those addresses that have reported spam that came through these servers wouldn't get them blacklisted as they would have registered the relevant path Link to comment Share on other sites More sharing options...
Ellen Posted April 4, 2004 Share Posted April 4, 2004 Since my ISP refuses to accept any email that originates from a server on Spamcop's blocklist, mail sent to my email alias at the IEEE Computer Society (computer.org) is being bounced right now and has been bounced pretty much continuously for the last several days. Right now, the Computer Society's email forwarding servers flemming.computer.org (IP 206.99.235.24) and stibitz.computer.org (IP 206.99.235.25) John R. Grout Thanks -- I took care of this -- the IPs are in the delist process Just out of curiosity, what in this case made it so easy for you to "take care of it" ???? From this side of the system, all that can be seen is 20 reports from less than 10 people and samples that certainly have the appearance of being spammy. So, what signs could "we" have seen that would have caused a response other than Steve's for instance? It was user problems mainly. I suspended accounts, beat about the head and shoulders with the cluebat, helped to solve the problem, made some system changes and reinstated after appropriate groveling. And, oh yeah, delisted the IPs. Do not take all the previous statements too literally. Link to comment Share on other sites More sharing options...
Wazoo Posted April 4, 2004 Share Posted April 4, 2004 I suspended accounts, beat about the head and shoulders with the cluebat, helped to solve the problem, made some system changes and reinstated after appropriate groveling. And, oh yeah, delisted the IPs. Ever the angel <g> ... thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.