Sign in to follow this  
Followers 0
jgrout

Computer.Org Email Servers On Blocklist

15 posts in this topic

Since my ISP refuses to accept any email that originates

from a server on Spamcop's blocklist, mail sent to my

email alias at the IEEE Computer Society (computer.org)

is being bounced right now and has been bounced pretty

much continuously for the last several days.

Right now, the Computer Society's email forwarding

servers

flemming.computer.org

(IP 206.99.235.24)

and

stibitz.computer.org

(IP 206.99.235.25)

are blocklisted by Spamcop over a handful of spam

reports turned in over the last few days.

Since the Computer Society refuses to give out the

phone number or email address of their IT folks, it

may be days before my problem report to the society's

"help" address actually reaches a techie who knows

what an IP address (and Spamcop) are.

If possible, please unblock these servers ASAP.

Thank you,

John R. Grout

Share this post


Link to post
Share on other sites

Hi, John!

...These servers should be de-listed within about 48 hours after the last spam report, assuming they are not sending e-mail to so-called "spam traps." If they keep sending spam, they will not be de-listed automatically.

...You may want to have a look at

Share this post


Link to post
Share on other sites
Since my ISP refuses to accept any email that originates

from a server on Spamcop's blocklist, mail sent to my

email alias at the IEEE Computer Society (computer.org)

is being bounced right now and has been bounced pretty

much continuously for the last several days.

Right now, the Computer Society's email forwarding

servers

flemming.computer.org

(IP 206.99.235.24)

and

stibitz.computer.org

(IP 206.99.235.25)

John R. Grout

Thanks -- I took care of this -- the IPs are in the delist process

Share this post


Link to post
Share on other sites
Since my ISP refuses to accept any email that originates

from a server on Spamcop's blocklist, mail sent to my

email alias at the IEEE Computer Society (computer.org)

is being bounced right now and has been bounced pretty

much continuously for the last several days.

Right now, the Computer Society's email forwarding

servers

flemming.computer.org

(IP 206.99.235.24)

and

stibitz.computer.org

(IP 206.99.235.25)

John R. Grout

Thanks -- I took care of this -- the IPs are in the delist process

Just out of curiosity, what in this case made it so easy for you to "take care of it" ???? From this side of the system, all that can be seen is 20 reports from less than 10 people and samples that certainly have the appearance of being spammy. So, what signs could "we" have seen that would have caused a response other than Steve's for instance?

Share this post


Link to post
Share on other sites
Just out of curiosity, what in this case made it so easy for you to "take care of it" ????  From this side of the system, all that can be seen is 20 reports from less than 10 people and samples that certainly have the appearance of being spammy.  So, what signs could "we" have seen that would have caused a response other than Steve's for instance?

None that I can think of. Since Spamcop removed the public evidence for listings, I've stopped defending them when people complain about listings.

Share this post


Link to post
Share on other sites

Hey, why not just say "thanks" to SpamCop Ellen for unblocking a site whose "guiltyness" seems rather uncertain ?

I thinks it'a a good idea to maintain usefullness and acceptance of SpamCop blacklists by being rather tolerant w.r.t. IP's of "honest" sites, even if a few "bad" elements have discredited these servers be sending some "real" spams.

E.g. the network people of my instituion refuse use of blacklist because they say their mission is to assure delivery of 100% of all non spam e-mails. (I agree that that's maybe not a good choice w.r.t. overall productivity...)

So it would be better for me if there was a very reduced blacklist of 100% certified "evil" IP numbers,

rather that an almost complete and minutewise updated list of IP numbers from which somwhen some spam has been sent (or maybe only reported by error by some unconscious Spamcop user).

PS: [added later] The following message of "yourbuddy" explains maybe better what I want to say:

http://forum.spamcop.net/forums/index.php?...findpost&p=3149

And as a loyal Spamcop member, I would like to see it staying popular...

Edited by Max

Share this post


Link to post
Share on other sites
So it would be better for me if there was a very reduced blacklist of 100% certified "evil" IP numbers, rather that an almost complete and minutewise updated list of IP numbers from which somwhen some spam has been sent (or maybe only reported by error by some unconscious Spamcop user).

Then you do not want the SpamCop BL, which is designed to catch spam runs "in progress". It is meant to be quick on the trigger and quick to remove. There are other BL's which might be of use in your situation.

Hey, why not just say "thanks" to SpamCop Ellen for unblocking a site whose "guiltyness" seems rather uncertain ?

Because from the evidence we can see, that is not the case.

The question was "What can we (as ordinary users) use to see this was worthy of delisting and send the original poster to a deputy rather than having then understand why they were blocked, as was done here. We are trying to provide the best accurate help we can here.

even if a few "bad" elements have discredited these servers be sending some "real" spams.

If spam is currently coming (or recently came) from the server, it is appropriate for the server to be listed as that is the "charter" for this list.

Share this post


Link to post
Share on other sites

possibly the spams were being passed through the servers as part of their normal email forwarding function. If this were the case then the spam would have been misreported, and Ellen was correcting the mistake (the new mailhost system would take care of this)

Share this post


Link to post
Share on other sites
were being passed through the servers as part of their normal email forwarding function

This scenario would rather suggest that these servers were mis-configured, thus breaking the chain somewhere during the parse and looking like the injection point.

(the new mailhost system would take care of this)

and where might this be documented, especially in the suggested case above?

Share this post


Link to post
Share on other sites

I have some doubt that mis-configuring a mail server can make it "break the chain" as you say

[i.e. making it discard the firstmost 'Received' line, if I understand well...]

(well, Microsoft might add such an option and call this a feature...)

PS : (concerning former messages) I agree that *quick* spam reporting and blocking is important, the aim being to save internet and personal resources... but one should keep this aim in mind, and why not derogate to the automated procedure if this would be helpful? (e.g. when bounces and complaints of (very) many users create more network traffic than (one or a few but exceptional) spams...?)

Edited by Max

Share this post


Link to post
Share on other sites
I have some doubt that mis-configuring a mail server can make it "break the chain" as you say [i.e. making it discard the firstmost 'Received' line, if I understand well...]

No, it's usually an issue of a larger system that does internal hand-offs between multiple machines, and these hand-offs are notreflected within the headers.

Say one server acts as the main gateway, filtering, virus scanning, etc. ... Then when it's done, it passes the e-mail to the next destination server, say one server for Corporate headquarters in "this" building, or Forwarding it across the contry to the Engineering Branch. If these transfers between Corporate servers isn't correctly identified in the headers, then the "alleged spam recipient" reports the spam, but due to the misconfigurations, the "chain test" stops at the Corporate Headquarters server, so that's the one that is determined to be the injection point, because all the ones before / under that one appear to be bogus, as there's no path showing for how the e-mail got from one server to another.

Share this post


Link to post
Share on other sites

Not getting an answer (again) from SpamCop Staff, are you??

Here you are, defending the honesty and integrity of SpamCop

and you get no answer as to why these servers were magically

delisted. So far, it looks like it is just "up the Wazoo" (pun) ;)

Share this post


Link to post
Share on other sites
were being passed through the servers as part of their normal email forwarding function

This scenario would rather suggest that these servers were mis-configured, thus breaking the chain somewhere during the parse and looking like the injection point.

(the new mailhost system would take care of this)

and where might this be documented, especially in the suggested case above?

I prefer "not behaving as spamcop's parser expects" to misconfigured. Not being able to see the headers for the message, I can't comment further.

But should this be the case, and the servers were innocently forwarding spam, those addresses that have reported spam that came through these servers wouldn't get them blacklisted as they would have registered the relevant path

Share this post


Link to post
Share on other sites
Since my ISP refuses to accept any email that originates

from a server on Spamcop's blocklist, mail sent to my

email alias at the IEEE Computer Society (computer.org)

is being bounced right now and has been bounced pretty

much continuously for the last several days.

Right now, the Computer Society's email forwarding

servers

flemming.computer.org

(IP 206.99.235.24)

and

stibitz.computer.org

(IP 206.99.235.25)

John R. Grout

Thanks -- I took care of this -- the IPs are in the delist process

Just out of curiosity, what in this case made it so easy for you to "take care of it" ???? From this side of the system, all that can be seen is 20 reports from less than 10 people and samples that certainly have the appearance of being spammy. So, what signs could "we" have seen that would have caused a response other than Steve's for instance?

It was user problems mainly. I suspended accounts, beat about the head and shoulders with the cluebat, helped to solve the problem, made some system changes and reinstated after appropriate groveling. And, oh yeah, delisted the IPs.

Do not take all the previous statements too literally.

Share this post


Link to post
Share on other sites
I suspended accounts, beat about the head and shoulders with the cluebat, helped to solve the problem, made some system changes and reinstated after appropriate groveling. And, oh yeah, delisted the IPs.

Ever the angel <g> ... thanks.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0