Jump to content

Blacklisted Again?


Armorbeast

Recommended Posts

I came in here once before because my server got blacklisted and it appears that maybe it has been again.Last time I was here I was very angry and not handling my anger very well,my mother had died in June thanks to her doctors botching up her case every step of the way...had a lot of stress and a lot of anger building up inside so when I was basically told if I didn't like it move to another server I was more than a bit ticked since thats not as simple as was implied.

I still don't like the set up or being puniched cause someone else on my server got it blacklisted,but at least I understand now its not Spamcops fault but rather the way servers are set up so you really don't have a choice.

This is my server st03.startlogic.com. and I do believe it has been blacklisted if the info I found on this 66.235.197.114 is correct.Not gonna raise hell,just wondering if there is any progress on ways Spamcop might be able to go after the offender and not the server.

On a second note,I keep getting spam with my personal isp sonet.net listed as the senders email provider and yet they assure me these people are not using their server and it shouldn't have their addy in the senders url.I know I'm being a bit vague here but was wondering if you have any idea what could be going on as I would like to report this but I don't want to get my own isp blacklisted y'know...and if there is something else that could be going on I definately don't want to get them blacklisted.

Thank you

Link to comment
Share on other sites

For the first part of your request, the following information from: http://www.spamcop.net/w3m?action=blcheck&ip=66.235.197.114

66.235.197.114 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 17 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam about 20 times in the past week

Also, from some additional information I can get as a paid subscriber, there appear to be some 419 type spam coming from your server. Contact your abuse desk and ask them to address these and remove the spammer (or infected machine) and your problems will go away.

Here are some of the subject lines:

Submitted: Saturday, November 27, 2004 6:04:25 PM -0500:

Good Day!!

Submitted: Saturday, November 27, 2004 5:32:22 PM -0500:

Kind assistance

Submitted: Saturday, November 27, 2004 3:01:08 PM -0500:

mutual benefit

Submitted: Saturday, November 27, 2004 1:02:08 PM -0500:

Expedient Interest

Submitted: Saturday, November 27, 2004 1:02:07 PM -0500:

Expedient Interest

Submitted: Saturday, November 27, 2004 1:02:07 PM -0500:

Expedient Interest

Submitted: Saturday, November 27, 2004 10:07:19 AM -0500:

EXpedient interest

Submitted: Saturday, November 27, 2004 8:54:37 AM -0500:

mutual benefit

Submitted: Saturday, November 27, 2004 7:20:25 AM -0500:

SWEEPSTAKE

Submitted: Thursday, November 25, 2004 2:12:03 PM -0500:

PARTNER WITH ME

For the second part, if it is only the email address and not the email servers listed in the received line headers, I would venture to say almost all abuse desks realize these email addresses are forged and to not trust them. The important part, and what spamcop uses to determine source, are the actual email headers added by each server the message has traversed.

In addition, switching servers is generally as simple as telling your service you are not getting the service you are paying for due to the spamcop listing caused by one of their customers and demanding being moved to another unlisted server. I needed to do it once and I did not need to do a thing at my end as they also handled the DNS for our site.

Link to comment
Share on other sites

Unfortunatley, it appears that more reports are coming in on a continuing spew .. The BL currently showing 20 hours for delisting.

SenderBase shows;

Report on IP address: 66.235.197.114

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 5.1 ... 372%

Last 30 days .. 4.5 .... 14%

Average ........ 4.4

Definitely signs of a major spam issue going on with this server.

A small (?) problem noticed by some of the SpamCop parsing reoutines;

Looking for potential administrative email addresses for 66.235.197.114:

cannot find an mx for st03.startlogic.com

162.42.207.45 is an mx ( 10 ) for startlogic.com

Your ISP shows 41 machines known to send mail at present ... too many for me to try to walk through all of them to see what they "look" like ... just agreeing with Steven's words above .. there are a number of other servers available from that system.

And the next level of issue ... the primary owner of this IP block is iPowerWeb ... and though I won't say that the search thing in this this works 'great' ... just a search "here" now brings up 42 incidents of that outfit here, and unfortunately, the general theme is that they don't react quickly to handle these things. (Noting that there are 2757 users listed as registered here, and the majority of them have never posted a thing ... extrapolate those numbers to the quantity of e-mail users around the world ...)

on ways Spamcop might be able to go after the offender and not the server

There really isn't any way from my side of the screen to figure out which of a thousand users assigned to this one e-mail server might be the one with a compromised computer or is an actual spammer. I can only suggest back to the ISP involved that according to the headers of this e-mail, it was sent from this specific server at a certain time, here are the contents, and hope that the ISP will investigate. Which turns out to be the game-plan behind SpamCop report ... notification to an admin type that there's something going on that needs attention.

Link to comment
Share on other sites

Many domain owners are very much annoyed at having spammers forge their domain name in the From. However, as Wazoo said, most people (and especially adminstrators) know that this is forged.

You might search art101's posts. He has a strategy (in the topic 'Under Attack?') for doing something about this spammer practice and also a recommendation for a good webhost.

What he recommends takes time, so if you don't have the time, know that eventually the spammer switches to another name after a while. There are some people who don't know that the name is forged and it is a good idea to post a disclaimer on your website (one of art101's ideas that is relatively easy).

I am sorry to hear about your mother's death. It is very difficult to lose a parent even when they have lived a long life and it is time for them to go, but worse if there has been a long period of illness as you describe. There is no one else who has known you all your life, through all the stages of growing up, and has always loved you.

Miss Betsy

Link to comment
Share on other sites

Approximately 12 hours later ....

Report on IP address: 66.235.197.114

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 5.1 ... 368%

Last 30 days .. 4.5 ..... 18%

Average ........ 4.4

If there are no reports of ongoing ...... from this system it will be delisted automatically in approximately 8 hours

Maybe the ISP has gotten involved and taken care of things ..???

Link to comment
Share on other sites

Approximately 12 hours later ....

Report on IP address: 66.235.197.114

Volume Statistics for this IPĀ 

Magnitude Vol Change vs. Average

Last day ........ 5.1 ... 368%

Last 30 days .. 4.5 ..... 18%

Average ........ 4.4

If there are no reports of ongoing ...... from this system it will be delisted automatically in approximately 8 hours

Maybe the ISP has gotten involved and taken care of things ..???

20644[/snapback]

Looks OK now -- it delisted.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...