Jump to content

Robert Slade

  • Posts

  • Joined

  • Last visited

Robert Slade's Achievements


Member (2/6)



  1. I've had several of these types of mail. Trouble is that US law only applies in the US. I am in the UK and what they are doing is illegal here. I've also seen statements like this e-mail is sent from outside the EU and does not have to comply to EU rules. In that case it is from a marketing Company in Long Island advertsing what are made to look like UK companies, including using the a very similar Logo as my Hosting Company, but are US based ones. Rob
  2. Having just come to this thread, it looks like something has gone adrift with the responses. You say that your web site was suspended based on a Spamcop report. This seems to me a bit odd. Spamcop reports go to the abuse desk for the originating (mail) IP address and to the abuse desk for the IP address of the spamvertised web site. If the report was one for the web site, then the mail server address is irrelevant. There can be several reasons for your Web site being reported. The first is unsolicited e-mails advertising it. It maybe legal in the US to send such a mail under the Canspam Act, it is not legal in other countries. In addition, any unsolicited mail is spam and can and will be reported. Another cause is that some twisted individual has sent out e-mails advertising your site in order to close it down. This is sometimes known as a Joe Job – do a goggle for a full explanation. If neither are the case, it is also possible that your e-mails to your opt-in list (you do a double opt in don’t you?) have been reported by a Spamcop user. Unfortunately, there are users who opt-in to lists and then report the mail because they don’t bother to check what they are reporting even though there is a warning on the reporting page. Spamcop, suspends these reporters when it happens. You may be able to get some information on what happened from deputies <at> spamcop.net if you supply them with IP addresses etc of your site and mail servers. However, in any case, your hosting ISP should be reacting better, abuse desks being overloaded usually means that they have a major problem and it looks to me that they are just doing a knee jerk reaction instead of investigating properly. The sightings show that their mail servers have a problem (probably the SPTP/auth hack); it maybe that your move to a different hosting service is a blessing in disguise. BTW you are right the SMTP hack refers to an exchange problem. Hope this helps,
  3. Hmm, I've seen what Google says, but they say that they are not doing it randomly, only when someone from the IP address scanned connected to their system. I've checked my logs and can see no outgoing connection to them but they may have provided a route. I would have thought that this sort of activity could be classed as illegal (under UK Law) as it is a hacking atempt. I've put their IP range in my firewall blocked connections just in case. Rob
  4. My firewall is periodically getting hammered by: 08/28/04 07:33:31 dns nslookup Canonical name: proxychecker.yandex.net Addresses: A Whois lookup gives: role: Yandex LLC Network Operations address: Yandex LLC address: 40A Vavilova st. address: 117333, Moscow, Russia phone: +7 095 9743555 fax-no: +7 095 9743565 e-mail: noc[at]yandex.net trouble: ------------------------------------------------------ trouble: Points of contact for Yandex LLC Network Operations trouble: ------------------------------------------------------ trouble: Routing and peering issues: noc[at]yandex.net trouble: spam issues: abuse[at]yandex.ru trouble: Network security issues: abuse[at]yandex.ru trouble: Mail issues: postmaster[at]yandex.ru trouble: General information: info[at]yandex.ru trouble: ------------------------------------------------------ admin-c: VLI1-RIPE admin-c: GVS-RIPE tech-c: KBG2-RIPE notify: noc[at]yandex.net nic-hdl: YNDX1-RIPE mnt-by: YANDEX-MNT changed: gvs[at]yandex-team.ru 20040625 source: RIPE Am I seeing a misconfigured system, or something more sinister Rob
  5. There is something very odd here, the code 553 is Domain does not exist. and the ip block 82.52.73.* is allocated to interbusiness.it not Godaddy. I will restate the previous comments from others. You should not be using a smtp server on a dynamic IP. Most ISPs will reject mail that originates that comes direct from a Dynamic IP. You should route your mail through your ISPs SMTP server. Rob
  6. Merlyn, I don't think he is, smtp.posetteforever.com is hosted by Godaddy and the mx records for the domain also point to Godaddy. However, re reading the posts, it is possible that the OP is using smtp to contact the severs, in which case godaddy maybe picking it his IP address as the source and adding it to the headers. What I don't understand is that it appears to be his ISP that is blocking the mail. Rob
  7. I think that the problem may lay with your computer. It may have a virus or worm which is sending out mail without your knowledge. It is also possible that you did have a virus and it had left some ports open which are being used to relay spam. If you are not running a mail server on your computer, then something on and then .221 is sending mail. The message you posted as far as I can tell is that a server at 82.52.73.* rejected a mail from with a 553 code. Some ISPs quote the Spamcop list when they are rejecting mail rather than the correct reason for the reject. It looks like both the IP addresses you quoted, have had an increase in mail being sent, then dropped in the last 24hr. Neither of the above IP addresses are listed by Spamcop, but 221 is listed by dsbl. It looks like the problem is either your computer or your ISP's mail server rejecting mail when it shouldn't. Rob
  8. Wazoo as usual is right the Ip is listed. Looking at the Stats they are slightly odd. Although they are showing a big increase in traffic, the magnitude is well within Yahoo's normal levels. I also see that (n3a.bulk.scd.yahoo.com) is not listed as a mail server by senderbase. Perhaps this server is new and hence the increase in traffic. The name maybe significant, if it is used for bulk mail then there maybe the odd report of spam from it hence orgiginal listing. If you are still having problems, then it is likely that walla has a some sort of filter that is badly setup. I see what you mean regarding their web site. You could try e-mailing postmaster [at] walla.co.il that may work. If your problem is with walla.com they appear to have an abuse [at] barak013.net.il and postmaster [at] walla.com which are registered with abuse.net Rob
  9. I'm getting a load of these too. They just consist of a header - sometimes even the suject is missing. The consenus is they they are the reamins of a worm that has run it's course. You can report them through SC. Just use the Outlook/Endura hack - header in the top and someting like - no body received in the bottom box. Rob
  10. Hiya, To add to the previous post. It is not clear if you are refereing to your own mailserver or yoo are refereing to your ISPs. The server is owned by dsl.net. If you are from dls.net you should investigate why there is such a dramitic increase in traffic and why it has been sending mail to spamtraps. I has been compromised in some way. You can contact spamcop deputies at deputies at spamcop.net who maybe able to help. If it is ISPs you should contact then to get them to fix their server.
  11. To expand on what Merlyn said, it is up to you, stop your server (mail1.us.kline.com) sending spam to the spam traps and your IP address will drop of the Spamcop list. The reason you cannot send mail to your customers, is that they are using the Spamcop list to block sources of spam. It is they who are blocking your mail. By the way, your server is listed on 2 other lists have a look at: http://openrbl.org/# PSBL reports a spam trap hit Thu Aug 5 15:42:51 2004, only about a hour ago. It looks like you have a problem with that server: 1. either you or one of your users is spamming; 2. the server is compromised in some way - Server Hack, trojanised, virus infected etc; 3. an open relay; 4. bouncing mail to forged from addresses, sending you have a virus' messages to forged from addresses. As the server is only hitting the spam traps, 2 and 4 above are more likely. The message is fix your server and your sever will drop of the Spamcop list. Rob
  12. Yes it is back on the list: listed in bl.spamcop.net ( Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) Listing History In the past 6.7 days, it has been listed 2 times for a total of 4.6 days Other hosts in this "neighborhood" with spam reports As you can see it is sending mail to the spam traps. It looks like the server has been compromised in some way otherwise it would not be sending to spamtraps. Not only that there has been a 261% increase in the e-mails sent in the last day. The Spamcop deputies can help with providing info, but they will only do that for the ISP concerned. They can be e-mailed - deputies (at) spamcop.net I suggest that you strongly consider moving to another ISP, clearly yours is having problems. If not, you may like to get a dialup one for now eg plus.net and use their sever to send mail, you can keep your address as is and use hostway.com to pick up your mail. BTW the people posting here are Spamcop users including Miss Betsy, they do not work for Spamcop.
  13. Glad setting up your mail hosts fixed your parsing problem. There was a note about it on the start pages, but its gone now. Pehaps it should be put back
  14. Have you set up your mailhosts? that should allow Sc to parse past your backbone. Rob
  15. Hi, is cmlapp10.siteprotect.com which appers to be an output mail server for hostway.com. As you say it is not list now, nor is is listed in 200 or so other lists. So what ever was wrong has now gone away. There could have been several reasons for the listsing: Hostway could have been bouncing e-mails sent to non existant addresses at the domains they manage. The problem with this is that the from address is frequently forged and if something like the mydoom virus is responsible, that from address could be anywhere. In some cases it can hit upon spam traps. These are addresses that are not used for mail, so they only receive spam. So if hostway bounces a message to a spam trap it will get listed. The Spamcop list is dynamic, so that 48 hours after the spam stops then IP address is removed from the listing. Another cause is that another hostway customer has been spamming, in which case this will be reported to hostway. If they are slow to take action the hostway mail server could have been listed for a time. I suspect that the latter is probably the case as your mail is handled by the hostway server and possibly mixed with spam form another hostway customer. Picking on the point of needing e-mail to be reliable, I to am in the Uk and run my own business. However, I do not rely on e-mail - you can't as there is no guarantee that it will be received. Have a close look at some of the big ISPs terms and conditions. There is no contractrual requirement to ensure that the mail gets to the end user. There cannot be as it relies on the good will of the receivers ISP to accept it. Hope this helps. Rob
  • Create New...