Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by Telarin

  1. An email directly to their ISP might also help, depending on how they are setup and whether or not the ISP or the emailer is the one getting the spamcop reports.
  2. The only place your email could be blocked is your mail provider. If JustHost is your email provider, then either the person you talked to is completely clueless, or just outright lieing to you. Which blocklists they use, and how they choose to use them are decisions entirely up to them. What was their response about white-listing the yahoo groups outgoing servers? There are a bunch of them, I know, but I believe they are mostly in a contiguous IP range, so it shouldn't be too much trouble to just add the entire range.
  3. Well, it looks like facebook.com is already listed at rfc-ignorant.org for invalid abuse address and bad whois data. I know several mail admins that use rfc-ignorant.org listings as part of a weighted spam filter, so maybe they will eventually work to resolve them (though I doubt it, it seems that many larger internet companies seem to be of the opinion that RFCs do not apply to them).
  4. I believe if you just click on the forgot password link on facebook, it will send the password to the registered email address. Then you should be able to login and delete the account without any problems. However, keep in mind that a lot of the "facebook friend request" type emails are not really from facebook and are nothing more than phishing scams.
  5. My impression of the OP is that he is asking for a queryable DNS type service like the current bl.spamcop.net, but that returns a hit if there are ANY reports. If that is indeed the question you are asking, then the answer is No, there is currently no such service offered by spamcop, though it would certainly be handy for building a weighted spam filtering system.
  6. They are phishing for account information for battle.net (World of Warcraft) accounts.
  7. Go to ARIN.net Put the IP in question ( into the "SEARCH WHOIS" box and click search You will see two allocations: clicking on the link in the first one gives us: Clicking on the second link gives:
  8. The IP block is directly allocated to Logicweb, who then has reassigned a portion to Prime Directive, LLC The logicweb reporting address is abuse[at]logicweb.com and is probably the better contact to use than the gmail contact listed for the reassignment.
  9. That behavior is normal. The computer still has to connect and handshake before the connection can be dropped. I don't think exchange actually drops the SMTP connection until after the RCPT TO stage, so it is normal, especially on a high traffic server to show these connections that will eventually be dropped in the current connections list. To really see if it is working or not, check messages you are receiving and see if any of them are from IPs currently listed in spamcop. Also note that any entries in your Global Accept list will override BL entries. Personally, I use Exchange 2003 SP2 with spamcop, spamhaus, a couple country specific BLs, and an internal BL that I maintain using the built in DNS server in Windows Server, and it works quite well for me.
  10. Those are generally good practices for an ISP providing services to residential customers, howerver, it sounds like the OP provides services to commercial customers. Commercial customers generally run their own mail servers, and will not accept using an ISP smarthost as a reasonable requirement. That being said, I can certainly see Don's concern. The OP said: This sounds to ME like they are passing the spamcop reports on to the customer, who is then allowed to simply listwash. In my opinion, the customer should never see the spamcop report. At best, they should be sending an email to the customer with nothing more than the recipient email address and requiring that they provide data showing how they obtained that email address, and show evidence that it was a legitimate confirmed opt-in subscription. If they can't prove that, then they need to dump the entire list that the email address in question came from, as it is clearly dirty. If it happens more than once, they need to be disconnected. Of course, that is my personal opinion, but I think it is a reasonable requirement that anyone handling a large mailing list should be able to show when and where every email address was obtained.
  11. As far as I go, Spamcop never "visits" (with WGET or otherwise) links in emails. The most action it takes is to do a DNS lookup on the site itself. I SUPPOSE if the spammer had full control of the DNS servers AND used a different host name for each spam sent out that they could build a list of which host names have ever had their DNS A record queried, but I don't think that would be practical in most if not all situations. As far as data in the querystring portion of the URL, that would not go through, as only the host.domain.tld portion would ever be queried against the DNS server.
  12. Do a google search Windows Password Reset CD. You should be able to download a utility program that you can burn to a bootable CD. Then boot your computer with the CD, and you should be able to reset the admin password for Windows. If it seems a bit too complicated for you, you may want to take it to a local computer shop to do it for you.
  13. Seth, I also run an exchange server can have my users submit spam to a shared folder for reporting. I manually review the submitted spam, clean out any legitimate messages, and submit the rest to spamcop daily. I use a program call OLSpamCop to submit all the messages in a single batch. I also have my account setup for quick reporting so that I do not need to process each message individually. In this way I am able to submit several hundred messages in just a few minutes. I would not recommend using quick reporting until you have done manual submissions for a while and made sure that your mailhost setup is working correctly, as you don't want to accidentally report yourself.
  14. The rejection message is generated by the receiving server and would have nothing to do with the orange-wanadoo system setup. However, even if you know the IP address, there is going to be little to nothing you as a user can do about it. This is something that their mail system management team would have to address to solve. The fact that there is a spamcop listing for some of their servers indicates either they have a major configuration problem causing their SMTP servers to send backscatter, they have a customer sending a large volume of spam through their SMTP servers, or they have a security breach allowing a spammer outside their network to relay through their SMTP servers. Either way, it is a problem that their support will have to resolve in order to get delisted.
  15. Since the domain provided in the link is cert-services.net, which appears to have no affiliation with spamcop of cesmail, I would say that this email is DEFINITELY not legitimate. One also has to wonder why you would need to install a program in order to access a website, another good sign that the message is not legit.
  16. A good way to cut off the virus while you are trying to track it down would be to configure your router to block all outbound traffic to port 25 from any IP address other than your actual mail server. This would at least cut off the spew while you find the problem machine. If your firewall supports logging, it should also make it quite easy to track down the offending machine as the firewall rule hits should almost immediately show up in the logs.
  17. You can use Outlook, you just can't forward as attachment. I suggest one of the "approved" reporting tools for Outlook. Personally I use OLSpamCop, and it works great.
  18. Thanks for that, I love a good laugh at some moron's expense in the morning Makes you wonder how people like that have managed to survive this long, doesn't it?
  19. If I remember correctly, you do not need the "*" in your blacklist entry, it just needs to be "feedblitz.com". Also, I believe those filters only work if you are reading your mail using the webmail interface, so if you are using IMAP or POP, those filters are not applied. Look through the headers of that email (or better yet, provide a tracking link) and see if there is an "X-Spamcop-Disposition" (Is that right? Might need a spamcop email user to chime in on that) line or something like that. It should tell you how spamcop handled the email and why
  20. What is your setup? Are you receiving mails directly to you[at]spamcop.net, or are they going to a different email address and being forwarded? Are you reading your emails using spamcop webmail? POPing it? IMAP? Are you forwarding it to another service? Where are these log files you are referring to? As far as I know, the spamcop mail service does not provide any kind of log files.
  21. A tracert from here shows them getting connectivity through Level3. You could try sending a message to them (abuse[at]level3.net), however, my experience with Level3 has been that they just don't care in the slightest what their customers do, so long as they keep paying them for their connectivity.
  22. If you are the owner of those IP addresses, you can normally request delisting by visting http://www.spamcop.net/w3m?action=checkblo...ip=, however, it appears that someone already attempted to delist that IP before the problem was resolved. You only get one delisting, so you have to make sure the issue is actually resolved before delisting or the IP will just get listed again as soon as more spam is received. At the time of this posting, however, the link above states: If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 1 hours. This means if the issue is truly resolved and no more spam is received by spamcop, the IP will automatically be delisted very soon.
  23. Considering that the history given at http://www.cymru.com/Documents/bogon-list.html shows pretty regular changes to the list, anyone using the very out of date no-more-funn list is likely to have significant problems receiving legitimate email. While that doesn't mean that noone is using it, I highly doubt that it is in common usage.
  24. Sorry, I meant no details as to products. Usually they have a website or pictures in the email of fake watches and great "deals".
  25. http://www.spamcop.net/sc?id=z3148221842z6...e406ef7848a799z Of all the places to have a drop email box, wouldn't one think that spamcop would be one of the fastest providers to shut them down? Of course, there is always the possibility that this is a joe job, since the email contains absolutely no details or website links with regard to what junk they are trying to get me to buy.
  • Create New...