whyme Posted September 25, 2009 Posted September 25, 2009 OK, I don't want to start any fights here, but I wonder who the genius is that's cause my ISP (not my personal IP address) to be blocked? Not just any ISP, but Cogeco. For four days now, some of my emails (and the emails of I don't know how many thousands of customers that Cogeco serves) go through, some don't, telling me that my ISP, Cogeco, is on the blacklist. Best part? Still hasn't been resolved. That's just wonderful. Do you know how much business I could potentially lose in four days when my potential customer gets a bounce back with the words 'junk mail rejected', 'blocked', and a link to spamcop in it? Some may be savvy enough to figure out Cogeco's been blocked, others may assume it's the website they're trying to contact (me). All I've been hearing from Cogeco for three days now is it's not their fault, they're trying to resolve it and in whose hands is it to resolve?....I'm guessing Spamcop. Am I wrong? I dunno. I really don't know how these things work but a mess like this you'd think would get fixed and fixed quickly. And while you're at it, could you make sure that you can't block an entire ISP again? Bloody freaking outrageous. And don't give me the 'we're only human and make mistakes' stuff. Yup, we all make 'em, but four days to fix 'em? C'mon already!!! PS, I'm not new to forums. I participate in many and learn and teach alot. I know they're mostly made up of users and not normally perused by the hosts (eg, spamcop) but I thought I'd just let someone, anyone know that I'm not at all impressed by this latest pile of dog doo.
Farelf Posted September 25, 2009 Posted September 25, 2009 SpamCop simply cannot block an entire ISP. How it actually works is shown here: http://www.spamcop.net/fom-serve/cache/297.html It blocks individual IP addresses and if one of those blocked addresses happens to be one of the major outgoing servers - the only circumstance which can partially inconvenience a large number of the ISP's users (who usually send to the outside world through a number of such servers working together) - the ISP is (or should be) very happy to learn about it because it means either one of their users is in serious violation of their own terms of service or they have a badly-compromised server, relaying when it shouldn't be relaying and they don't want either to happen. You can get to the 'Cogeco SpamCop experience' through http://www.senderbase.org/senderbase_queri...h_string=cogeco That cascades down (follow through the links) and you will eventually get to individual IP addresses. Very few of them are listed by SC. The hall of shame of ISPs with real problems is shown at http://www.spamcop.net/w3m?action=hoshame#domsum - and they are there because of volumes of spam through (a number of) individual IP addresses in their netspace. Even they are not blocked by SC. Repeat, SC cannot block an entire ISP. What is more common with the 'blocked by SpamCop' allegation is for badly-constructed rejection messages to mention SC as the 'cause' when sometimes it is not. That would probably be the case if other, better-made, rejections mention another blocking agent. In any event, the rejection messages should include the IP address which is blocked. Otherwise they are very bad rejection messages indeed. You are a business user? You probably have a static IP address. You can check that against the blocklist from http://www.spamcop.net/bl.shtml If it is blocked by SC you can see some detail. No-one can tell you more without knowing the IP address(es) involved. You're most welcome to continue if you are actually blocked by SpamCop and want to follow up further. But your ISP is NOT 'blocked by SpamCop'.
whyme Posted September 25, 2009 Author Posted September 25, 2009 The reason I mention my business is that for the most part, blocks seem to happen if they go from a cogeco account to certain addresses (one of them my business) but not so often if going to another cogeco subscriber for instance. My business hoster is not blacklisted, nor is my site/mail. My personal (current) ip address is not blocked by spamcop or anyone and there would never be a reason for it as my computers are clean. If you'd like to know why I think spamcop is blocking cogeco, (I know you're in Australia so do a search on cogeco in ontario, canada and you'll see it's not some two-bit minor web hoster) is because the bounce backs specifically name their addresses....216.221.81.29 and 216.221.81.30 with this reasoning...5.1.0 - Unknown address error 550-'"JunkMail rejected - smtp3.cogeco.ca (fipsb03.cogeco.net) [216.221.81.30]\nis in an RBL And there's a link to Spamcop with some sort of explanation that if I am the isp administrator that I can dispute this and have it delisted. So, by reading this, I'm supposed to think it's whose fault now that I'm in my fifth day of sporadic email service? When someone with a personal cogeco account sends an email to my or anyone else's business or even to another account (eg hotmail, gmail etc.) and gets a bounce back saying spamcop has cogeco on their blacklist, and lists their address, I'm not supposed to think that spamcop's blocking them?
Wazoo Posted September 25, 2009 Posted September 25, 2009 the bounce backs specifically name their addresses....216.221.81.29 and 216.221.81.30 with this reasoning...5.1.0 - Unknown address error 550-'"JunkMail rejected - smtp3.cogeco.ca (fipsb03.cogeco.net) [216.221.81.30]\nis in an RBL http://www.spamcop.net/w3m?action=checkblo...p=216.221.81.29 216.221.81.29 not listed in bl.spamcop.net Report History: Submitted: Thursday, September 24, 2009 8:39:27 AM -0500: Re-validate(Now)... •4560553540 ( 216.221.81.29 ) To: security[at]cogeco.net --------------------------------------------------------- Submitted: Thursday, September 24, 2009 8:39:14 AM -0500: Re-validate(Now)... •4560553496 ( 216.221.81.29 ) To: security[at]cogeco.net -------------------------------------------------------- Submitted: Thursday, September 24, 2009 8:38:58 AM -0500: Re-validate(Now)... •4560552848 ( 216.221.81.29 ) To: security[at]cogeco.net ----------------------------------------------------------- Submitted: Thursday, September 24, 2009 12:12:43 AM -0500: Investment Plan !!! •4559516417 ( 216.221.81.29 ) To: security[at]cogeco.net ----------------------------------------------------------- Submitted: Wednesday, September 23, 2009 11:44:31 PM -0500: You Won •4559504371 ( 216.221.81.29 ) To: security[at]cogeco.net ------------------------------------------------------------ Submitted: Wednesday, September 23, 2009 10:10:37 AM -0500: Partnership Investment •4558166035 ( 216.221.81.29 ) To: security[at]cogeco.net -------------------------------------------------------------- Submitted: Tuesday, September 22, 2009 8:02:26 AM -0500: [sUSPECTED spam] Crie seus sistemas SEM LIMITES •4555266271 ( 216.221.81.29 ) To: security[at]cogeco.net ------------------------------------------------------------ Submitted: Monday, September 21, 2009 4:49:05 PM -0500: Partnership Investment •4553818162 ( 216.221.81.29 ) To: security[at]cogeco.net ------------------------------------------------------------ Not near enough to get listed based on user complaints alone ... spamtrap hits must have been pretty substantial. http://www.senderbase.org/senderbase_queri...g=216.221.81.29 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ....... 3.7 .. -96% Last month ... 5.2 http://www.spamcop.net/w3m?action=checkblo...p=216.221.81.30 216.221.81.30 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours. Causes of listing •System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) •SpamCop users have reported system as a source of spam less than 10 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) •IP is listed in SpamCop exclusion list Because of the above problems, express-delisting is not available Listing History In the past 4.3 days, it has been listed 3 times for a total of 32 hours Other hosts in this "neighborhood" with spam reports 216.221.81.28 216.221.81.29 216.221.81.39 Report History: Submitted: Friday, September 25, 2009 8:20:44 AM -0500: Reply... •4562887820 ( 216.221.81.30 ) To: security[at]cogeco.net -------------------------------------------- Submitted: Thursday, September 24, 2009 10:01:29 PM -0500: Contact Mr.Andy Jerry via Tel:+60129750804 •4561868803 ( 216.221.81.30 ) To: security[at]cogeco.net --------------------------------------------- Submitted: Thursday, September 24, 2009 8:39:51 AM -0500: Re-validate(Now)... •4560553860 ( 216.221.81.30 ) To: security[at]cogeco.net ------------------------------------------------- Submitted: Wednesday, September 23, 2009 7:10:37 AM -0500: Business proposal •4557750295 ( 216.221.81.30 ) ( SIMPLE ) To: security[at]cogeco.net ------------------------------------------------ Submitted: Monday, September 21, 2009 8:07:21 AM -0500: [sUSPECTED spam] Crie seus sistemas SEM LIMITES •4552796379 ( 216.221.81.30 ) To: security[at]cogeco.net ------------------------------------------------ Submitted: Thursday, September 17, 2009 11:28:35 AM -0500: HMC EMAIL ACCOUNT UPDATE†•4544986491 ( 216.221.81.30 ) To: security[at]cogeco.net ------------------------------------------------ Submitted: Thursday, September 17, 2009 11:28:02 AM -0500: HMC EMAIL ACCOUNT UPDATE†•4544984590 ( 216.221.81.30 ) To: security[at]cogeco.net ----------------------------------------------------- Submitted: Wednesday, September 16, 2009 10:59:08 AM -0500: You won $2,500,000 USD •4542687148 ( 216.221.81.30 ) To: security[at]cogeco.net ------------------------------------------------ same remark as above http://www.senderbase.org/senderbase_queri...g=216.221.81.30 Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ...... 4.6 .. 158% Last month .. 4.2 What's noticed is that the .29 machine has reduced traffic flow and is now unlisted from the SpamCopDNSBL. The .30 machine has traffic going way up and remains listed. One would have to ask the ISP what those numbers might actually mean. For example, they have been moving traffic from one IPA (server) to another, the first server had some traffic managed somehow, be it an infection removed, a client('s infected machine) removed, a hack discovered and now blocked, etc. And there's a link to Spamcop with some sort of explanation that if I am the isp administrator that I can dispute this and have it delisted. So, by reading this, I'm supposed to think it's whose fault now that I'm in my fifth day of sporadic email service? What is SpamCop.net? What is the SpamCop Blocking List? Thoe links will try once again to explain that SpamCop does not block anything itself, the use and implementation of the SpamCopDNSBL is up to the (receiving) ISP, and the reasons for a SpamCopDNSBL listing. (Both appear to be primarily caused by spamtrap hits.) At this point, one would want to talk to the folks that handle the complaints received at security[at]cogeco.net and ask what they are 'really' doing to handle the situation. When someone with a personal cogeco account sends an email to my or anyone else's business or even to another account (eg hotmail, gmail etc.) and gets a bounce back saying spamcop has cogeco on their blacklist, and lists their address, I'm not supposed to think that spamcop's blocking them? Bad examples, as neither HotMail or Google use the SpamCopDNSBL. However, as explained elsewhere in the above referenced links, the answer to your question once again is ... SpamCop does not handle your e-mail, so SpamCop cannot "block your e-mail" .... any "blocking action" was done at and by the receiving ISP.
whyme Posted September 25, 2009 Author Posted September 25, 2009 I may have given the impression that I laid no blame whatsoever with cogeco, but that wasn't meant to be the case. When I first reported the problem days ago, they actually tried to lay the blame with my webhoster. This is because someone emailed my business and got a bounce back and informed me of it. My webhoster was not impressed either. The reason I come to 'moan about this' here is because I'd never seen a spamcop link in a bounce back and being not so tech savvy in this area couldn't figure out what they had to do with the issue. By the way, the first address was the original problem, got 'fixed' yesterday and then the problem recurred with the second one. That may explain your investigating efforts regarding traffic flow on one vs. the other. Update... Now I'm back to getting bouncebacks with the first address in it (ending in .29). Cogeco blames spamcop, here the general tone is it's cogeco. Either way I and thousands of people have our email crippled. There has to be a better system out there.
Lking Posted September 25, 2009 Posted September 25, 2009 Update... Now I'm back to getting bouncebacks with the first address in it (ending in .29). Cogeco blames spamcop, here the general tone is it's cogeco. Either way I and thousands of people have our email crippled. There has to be a better system out there. There is. Its called an ISP (unlike like Cogeco) that really fixes the problem at the source not blame the bearer of bad news (you, our ISP, SpamCop). I would think at this point Cogeco should have Identifed the offending mailer attempted to help them clean-up their system to prevent them from unintentionally spamming again, or identified that the spam sent to spam traps was intentional and blocked them for good. i.e. squash them like a bug and disconnect them from the internet completely.
whyme Posted September 26, 2009 Author Posted September 26, 2009 I would think at this point Cogeco should haveIdentifed the offending mailer attempted to help them clean-up their system to prevent them from unintentionally spamming again, or identified that the spam sent to spam traps was intentional and blocked them for good. i.e. squash them like a bug and disconnect them from the internet completely. I thought that's the way these things were supposed to be handled long before it would ever get to this point. It almost makes me miss my days with Sympatico. Though, I did get tired of always hearing the first thing out of their mouths..'it sounds like you have a virus'. Cogeco's been better, till now. P.S., I apologize if it appears I was shooting the messenger here but that's just the way these bouncebacks looked to me (sc was the culprit) and that's where cogeco's been laying the blame. The real irony of this? A few days ago I remarked to my wife that we haven't had any real spam to think of in I can't remember how long. I thought, 'hey, someone's doing something right'. I should have kept my bloody mouth shut.
Farelf Posted September 26, 2009 Posted September 26, 2009 ...If you'd like to know why I think spamcop is blocking cogeco, (I know you're in Australia so do a search on cogeco in ontario, canada and you'll see it's not some two-bit minor web hoster) is because the bounce backs specifically name their addresses....216.221.81.29 and 216.221.81.30 with this reasoning...5.1.0 - Unknown address error 550-'"JunkMail rejected - smtp3.cogeco.ca (fipsb03.cogeco.net) [216.221.81.30]\nis in an RBL ...Yes, I know about cogeco - the link I gave to the SenderBase lookup on the entity (as 'seen' by SenderBase) makes its size clear. Unfortunately, the bigger a provider is, the less likely they are to oblige (read 'provide acceptable base-line service to') the individual customer - as a rank generalization. Another take on the principle of mediocrity, if you will. And of course SC is not doing anything except place IP addresses in its blocklist when those send spam and take them out again when they have not done so for a period of 24 hours or, sometimes, less - or when the provider has found the problem, rectified it, and advised SC accordingly. The actual blocking of e-mail is by the intended recipient, if they are using the SCbl - as I think you now know. And the SCbl recommended usage is to filter mail for recipient inspection (not reject or, worse still, silently drop) as you may also have noted. Wazoo has answered with some specifics since you provided the IP addresses. Here are some more: http://www.robtex.com/ip/216.221.81.29.html#blacklists http://www.projecthoneypot.org/ip_216.221.81.29 http://www.backscatterer.org/?ip=216.221.81.29 http://spamcannibal.org/ (need to enter the IP address in a look-up form for that one) http://www.robtex.com/ip/216.221.81.30.html#blacklists http://www.backscatterer.org/?ip=216.221.81.30 At the time I checked, neither were on the SCbl. The above BLs may provide data (as to spam sightings or other 'causes for listing') additional to the considerable amount Wazoo has already given. Cogeco.ca has access to all of this and their own logs and could easily have progressed the process to clean up the activity affecting these major SMTP servers (and they may have, but not concluded it). SC assists in that process by often being the first to raise the alarm with them - often in advance of actual addition to the SCbl (but not in advance when spamtrap hits - as opposed to member reports - are involved, that case is a hair-trigger one). SC delisting is, at worst, automatic after 24 hours, the others may not be (most BLs, if they auto delist at all, only do so after a much longer period). All of which is in the nature of flogging a dead horse. What to do until, 'Vaster than empires, and more slow,' Cogeco.ca actually does something? Probably not a lot. Even some small and middle-sized providers will deny responsibilty as a cheaper option to remediation, larger ones tend to be more professional (once you manage to get the attention of the actual problem-solvers) but they are slow. Nothing must be allowed to impinge their vast flow of data (even if much of it is just bouncing off the bastions once it leaves their networks). If the people you are trying to send mail to actually have control of their mail servers you might ask them to whitelist you. That usually bypasses any filtering including BL-lookups. But, apart from that, you can never, ever, rely absolutely on a single e-mail service to deliver all your mail, all the time. You need a fall-back strategy, even if it's just a hotmail, yahoo, gmail (etc.) webmail account for urgent contact. It doesn't matter what mail service you use or what mail service your correspondent uses, whether it's actually SC, another BL, IronPort, BrightMail or some in-house filtering solution, some of them are going to be active on or after the mail servers of someone you are trying to send mail to and, sooner or later, those are going to obliviate your message. Fortunately it doesn't happen all that often but you need to be ready when (not if) it does.
Snowbat Posted October 3, 2009 Posted October 3, 2009 On outgoing mail sent by their webmail system, it appears that Cogeco does not add a 'Received' line for the originating IP . Instead they dump it in a couple of custom X headers. This causes SpamCop to identify their SMTP servers as the source of spam: From cfis...[at]cogeco.ca Fri Apr 10 10:09:56 2009 Received: from avs02.mx.********* (avs02.mx.********* [***********.146]) by **********.********* (8.11.3/***/8.11.2) with ESMTP id n3A99uk04403 for <*****************************>; Fri, 10 Apr 2009 10:09:56 +0100 (BST) X-Envelope-From: cfis...[at]cogeco.ca Received: from fep7.cogeco.net (smtp2.cogeco.ca [216.221.81.29]) by avs02.mx.********* (8.13.8/8.13.4) with ESMTP id n3A99s61003971 for <**************************>; Fri, 10 Apr 2009 10:09:55 +0100 Received: from cogeco.ca (smtp3.cogeco.ca [216.221.81.30]) by fep7.cogeco.net (Postfix) with SMTP id 7BA642FC2; Fri, 10 Apr 2009 05:09:50 -0400 (EDT) To: (Recipient List Suppressed) Sender: cfis...[at]cogeco.ca From: dennisplat...[at]yahoo.com Reply-to: dennisplat...[at]yahoo.com Subject: 2009 FREE LOTTO AWARD NOTIFICATION DEPT X-Mailer: Cogeco Webmail - complaints to ab...[at]cogeco.ca ( 75.125.163.132 - cfis...[at]cogeco.ca ) X-Originating-IP: 75.125.163.132 Date: Thu, 09 Apr 2009 21:09:50 -1200 X-Priority: 3 (Normal) Message-id: <49df0cde.13c.1a0.31186[at]cogeco.ca> Apparently-To: ************************** If they were to add an appropriate 'Received' line showing handoff from the originating IP, SpamCop would be able to identify the source. Yahoo add one like this: Received: from [68.37.44.123] by web111918.mail.gq1.yahoo.com via HTTP; Mon, 31 Aug 2009 17:30:54 PDT
Farelf Posted October 3, 2009 Posted October 3, 2009 On outgoing mail sent by their webmail system, it appears that Cogeco does not add a 'Received' line for the originating IP . Instead they dump it in a couple of custom X headers. This causes SpamCop to identify their SMTP servers as the source of spam:... That's interesting. The X-headers can always be faked so are of no diagnostic value to SC of course. But the OP has not logged in since before the last several posts before this one and he may be unaware of the continuing information. But it may be/should be of interest to cogeco.ca customers generally. One would hope it is of even more interest to cogeco.ca NOC and CSM (Customer Service Management).
whyme Posted October 3, 2009 Author Posted October 3, 2009 I haven't been back since around the 26/27'th of Sept., the problem seems to have been all cleared up. I only came back today as I was scrolling through my list of old bookmarks. I know you're trying to help here but lame as it may seem, this is all Greek to me. If you're saying that cogeco handles things improperly and there's something that I could bring to their attention, then I could probably do so. I don't know if they would really care about any info I'd provide them (I'm just a 'customer'), but if you think it could help them and by extension me as their customer, I'd send it off. So, what exactly should I tell them if anything? How would I know if there still is any problem waiting to blow up like last time and if I even should be passing on any info? thanks
Farelf Posted October 4, 2009 Posted October 4, 2009 ...So, what exactly should I tell them if anything? How would I know if there still is any problem waiting to blow up like last time and if I even should be passing on any info?Thanks for checking and the update. At this moment, 216.221.81.29 is on the SCbl - "If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours" (and three others - I don't know their delisting procedures). The robtex links I gave above (in 73003[/snapback]) allow anyone to check anytime. Anyway, cogeco.ca have done nothing effective to resolve the origin of the spam sent through their network. Any receiving networks using any of the four blocklists is likely to use those to reject your mail and that of any other cogeco.ca customers (if it happens to route through smtp2.cogeco.ca [216.221.81.29]), it is a bit of a lottery really. Cogeco.ca appear to have at least three SMTP servers handling the traffic (and yet other differently-designated servers) handling external mail transmission and may juggle the load to push the mail through. SC reports are going to security[at]cogeco.net which could mean the network people in cogeco.ca are not getting timely advice. Frankly, I doubt cogeco.ca are going to take much notice of anything you tell them. It is their job to stay on top of these things and all you can do is let them know when it's not happening. They may be grateful to know where the spamcop reports are going (though that is the published abuse.net address). They may be grateful for advice that either they are not inserting standard "Received:" headers for (some) stuff entering their network - causing tracing problems further down the line - or (maybe) they have a webmail user forging headers (73041[/snapback]) and sending spam - in either case leading to their SMTP servers getting blocklisted. But those are things they could easily determine if they were looking. More likely you will never get past some scriptdroid who will profess to understand not a word you are saying. They are most likely to act their own way and in their own time and the only way to hasten that is if a large number of their customers complain in a short space of time. Just don't let them (cogeco.ca) lay the blame elsewhere. It's their job to control their own network. If their network broadcasts quantities of spam they are probably going to be picked up in several blocklists and there are other networks or individual recipients who will use those lists to block all traffic from specific IP addresses in cogeco.ca while cogeco.ca has lost control of those addresses (no matter that they might be mail servers used by many cogeco.ca customers). This tends to be a progressively worsening situation as more and more blocklists and maybe email reputation scores will eventually get involved with long-term spam sources. But (at some level) cogeco.ca knows all of that and I doubt they would allow their service to become quite so dreadful as to make other providers look attractive in comparison.
whyme Posted October 4, 2009 Author Posted October 4, 2009 Time for a giant sigh. You mention a crap shoot. That's about right. I just tested sending multiple email in rapid succession and indeed, some go through, a few don't. They then went through (as you suggest forced through by another route). It appears the problem is not as severe as before but still present. I'll have to get in touch with these guys but I'm not sure what it'll accomplish. I truly wish there were choices for isp's in this area but it's pretty much them or sympatico. Any time sympatico has had problems, the first thing out of supports mouth is 'it sounds like you have a virus or your computer needs reformatting'. I go tired of that and switched. In the long run, what most bothers me is not my personal email. As I said, I'm a wedding photographer in a city that's known for weddings. My website is hosted with a reliable server (not cogeco obviously). My site host is pretty strict as it should be, even wiping clean customers from the server who violate spam and usage rules. The thing that bothers me is I wonder how many of my potential customers who use cogeco for their personal email, are trying to email me to hire me and get the bounce back message or worse, the email seems to end up in limbo. I have friends in the business who occasionally get phone calls as to why email is never replied to. Well, it never arrived. thanks for all the effort anyway
Farelf Posted October 4, 2009 Posted October 4, 2009 ...The thing that bothers me is I wonder how many of my potential customers who use cogeco for their personal email, are trying to email me to hire me and get the bounce back message or worse, the email seems to end up in limbo. I have friends in the business who occasionally get phone calls as to why email is never replied to. Well, it never arrived. ...Sadly, email is not a guaranteed delivery service, for numerous reasons. It won't let you down often but you can never tell just when or how much that might happen. You need to have a strategy to cope if it might be critical. A contact form on your website would one element - if you don't have one already. Presumably you have contact phone numbers there already - or maybe not, that can be a real pain to handle on your own and answering services may be an overhead you don't want. Anyway, there are solutions ... definitely warrants some thought on risks, costs and benefits.
whyme Posted October 6, 2009 Author Posted October 6, 2009 Oh definitely I have alternate communications routes for potential customers. But, as you said, email isn't always as reliable as people think it is and sadly many people think it's bullet-proof and don't think to pick up a phone when it gets bounced back to them. Or, they just sit there and wonder why the email (that appeared to go through and never came back) never got replied to and it just doesn't occur to them that they could re-send it. interesting world we live in....
Recommended Posts
Archived
This topic is now archived and is closed to further replies.