Jump to content

PITA User


daringone

Recommended Posts

I need more specific information on why 216.89.106.254 is on the list if it is possible. I've got a user trying to send to us (specifically, a law firm) that is going on and on about how SpamCop even says it's experimental... etc, etc. (By the way, can we get rid of that statement yet? SpamCop's been around quite some time :)) At any rate, some sample spam would be nice to throw back at him. Thanks in advance!

Link to comment
Share on other sites

Hi, daringone,

...If you don't get a better reply than this in the next day or so: I would suggest sending an e-mail to deputies <at> spamcop.net with as much information as you have about this IP address.

Link to comment
Share on other sites

None of the things I am going to mention here are specifically what you are looking for. The only people who can get you more information than this are the deputies and they are very protective of the spamtraps.

It sounds like the law firm is being blocked because you use the spamcop list and they are on it. The rest of this message is based on this being true.

As the IP is not owned by yourself, the deputies may not give you any information and the law firm will need to contact them directly to get the information as to why they are blocked.

You could ask the law firm why messages appear to have been sent from their mail server (216.89.106.254 is mail.thf.com) to email addresses which do not exist.

Been detected sending mail to spam traps

It does not appear that they are sharing their mail server as the entire netblock is assigned to their use.

Thompson Hine LLP SAVV-S214266-0 (NET-216-89-106-0-1)

216.89.106.0 - 216.89.106.255

It is possible that they are bouncing either viruses or undeliverable messages to the Reply-to address which is easily forged, causing these listings.

Link to comment
Share on other sites

I need more specific information on why 216.89.106.254 is on the list if it is possible.  I've got a user trying to send to us (specifically, a law firm) that is going on and on about how SpamCop even says it's experimental... etc, etc.  (By the way, can we get rid of that statement yet?  SpamCop's been around quite some time :))  At any rate, some sample spam would be nice to throw back at him.    Thanks in advance!

It's difficult to say for sure, however it seems that someone using one of the following domains (or a sub-domain) is sending emails to a spamtrap (an address that has never been used for any purpose other than sitting in the HTML code of a web page waiting for spammers to harvest the address).

· businesslawbulletin.com

· exchange.gouldwilkie.com

· gouldwilkie.com

· thompsonhine.com

· neonetadvisors.com

· thf.com

If any of the users of any of the domains run a mailing list it is possible that they don't use confirmed opt-in and the list has been intentionally 'seeded' in order to cause problems for the list owner.

http://www.spamcop.net/w3m?action=checkblock&ip=216.89.106.254 shows that some users have reported spams that originated at 216.89.106.254. Those spam reports would have gone to abuse[at]savvis.net so it is possible that they can help you determine what/who is the problem.

FWIW, it appears that the IP is no longer listed on the SCBL.

Link to comment
Share on other sites

Thanks for the help guys :) The de-listing should be enough to get them off my back. I long for the old days when searching the BL would result in spam samples that I could show someone that happened to be complaining to me. Where did those go I wonder? :unsure:

Link to comment
Share on other sites

Thanks for the help guys :)  The de-listing should be enough to get them off my back.  I long for the old days when searching the BL would result in spam samples that I could show someone that happened to be complaining to me.  Where did those go I wonder?  :unsure:

...FWIH, it was being abused by spammers.

Link to comment
Share on other sites

I need more specific information on why 216.89.106.254 is on the list if it is possible.  I've got a user trying to send to us (specifically, a law firm) that is going on and on about how SpamCop even says it's experimental... etc, etc.  (By the way, can we get rid of that statement yet?  SpamCop's been around quite some time :))  At any rate, some sample spam would be nice to throw back at him.    Thanks in advance!

That IP was beating up our spamtraps -- it looks like the SMTP/AUTH exploit; see http://news.spamcop.net/cgi-bin/fom?file=372

The spam stopped and the IP delisted -- I hope someone fixed the problem and that it is just not a case of the spammer having moved on to other compromised servers and soon to be back on this one.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...