daringone Posted April 20, 2004 Share Posted April 20, 2004 I need more specific information on why 216.89.106.254 is on the list if it is possible. I've got a user trying to send to us (specifically, a law firm) that is going on and on about how SpamCop even says it's experimental... etc, etc. (By the way, can we get rid of that statement yet? SpamCop's been around quite some time ) At any rate, some sample spam would be nice to throw back at him. Thanks in advance! Link to comment Share on other sites More sharing options...
turetzsr Posted April 20, 2004 Share Posted April 20, 2004 Hi, daringone, ...If you don't get a better reply than this in the next day or so: I would suggest sending an e-mail to deputies <at> spamcop.net with as much information as you have about this IP address. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 20, 2004 Share Posted April 20, 2004 None of the things I am going to mention here are specifically what you are looking for. The only people who can get you more information than this are the deputies and they are very protective of the spamtraps. It sounds like the law firm is being blocked because you use the spamcop list and they are on it. The rest of this message is based on this being true. As the IP is not owned by yourself, the deputies may not give you any information and the law firm will need to contact them directly to get the information as to why they are blocked. You could ask the law firm why messages appear to have been sent from their mail server (216.89.106.254 is mail.thf.com) to email addresses which do not exist. Been detected sending mail to spam traps It does not appear that they are sharing their mail server as the entire netblock is assigned to their use. Thompson Hine LLP SAVV-S214266-0 (NET-216-89-106-0-1) 216.89.106.0 - 216.89.106.255 It is possible that they are bouncing either viruses or undeliverable messages to the Reply-to address which is easily forged, causing these listings. Link to comment Share on other sites More sharing options...
Spambo Posted April 20, 2004 Share Posted April 20, 2004 I need more specific information on why 216.89.106.254 is on the list if it is possible. I've got a user trying to send to us (specifically, a law firm) that is going on and on about how SpamCop even says it's experimental... etc, etc. (By the way, can we get rid of that statement yet? SpamCop's been around quite some time ) At any rate, some sample spam would be nice to throw back at him. Thanks in advance! It's difficult to say for sure, however it seems that someone using one of the following domains (or a sub-domain) is sending emails to a spamtrap (an address that has never been used for any purpose other than sitting in the HTML code of a web page waiting for spammers to harvest the address). · businesslawbulletin.com · exchange.gouldwilkie.com · gouldwilkie.com · thompsonhine.com · neonetadvisors.com · thf.com If any of the users of any of the domains run a mailing list it is possible that they don't use confirmed opt-in and the list has been intentionally 'seeded' in order to cause problems for the list owner. http://www.spamcop.net/w3m?action=checkblock&ip=216.89.106.254 shows that some users have reported spams that originated at 216.89.106.254. Those spam reports would have gone to abuse[at]savvis.net so it is possible that they can help you determine what/who is the problem. FWIW, it appears that the IP is no longer listed on the SCBL. Link to comment Share on other sites More sharing options...
daringone Posted April 20, 2004 Author Share Posted April 20, 2004 Thanks for the help guys The de-listing should be enough to get them off my back. I long for the old days when searching the BL would result in spam samples that I could show someone that happened to be complaining to me. Where did those go I wonder? Link to comment Share on other sites More sharing options...
turetzsr Posted April 20, 2004 Share Posted April 20, 2004 Thanks for the help guys The de-listing should be enough to get them off my back. I long for the old days when searching the BL would result in spam samples that I could show someone that happened to be complaining to me. Where did those go I wonder? ...FWIH, it was being abused by spammers. Link to comment Share on other sites More sharing options...
daringone Posted April 20, 2004 Author Share Posted April 20, 2004 :angry: As usual... spammers killing useful functions of the net... Link to comment Share on other sites More sharing options...
Ellen Posted April 20, 2004 Share Posted April 20, 2004 I need more specific information on why 216.89.106.254 is on the list if it is possible. I've got a user trying to send to us (specifically, a law firm) that is going on and on about how SpamCop even says it's experimental... etc, etc. (By the way, can we get rid of that statement yet? SpamCop's been around quite some time ) At any rate, some sample spam would be nice to throw back at him. Thanks in advance! That IP was beating up our spamtraps -- it looks like the SMTP/AUTH exploit; see http://news.spamcop.net/cgi-bin/fom?file=372 The spam stopped and the IP delisted -- I hope someone fixed the problem and that it is just not a case of the spammer having moved on to other compromised servers and soon to be back on this one. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.