hardyx Posted April 23, 2004 Posted April 23, 2004 I hope I am not violating a rule posting here, but I do not know a better place to seek help. Today I found out my email is being blocked, however not by SPAMCOP. I use SPAMCOP religiously on all my unwanted, unsolicited email and so far I have not sent in anything inappropriately that I am aware of. I am being blocked by dnsbl.sorbs.net because my IP address 66.163.179.77/32 is in a database of servers sending to spamtrap addresses. That website does not seem very forgiving of those who lack an understanding of network matters. So I have turned here. From what I have learned so far on my own I could have been added because spam was sent from my machine, or because I had put up an unfirewalled Windows machine. While I am guilty of not properly firewalling my machine, that was well over six months ago, and the report in the database says that they received mail from me dated 3/14 and that the database entry was made 3/21. In addition, they said they last saw activity from me on 3/24. About that time, among my junk mail were about half a dozen emails that contained attachments containing viruses. I did not open any of these, of course, in fact NAV trapped them and deleted them. I am not aware of how spam could have been sent from my machine, but I suppose it is possible. I just do not know how to find out. I also read something that the culprit could possibly be another address in my ISP block, and while I think I understand what this means, I am not sure how to check or what to do about this. My immediate suspicion, probably totally unwarranted, is that someone I have reported to SPAMCOP has found a way to get me listed in this sorbs database. Is that even possible? Apparently, it is going to cost me $50 to be removed. Can someone provide me some advice? If the topic has been covered here somewhere and I have missed it, please just point the way to me. Thank you.
Merlyn Posted April 23, 2004 Posted April 23, 2004 What blocklist are you talking about? Resolved 66.163.179.77 to UNKNOWN-66-163-179-77.yahoo.com I can only find this blocked in BLARS and the YBL.
Spambo Posted April 23, 2004 Posted April 23, 2004 I hope I am not violating a rule posting here, but I do not know a better place to seek help. Today I found out my email is being blocked, however not by SPAMCOP. I use SPAMCOP religiously on all my unwanted, unsolicited email and so far I have not sent in anything inappropriately that I am aware of. I am being blocked by dnsbl.sorbs.net because my IP address 66.163.179.77/32 is in a database of servers sending to spamtrap addresses. [snip] I don't see it in SORBS but it is in a few others: http://openrbl.org/ip/66/163/179/77.htm Lookup 66.163.179.77 (unknown-66-163-179-77.yahoo.com) in 21+11 Zones AS: 66.163.160.0/19 AS26085 Yahoo Sunnyvale/California Net 66/8 IANA-NETBLOCK-66 ? Results: Positive=3, Negative=29 (2004-04-23 20:50:07 UTC) BOGONS/completewhois.com: 66.163.179/24: 553 BOGON not announced FIVETEN/yahoo.com.spam: added 2003-04-01; yahoo is now directly spamming for their own domain registrar business; added 2002-07-05; spam support - allow spamvertised sites; added 2003-05-28; hosting http://www.edirectsales.org on 66.218.79.143; added 2001-11-06; spam support - refusal to delete yahoo stores spammers BLARS/block.blars.org: INET 127.1.8.33 [*] Negative 29: [at]COUNTRY [at]DYNAMIC [at]ISP [at]spam AHBL AUDNSBL BONDED BOPM CBL DRBL DSBL INTERSIL JIPPGMA LNSG NJABL NOMORE ORDB PSBL PSS RFC_IPWH SBL SORBS SPAMBAG SPAMCOP SPAMRBL SPAMSITE SPEWS UCEPROT WPBL
dra007 Posted April 23, 2004 Posted April 23, 2004 looks like yahoo I wonder if these people can shed some light Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2001-09-07 Updated: 2002-09-24 TechHandle: NA258-ARIN TechName: Netblock Admin TechPhone: +1-408-349-3300 TechEmail: netblockadmin[at]yahoo-inc.com OrgTechHandle: NA258-ARIN OrgTechName: Netblock Admin OrgTechPhone: +1-408-349-3300 OrgTechEmail: netblockadmin[at]yahoo-inc.com
hardyx Posted April 24, 2004 Author Posted April 24, 2004 I have been told to check http://www.dnsbl.info/ to view a complete list of where my IP address is blocked since there is more than the one I just learned about today. Based upon what I reading it looks as though some of them are a block on yahoo.com since many of the entries are dated long before I starting using yahoo.com. HOWEVER, there are some others, like blacklist.spambag.org, that lists "The Bad:" as "Lists Some Large ISPS". A couple of them say that. What does this mean? Again, I am asking myself, "Is this happening because I have reported some large ISPs with SpamCop?", or am I reading something into this that isn't there. Sorry to be so stupid about this, but there's I'll never learn unless I ask.
Miss Betsy Posted April 24, 2004 Posted April 24, 2004 It is very unlikely that you have been blocked because you reported via spamcop. The people who use blocking lists are also anti-spam. Blocking lists generally list IP addresses that have been a source of spam. Unlike spamcop which automatically delists IP addresses when there are no longer reports of spam, some blocklists just don't remove those IP addresses. Some of the blocking lists are not widely used because of this failure to remove. yahoo does not have a squeaky clean reputation in regards to spam. I can't give you examples or even a history, but perhaps someone else can. spamtraps are email addresses that have never been used and so should never get email. If the spammers guess them via dictionary means (trying all combinations such absmith, acsmith, adsmith, etc) or have harvested them from web sites and thus add the spamtrap addresses to a spamming list, the spamtraps will get email. Several blocklists use this technique to add IP addresses to their lists (including spamcop). From the posts to spamcop, the recent viruses which targeted domain names resulted in some IP addresses being added to lists because someone at that IP address sent auto responses about the virus or bounced the virus to the return path (which is often forged by the spammer or virus). Another recent, common problem is when a computer is infected with a spammer trojan that sends spam through it. You don't say whether the IP address you gave is one that you use exclusively or one that you share with others. If you use it exclusively, then it would be best to look for security holes (trojans or compromised passwords). If you share the IP address with others, then the only person who can 'fix' things is your ISP. You need to complain vigorously to him that you don't have reliable email service because spam is being reported as coming from that IP address. If he does nothing, then the only solution is to change ISP's to one who is more reliable. HTH, Miss Betsy
zachariah Posted April 28, 2004 Posted April 28, 2004 spamtraps are email addresses that have never been used and so should never get email. If the spammers guess them via dictionary means (trying all combinations such absmith, acsmith, adsmith, etc) or have harvested them from web sites and thus add the spamtrap addresses to a spamming list, the spamtraps will get email. Several blocklists use this technique to add IP addresses to their lists (including spamcop). this doesn't really fall under this thread, (and I've known what spamtraps are for some time now) but your post got me thinking .... I have more than a few domains, and I could spare a few email addresses from each of those domains. Are there any block lists who want to have spamtrap addresses donated in order to trap more spammers? Would SpamCop be interested? Just wondering. (I did a quick google search but most results were articles about keeping web users from getting tricked by spammers)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.