Please remove from your list

[edcoxe]

Per the instructions on your site, I went to ORDB.org to see if IP 64.27.65.41 has an open relay. Here is their response.

"This host is not listed in ORDB as an open mail relay"

"The server explicitly rejected all probes, and has been deemed secure by the ORDB testing engine."

I hope this is the all the information you require to be able to immediately delete this IP number from your list. I am a web developer, and this IP belongs to one of my business clients. Needless to say, they are very irate at the moment because they cannot send e-mail.

Please do what you can.

Thanks,

Ed Coxe

[Ralsky's Fatal Tumor]

I hope this is the all the information you require to be able to immediately delete this IP number from your list.

You may not be running an open proxy, but you do have some issues to contend with.

64.27.65.41 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 340 times by less than 10 users. It has been sending mail consistently for at least 106.7 days. In the past 468.4 days, it has been listed 3 times for a total of 5.9 days

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been detected sending mail to spam traps

Been witnessed sending mail about 230 times

Other hosts in this "neighborhood" with spam reports:

64.27.65.31

64.27.65.43

Sending spam to spam traps (email addresses that are unpublished and should never receive mail of any sort is an instant kiss of death to Spamcop, and rightly so. Also, since 64.27.65.32/28 is listed as being under the control of Brian Haberstroh, you really have some serious problems on your hands.

I'm sure one of the deputies will be along shortly to give you more information.

[Derek T]

64.27.65.41 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 340 times by less than 10 users. It has been sending mail consistently for at least 106.7 days. In the past 468.4 days, it has been listed 3 times for a total of 5.9 days

* In the past week, this system has: Been reported as a source of spam less than 10 times

* Been detected sending mail to spam traps

* Been witnessed sending mail about 230 times

* Other hosts in this "neighborhood" with spam reports: 64.27.65.31

* 64.27.65.43

SpamCop is NOT a list of open relays. SpamCop maintains a real-time list of actively spamming IP servers. Please read the FAQ 'why am I blocked' for more details. You may not be an open relay but you do appear to have a big problem: being reported 340 times is not good news! Neither is sending mail to spamtraps - they are addresses that have never sent and should never receive e-mail, they are laid as 'bait' for spiders inside web pages. Someone is sending a lot of spam through that server. If you post details of whether the server is used by a single user or shared, what type of server it is etc. someone with much more knowledge than me will be along with suggestions of which vulnerabilities are most likely the cause.

The good news is that the SCBL is real-time and that the listing will be dropped (automatically) within 48 hrs (usually) of the last spam report.

Hope this helps

Derek T

(not an employee, just a happy user)

[dra007]

listed as being under the control of Brian Haberstroh

Interesting to note:

Notes for datapipe.com Abuse/Security

A listing in the ROKSO database means that this spammer has already been terminated by a minimum of 3 consecutive Internet networks for serious spam offenses. ROKSO spammers are professional spam gangs, they will use every trick in order to stop you from terminating them. Please do not allow your network to be a haven for ROKSO spammers, doing so puts your network in the position of "Knowingly providing spam Support Service".

[Spambo]

Per the instructions on your site, I went to ORDB.org to see if IP 64.27.65.41 has an open relay. Here is their response.

"This host is not listed in ORDB as an open mail relay"

"The server explicitly rejected all probes, and has been deemed secure by the ORDB testing engine."

I hope this is the all the information you require to be able to immediately delete this IP number from your list. I am a web developer, and this IP belongs to one of my business clients. Needless to say, they are very irate at the moment because they cannot send e-mail.

Please do what you can.

Thanks,

Ed Coxe

The SCBL is NOT a list of open relays, it is a list of IP addresses that are currently being reported as the source of spams that SpamCop users are receiving.

You have much bigger problems than the SCBL, OpenRBL shows the IP is listed at Spamhaus as well as several other blocklists:

• [at]spam/spamsource: 553 SBL http://www.spamhaus.org/SBL/sbl.lasso?query=SBL15974
  
• SBL/spamhaus.org: 553 SBL http://www.spamhaus.org/SBL/sbl.lasso?query=SBL15974
  
• SPAMCOP/bl.spamcop.net: Blocked - see http://www.spamcop.net/bl.shtml?64.27.65.41
  
• SPAMBAG/datapipe: Blocked - see http://www.spambag.org/cgi-bin/spambag?mailfrom=datapipe
  

I suggest you discuss the matter with your provider and get them to dump the spamming parasites that are the real cause of your email problems.

[Miss Betsy]

open relays are not the only possible problem. There are open proxies and trojanized computers. Also if you are using MS Exchange, it apparently is easy for the spammer to force himself in and set up an account for himself because of password and SMTP/AUTH vulnerabilities. Also, you need to look at the ports - spammers will send spam through other ports than port 25. (I am not technically fluent so I might be using some of these phrases incorrectly, but it should give you a hint in the right direction)

If you send an email to deputies <at> spamcop.net, they may be able to point you to a closer estimate of your problem since they can see the entire sample. It is unlikely, with that many reports, that you have someone sending auto replies to viruses with forged spamtrap addresses (another common cause of listing)

Miss Betsy

[Merlyn]

Also, since 64.27.65.32/28 is listed as being under the control of Brian Haberstroh, you really have some serious problems on your hands.

I do not see it listed there. did you check?

Yes he has a compromised machine but it is not in Spamhaus.

[Spambo]

I do not see it listed there. did you check?

Seems like the listing was removed earlier today:

Removed              64.27.65.32/28     datapipe.com            Issue Resolved
                      Brian Haberstroh / Atriks                  27-Apr-2004 17:54 GMT 
                      acquireweb.com opt-out spammers

[edcoxe]

I just want to thank all of you who have responded. This is something new for me and I know very little about it, but I have the feeling I'll be learning fast.

Thanks again,

Ed

[Ralsky's Fatal Tumor]

I do not see it listed there. did you check?

I swear that was there earlier! I knew I should have started another quote block from Spamhaus.

[Spambo]

I swear that was there earlier! I knew I should have started another quote block from Spamhaus.

It probably was listed when you posted, it was when I posted.

[Merlyn]

I do not see it listed there. did you check?

I swear that was there earlier! I knew I should have started another quote block from Spamhaus.

I believe ya :-) It has happened to me before.