Chris Norgaard Posted January 30, 2004 Share Posted January 30, 2004 How can I tell why we are on the blacklist. Is it being caused by mydoom? Link to comment Share on other sites More sharing options...
Jeff G. Posted January 30, 2004 Share Posted January 30, 2004 According to http://www.spamcop.net/w3m?action=checkblo...=199.89.170.139 : Query bl.spamcop.net - 199.89.170.139 199.89.170.139 is mail1.univarusa.com 199.89.170.139 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 23.8 days. In the past 45 hours, it has been listed 2 times for a total of 36 hours In the past week, this system has: Been reported as a source of spam less than 10 times Been detected sending mail to spam traps Been witnessed sending mail about 90 times A sample sent sometime during the 24 hours beginning : Received: Subject: - now From: ch.. at ..o.com Been detected sending mail to spam traps is a kiss of death for any IP Address. ISPs whose IP Addresses have Been detected sending mail to spam traps need to review FAQ Entry "How can I be de-listed" at http://www.spamcop.net/fom-serve/cache/298.html ASAP. Please see the "Pinned: FAQ Entry: Why is my email blocked?" Topic at http://forum.spamcop.net/forums/index.php?showtopic=35 for more information. Link to comment Share on other sites More sharing options...
michaell Posted January 31, 2004 Share Posted January 31, 2004 Er... unfortunately none of that stuff is relevant in this case, Jeff. The IP was indeed listed due to MyDoom. The MyDoom worm generates email addresses from a list of names and attaches them to known domains, and unfortunately it seems to have come up with a spamtrap address in that way. I've removed the IP from the list. I hope the virus has been cleaned up now. Link to comment Share on other sites More sharing options...
Jeff G. Posted January 31, 2004 Share Posted January 31, 2004 Michael, Thank you for taking care of this. Can you tell if that spamtrap was embedded in a web page or computed using a common first name? Thanks! Link to comment Share on other sites More sharing options...
michaell Posted January 31, 2004 Share Posted January 31, 2004 Can you tell if that spamtrap was embedded in a web page or computed using a common first name? I'm only guessing, but it looks like just a common first name at a known domain. Link to comment Share on other sites More sharing options...
Jeff G. Posted January 31, 2004 Share Posted January 31, 2004 Can you tell if that spamtrap was embedded in a web page or computed using a common first name? I'm only guessing, but it looks like just a common first name at a known domain. In the interest of justice, it might be advisable to disable that one and others which match the profile, at least until this worm expires. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.