Jump to content is on the blacklist

Chris Norgaard

Recommended Posts

According to http://www.spamcop.net/w3m?action=checkblo...= :

Query bl.spamcop.net - is mail1.univarusa.com listed in bl.spamcop.net (

Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 23.8 days. In the past 45 hours, it has been listed 2 times for a total of 36 hours

In the past week, this system has:

Been reported as a source of spam less than 10 times

Been detected sending mail to spam traps

Been witnessed sending mail about 90 times

A sample sent sometime during the 24 hours beginning :


Subject: - now

From: ch.. at ..o.com

Been detected sending mail to spam traps is a kiss of death for any IP Address. ISPs whose IP Addresses have Been detected sending mail to spam traps need to review FAQ Entry "How can I be de-listed" at http://www.spamcop.net/fom-serve/cache/298.html ASAP.

Please see the "Pinned: FAQ Entry: Why is my email blocked?" Topic at

http://forum.spamcop.net/forums/index.php?showtopic=35 for more information.

Link to comment
Share on other sites

Er... unfortunately none of that stuff is relevant in this case, Jeff.

The IP was indeed listed due to MyDoom. The MyDoom worm generates email addresses from a list of names and attaches them to known domains, and unfortunately it seems to have come up with a spamtrap address in that way.

I've removed the IP from the list. I hope the virus has been cleaned up now.

Link to comment
Share on other sites

Can you tell if that spamtrap was embedded in a web page or computed using a common first name?

I'm only guessing, but it looks like just a common first name at a known domain.

In the interest of justice, it might be advisable to disable that one and others which match the profile, at least until this worm expires.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...