Case study - Spamcop's BL NS's out of sync

[exitlight]

Greetings, everyone.

Sporadic blacklisting by spamcop's DNS's happening for a few days now.

Spamcop's web site reports the IP as NOT listed (IP is: 217.70.144.64 ). It WAS listed a few days ago, I requested a removal and apparently it went through only partially.

Some Spamcop DNS servers report it as listed, most as not.

Her's what I've done. I've checked blns{1,71}.spamcop.net. I'm not sure 71 is the maximum I should have checked but it seems good enough. Anyway:

$ for i in `seq 1 71`; do echo $i; dig 64.144.70.217.bl.spamcop.net a [at]blns$i.spamcop.net > $i 2>&1; done

Result is 71 files.

$ grep "IN" * | grep bl.spamcop | grep -v SOA

Resuilt:

11:;64.144.70.217.bl.spamcop.net. IN A

11:64.144.70.217.bl.spamcop.net. 2100 IN A 127.0.0.2

14:;64.144.70.217.bl.spamcop.net. IN A

25:;64.144.70.217.bl.spamcop.net. IN A

34:;64.144.70.217.bl.spamcop.net. IN A

34:64.144.70.217.bl.spamcop.net. 2100 IN A 127.0.0.2

39:;64.144.70.217.bl.spamcop.net. IN A

4:;64.144.70.217.bl.spamcop.net. IN A

42:;64.144.70.217.bl.spamcop.net. IN A

43:;64.144.70.217.bl.spamcop.net. IN A

44:;64.144.70.217.bl.spamcop.net. IN A

50:;64.144.70.217.bl.spamcop.net. IN A

54:;64.144.70.217.bl.spamcop.net. IN A

55:;64.144.70.217.bl.spamcop.net. IN A

56:;64.144.70.217.bl.spamcop.net. IN A

58:;64.144.70.217.bl.spamcop.net. IN A

6:;64.144.70.217.bl.spamcop.net. IN A

60:;64.144.70.217.bl.spamcop.net. IN A

63:;64.144.70.217.bl.spamcop.net. IN A

65:;64.144.70.217.bl.spamcop.net. IN A

66:;64.144.70.217.bl.spamcop.net. IN A

67:;64.144.70.217.bl.spamcop.net. IN A

68:;64.144.70.217.bl.spamcop.net. IN A

69:;64.144.70.217.bl.spamcop.net. IN A

70:;64.144.70.217.bl.spamcop.net. IN A

71:;64.144.70.217.bl.spamcop.net. IN A

As we can see BLNS11.spamcop.net and BLNS34.spamcop.net have the IP listed, while the other BLNS's do not have it listed.

Any help with that, please? Thanks in advance.

Another question - if I understand correctly (do I?), Spamcop sets email traps and if any spam is received, the sending server is blacklisted. Sounds like a great plan, except we got listed while we only send email to our actual customers from the server that got listed, i.e.: only people who created actual accounts. How can that happen? Thanks again.

[SpamCopAdmin]

I passed the Blocking List info on to our Engineers.

>- Spamcop sets email traps and if any spam is received, the sending server is blacklisted.

Basically, yes. Although it takes more than just one spam.

A spamtrap is an unused address whose sole reason for existence is to see if people will send unsolicited mail to it. Spamtraps are basically the nonexistent addresses at small vanity domains owned by us or our associates. Mail to nonexistent addresses is proof-positive that email addresses are being added to a mailing list without the address owner's permission.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[turetzsr]

<snip>

Another question - if I understand correctly (do I?), Spamcop sets email traps and if any spam is received, the sending server is blacklisted. Sounds like a great plan, except we got listed while we only send email to our actual customers from the server that got listed, i.e.: only people who created actual accounts. How can that happen? Thanks again.

...Three possibilities occur to me (but I am no expert):

• One or more of your "actual customers" gave you a SpamCop S pam Trap address as their e-mail address.
  
• One or more of your customers either forgot that they had requested something from you and reported it as spam or deliberately reported you.
  
• A spammer has used your server or a machine for which you receive abuse reports to send spam.
  

...The SpamCop Deputies (deputies[at]admin.spamcop.net) might also be of help to you in determining a bit more about whether the cause is S pamTrap hits or SpamCop user reports or both that caused the listing.

...Good luck resolving the problem and thanks for caring enough to inquire!