bonzo1965 Posted September 24, 2013 Posted September 24, 2013 Hi my email address (which I have used for business for the past 5 years) is now having emails undelivered because it is in the database. I do not and have never sent spam. About 3 months ago, a client of mine changed servers and for some reason every email I sent them with an attachment was bounced back as spam. Finally, after 2 months their new service providers resolved the problem and I can send them emails successfully. Since then, however, it seems I am in the Spamcop database and more and more emails are being returned from other clients. o2 is my service provider I can post/email the logs if that helps any advice would be greatly appreciated thanks steve
Derek T Posted September 24, 2013 Posted September 24, 2013 Hi my email address (which I have used for business for the past 5 years) is now having emails undelivered because it is in the database. I do not and have never sent spam. <snip> Since then, however, it seems I am in the Spamcop database and more and more emails are being returned from other clients. o2 is my service provider SpamCop does not list email addresses but IP addresses. None of us can help without the IP address that is having problems. Please see the FAQs for more information and please post an unaltered rejection notice for more help.
bonzo1965 Posted September 24, 2013 Author Posted September 24, 2013 this is a typical reply I get now - These recipients of your message have been processed by the mail server: ******; Failed; 5.1.1 (bad destination mailbox address) Remote MTA *******: SMTP diagnostic: 550 5.7.0 Your server IP address is in the SpamCop database, bye Reporting-MTA: dns; mail.o2.co.uk Received-from-MTA: dns; [192.168.1.64] (78.105.212.240) Arrival-Date: Tue, 24 Sep 2013 08:38:02 +0100 Final-Recipient: rfc822; ****** Action: Failed Status: 5.1.1 (bad destination mailbox address) Remote-MTA: dns; ******* Diagnostic-Code: smtp; 550 5.7.0 Your server IP address is in the SpamCop database, bye From: Stephen Jones ******* Date: 24 September 2013 08:38:01 GMT+01:00 To: ******* Subject: Fwd: Visuals a typical response I used to get when the problems first started (with original client) This is the mail system at host filter2.mjcgroup.co.uk. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system ********: host 62.49.142.138[62.49.142.138] said: 550 5.7.1 Message rejected as spam by Content Filtering. (in reply to end of DATA command) Reporting-MTA: dns; filter2.mjcgroup.co.uk X-Postfix-Queue-ID: DD78D143421 X-Postfix-Sender: rfc822; ******** Arrival-Date: Wed, 24 Jul 2013 09:56:43 +0100 (BST) Final-Recipient: rfc822; ******** Original-Recipient: rfc822;********** Action: failed Status: 5.7.1 Remote-MTA: dns; 62.49.142.138 Diagnostic-Code: smtp; 550 5.7.1 Message rejected as spam by Content Filtering. Return-Path: ******** Received: from filter2.mjcgroup.co.uk (localhost [127.0.0.1]) by filter2.mjcgroup.co.uk (Postfix) with ESMTP id DD78D143421 for ********; Wed, 24 Jul 2013 09:56:43 +0100 (BST) X-Virus-Scanned: by SpamTitan at mjcgroup.co.uk X-spam-Flag: NO X-spam-Score: -1.901 X-spam-Level: X-spam-Status: No, score=-1.901 tagged_above=-999 required=3 tests=[bAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham Received: from mail.o2.co.uk (sidious.london.02.net [82.132.130.152]) by filter2.mjcgroup.co.uk (Postfix) with ESMTP id 4C8DE143417 for **********; Wed, 24 Jul 2013 09:56:39 +0100 (BST) Received: from [192.168.1.68] (78.105.212.240) by mail.o2.co.uk (8.5.140.03) (authenticated as *******) id 51DA908903220118 for *******; Wed, 24 Jul 2013 09:56:38 +0100 From: Stephen Jones ****** Content-Type: multipart/mixed; boundary=Apple-Mail-180--935501567 Subject: test Date: Wed, 24 Jul 2013 09:56:13 +0100 Message-Id: <DA4AFB12-E640-4046-B2A7-031502C96D8E[at]o2.co.uk> To: ******* Mime-Version: 1.0 (Apple Message framework v1085) X-Mailer: Apple Mail (2.1085)
Derek T Posted September 24, 2013 Posted September 24, 2013 this is a typical reply I get now - These recipients of your message have been processed by the mail server: ******; Failed; 5.1.1 (bad destination mailbox address) Remote MTA *******: SMTP diagnostic: 550 5.7.0 Your server IP address is in the SpamCop database, bye Reporting-MTA: dns; mail.o2.co.uk Received-from-MTA: dns; [192.168.1.64] (78.105.212.240) Arrival-Date: Tue, 24 Sep 2013 08:38:02 +0100 Sorry, which part of 'unaltered' did you not understand? You have removed the information we need in order to help you. The previous problems were caused by content filtering and have nothing to do with spamcop or your present problems.
bonzo1965 Posted September 24, 2013 Author Posted September 24, 2013 thanks for your time but seriously what's with the attitude?? I have removed my own and my clients email addresses only - you said that it is not the email address that is blocked why are these important? "The previous problems were caused by content filtering and have nothing to do with spamcop or your present problems." this maybe true but is it not possible that this is what caused my address to be on the block list in the first place? This only started happening after I had the original problem thanks for your time by the way I posted the info before I saw your post...
Derek T Posted September 24, 2013 Posted September 24, 2013 thanks for your time but seriously what's with the attitude?? I have removed my own and my clients email addresses only - you said that it is not the email address that is blocked why are these important? "The previous problems were caused by content filtering and have nothing to do with spamcop or your present problems." this maybe true but is it not possible that this is what caused my address to be on the block list in the first place? This only started happening after I had the original problem thanks for your time Your address is not on the blocklist. No email address is ever on the blocklist. See the FAQ. The IP address through which your mail goes out is on a blocklist and that's probably due to its owner (o2?) not being proactive in kicking off abusers. Essential information is either missing or munged. A properly-formed rejection message SHOULD contain the IP address of the rejected sending server: something like Email rejected because 173.203.116.233 is listed by bl.spamcop.net - See http://www.spamcop.net/w3m?action=checkblo...173.203.116.233 It is that IP (xxx.xxx.xxx.xxx) that we need in order to help you. As you say email addresses are not important. And no, the previous issue would not get your IP onto the blocklist, this is most likely an O2 problem and you an innocent bystander, but without the IP to look up I really can't help you resolve this. Sorry.
bonzo1965 Posted September 24, 2013 Author Posted September 24, 2013 ok, thanks here is another rejection note from a different email address - again, only email addresses have been removed is this any good? if not, why is the info not there? - These recipients of your message have been processed by the mail server: info[at]********.com; Failed; 5.1.2 (bad destination system address) Remote MTA mail.*********.com: network error - SMTP protocol diagnostic: 550-Your IP address is on the RBL blacklist! Sending denied. \r\n550-For further information and delisting procedure,\r\n550 please see http://www.spamcop.net/w3m?action=checkblo...=82.132.130.151 Reporting-MTA: dns; mail.o2.co.uk Received-from-MTA: dns; [192.168.1.66] (78.105.212.240) Arrival-Date: Sat, 7 Sep 2013 18:28:25 +0100 Final-Recipient: rfc822; *********.com Action: Failed Status: 5.1.2 (bad destination system address) Remote-MTA: dns; **********.com From: Stephen Jones ******* Date: 7 September 2013 18:28:24 GMT+01:00 To: ******* Subject: availability btw - I tried the delisting procedure which worked the first time, but then the problem returned
Derek T Posted September 24, 2013 Posted September 24, 2013 - SMTP protocol diagnostic: 550-Your IP address is on the RBL blacklist! Sending denied. \r\n550-For further information and delisting procedure,\r\n550 please see http://www.spamcop.net/w3m?action=checkblo...=82.132.130.151 Yes, that's a great help, thank you. 82.132.130.151 is one of o2's mail-servers (I see four, named after starwars characters, this one is 'yoda') and you will be sharing that with tens of thousands (at least) of o2's other customers. Looking at the senderbase records it would appear that a spam-run from that server (probably a zombied customer) has recently ended (traffic is down 42% today) so it would appear that o2 have taken action to remove the source. The server is NOT currently listed (SpamCop is very quick to de-list once the spam stops) and so the rejections should stop, unless the receiving servers are using out-of-date lists. Chances are your mail is assigned to the four servers at random. At present none is on the SpamCop blacklist so all should be well. Something was broken, o2 seem to have fixed it You were an innocent bystander and need do nothing (apart, of course, from keeping your own anti-malware up to date so that you don't become the next zombie) EDIT: I've just noticed that the 'vader' server (82.132.130.150) IS now listed for the next 23 hours so you MIGHT get a rejection if your mail gets sent out through this one. Again, O2 seem to have stopped the spew (falling volume). Good luck! For your information: IP Address 82.132.130.151 Fwd/Rev DNS Match Yes First Seen Help 2007-05-23 Email Reputation Help Good Web Reputation Help Neutral Last Day Last Month Email Magnitude Help 4.2 4.3 Volume Change Help -44% ↓ Hostname yoda.london.02.net Domain 02.net Network Owner Telefonica O2 UK Blacklists bl.spamcop.net Not Listed cbl.abuseat.org Not Listed dnsbl.sorbs.net Not Listed pbl.spamhaus.org Not Listed sbl.spamhaus.org Not Listed
hawkeye1111 Posted September 24, 2013 Posted September 24, 2013 Appears that the IP is back on the list! 82.132.130.151 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) Too many delisting requests were made. Next request might be allowed after 21.7 day Because of the above problems, express-delisting is not available Listing History In the past 19.3 days, it has been listed 8 times for a total of 11.1 days
bonzo1965 Posted September 24, 2013 Author Posted September 24, 2013 great :angry: and my emails are bouncing back as usual how does this work? how many complaints does it take to get an IP blocklisted? "Too many delisting requests were made. Next request might be allowed after 21.7 day" what does this mean? of course there are going to be loads of delisting requests if loads of innocent people are being affected. Who do I approach to get this sorted? I doubt o2/Sky give 2 hoots is it the ISP at fault? are Spamcop to quick to blocklist?
Derek T Posted September 24, 2013 Posted September 24, 2013 how does this work? how many complaints does it take to get an IP blocklisted? what does this mean? of course there are going to be loads of delisting requests if loads of innocent people are being affected. Who do I approach to get this sorted? I doubt o2/Sky give 2 hoots is it the ISP at fault? are Spamcop to quick to blocklist? As I understand it, it's not so much how many complaints as what the proportion of spam is to genuine mail, so a large-volume server (e.g. yahoo, gmail) will need more complaints (and spam-trap hits, which carry more weight as these addresses have never sent mail to anyone) than a low-volume server. A good spam-spew can increase email from a server by a factor of 10 or more (ie 90% or more spam). De-listing requests should only be made by the owner of the server AFTER they are sure that the problem is solved. It does say so on the de-listing page. Whose fault? Ultimately the spammers who take over machines, Microsoft who make such easily-hacked operating systems and ISPs who don't take quick and proactive enough action to keep the spam sources off their servers. Spamcop is one of the most forgiving of blocklists, listing only in response to active spam spews and quick to delist after they stop. There are many less-forgiving lists out there and if o2 don't take action they may soon end up on those too. You are their customer and o2 should be asked to provide the service that you have paid for. Also note that Spamcop does NOT recommend using their list in blocking mode, on the contrary Spamcop recommends using it to filter to a hold/quarantine folder. However, some admins choose to block completely: their server, their rules. But some of the fault does, therefore, lie at the receiving end.
turetzsr Posted September 24, 2013 Posted September 24, 2013 <snip> so it would appear that o2 have taken action to remove the source. <snip> ...Or (as is more likely, now that we know from hawkeye1111 [thanks, hawkeye1111!] that the IP address in question has returned to the SCBL) the particular zombied machine(s) stopped sending for a while or the spammers moved on temporarily to other zombies only to return later. ...Steve: sorry to say, unless O2 quickly gets better at identifying and correcting the use of its services to run spam, you are likely to continue to have this problem. If you are correct in your doubt that "o2/Sky give 2 hoots," do they really deserve to have you as a customer? Of course, if you don't have the option of going to any other provider, there's not much you'll be able to do about it. But you may wish to look for such alternatives as satellite and mobile phone providers as alternatives for your internet service.
Farelf Posted September 24, 2013 Posted September 24, 2013 ... is it the ISP at fault? are Spamcop to quick to blocklist? Well, the ISP is the only one that can do anything about controlling rogue accounts/zombie incursions. SpamCop is not the only player in the RBL (real-time blocklist) business - see http://multirbl.valli.org/dnsbl-lookup/82.132.130.151.html for some other public lists including that server. Then there are are private/proprietary lists. And "reputation" rankings which many networks use as well as/instead of RBLs ... SpamCop just happens to be the one affecting your "deliverability" at the moment. Others come into play when messages are routed through/to other networks Quite a few of those blocklist operators provide excellent information to the o2.co.uk abuse handlers to assist identification and isolation of those accounts/incursions causing the listings. SpamCop does it privately (though not for spamtrap hits), by e-mail to abuse[at]o2.co.uk with very nearly all of each offending spam message provided in evidence and in a timely fashion. The message subjects for the last two reports at the time of writing: Submitted: Tuesday, 24 September 2013 10:16:42 PM +0800: State-of-the-art medications winning impotence battle. Shipped for free! Submitted: Tuesday, 24 September 2013 6:45:19 PM +0800: OPEN ATTACHMENT LETTER IRREVOCABLE PAYMENT ORDER VIA ATM CARD HAS BEEN APPROV... - pushing all the buttons, certainly looks like spambot stuff. SpamCop IS quick to report (but not necessarily to list) - the "early warning" to abuse desks (catching the leading edge of spam spews) is part of its difference from other lists and much of its value in spam control. Some other RBLs provide their evidence publicly - see http://www.anti-spam.org.cn/Rbl/Query/Deta...=82.132.130.151 - you can see the rogue o2.co.uk accounts, lightly munged, accessed from the U.K. and elsewhere (or more likely compromised accounts, given the high volumes of total spam that must be involved, as Derek mentions) . ISPs put as much effort/resourse into spam control as they have to, in order to grow their businesses (merely retaining customers is not enough for them to survive). They DO listen to customer complaints if service is affected (considering value for money from the perspective of the present and prospective customer base) - but only in aggregate. Like any other business. There's some (faint) solace in that.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.