Jump to content

Your server IP address is in the SpamCop database, bye


bonzo1965

Recommended Posts

Hi

my email address (which I have used for business for the past 5 years) is now having emails undelivered because it is in the database. I do not and have never sent spam.

About 3 months ago, a client of mine changed servers and for some reason every email I sent them with an attachment was bounced back as spam. Finally, after 2 months their new service providers resolved the problem and I can send them emails successfully. Since then, however, it seems I am in the Spamcop database and more and more emails are being returned from other clients.

o2 is my service provider

I can post/email the logs if that helps

any advice would be greatly appreciated

thanks

steve

Link to comment
Share on other sites

Hi

my email address (which I have used for business for the past 5 years) is now having emails undelivered because it is in the database. I do not and have never sent spam.

<snip> Since then, however, it seems I am in the Spamcop database and more and more emails are being returned from other clients.

o2 is my service provider

SpamCop does not list email addresses but IP addresses. None of us can help without the IP address that is having problems. Please see the FAQs for more information and please post an unaltered rejection notice for more help.

Link to comment
Share on other sites

this is a typical reply I get now

- These recipients of your message have been processed by the mail server:

******; Failed; 5.1.1 (bad destination mailbox address)

Remote MTA *******: SMTP diagnostic: 550 5.7.0 Your server IP address is in the SpamCop database, bye

Reporting-MTA: dns; mail.o2.co.uk

Received-from-MTA: dns; [192.168.1.64] (78.105.212.240)

Arrival-Date: Tue, 24 Sep 2013 08:38:02 +0100

Final-Recipient: rfc822; ******

Action: Failed

Status: 5.1.1 (bad destination mailbox address)

Remote-MTA: dns; *******

Diagnostic-Code: smtp; 550 5.7.0 Your server IP address is in the SpamCop database, bye

From: Stephen Jones *******

Date: 24 September 2013 08:38:01 GMT+01:00

To: *******

Subject: Fwd: Visuals

a typical response I used to get when the problems first started (with original client)

This is the mail system at host filter2.mjcgroup.co.uk.

I'm sorry to have to inform you that your message could not

be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can

delete your own text from the attached returned message.

The mail system

********: host 62.49.142.138[62.49.142.138] said: 550 5.7.1

Message rejected as spam by Content Filtering. (in reply to end of DATA

command)

Reporting-MTA: dns; filter2.mjcgroup.co.uk

X-Postfix-Queue-ID: DD78D143421

X-Postfix-Sender: rfc822; ********

Arrival-Date: Wed, 24 Jul 2013 09:56:43 +0100 (BST)

Final-Recipient: rfc822; ********

Original-Recipient: rfc822;**********

Action: failed

Status: 5.7.1

Remote-MTA: dns; 62.49.142.138

Diagnostic-Code: smtp; 550 5.7.1 Message rejected as spam by Content Filtering.

Return-Path: ********

Received: from filter2.mjcgroup.co.uk (localhost [127.0.0.1])

by filter2.mjcgroup.co.uk (Postfix) with ESMTP id DD78D143421

for ********; Wed, 24 Jul 2013 09:56:43 +0100 (BST)

X-Virus-Scanned: by SpamTitan at mjcgroup.co.uk

X-spam-Flag: NO

X-spam-Score: -1.901

X-spam-Level:

X-spam-Status: No, score=-1.901 tagged_above=-999 required=3

tests=[bAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham

Received: from mail.o2.co.uk (sidious.london.02.net [82.132.130.152])

by filter2.mjcgroup.co.uk (Postfix) with ESMTP id 4C8DE143417

for **********; Wed, 24 Jul 2013 09:56:39 +0100 (BST)

Received: from [192.168.1.68] (78.105.212.240) by mail.o2.co.uk (8.5.140.03) (authenticated as *******)

id 51DA908903220118 for *******; Wed, 24 Jul 2013 09:56:38 +0100

From: Stephen Jones ******

Content-Type: multipart/mixed; boundary=Apple-Mail-180--935501567

Subject: test

Date: Wed, 24 Jul 2013 09:56:13 +0100

Message-Id: <DA4AFB12-E640-4046-B2A7-031502C96D8E[at]o2.co.uk>

To: *******

Mime-Version: 1.0 (Apple Message framework v1085)

X-Mailer: Apple Mail (2.1085)

Link to comment
Share on other sites

this is a typical reply I get now

- These recipients of your message have been processed by the mail server:

******; Failed; 5.1.1 (bad destination mailbox address)

Remote MTA *******: SMTP diagnostic: 550 5.7.0 Your server IP address is in the SpamCop database, bye

Reporting-MTA: dns; mail.o2.co.uk

Received-from-MTA: dns; [192.168.1.64] (78.105.212.240)

Arrival-Date: Tue, 24 Sep 2013 08:38:02 +0100

Sorry, which part of 'unaltered' did you not understand? You have removed the information we need in order to help you. The previous problems were caused by content filtering and have nothing to do with spamcop or your present problems.

Link to comment
Share on other sites

thanks for your time but seriously what's with the attitude??

I have removed my own and my clients email addresses only - you said that it is not the email address that is blocked why are these important?

"The previous problems were caused by content filtering and have nothing to do with spamcop or your present problems."

this maybe true but is it not possible that this is what caused my address to be on the block list in the first place? This only started happening after I had the original problem

thanks for your time

by the way

I posted the info before I saw your post...

Link to comment
Share on other sites

thanks for your time but seriously what's with the attitude??

I have removed my own and my clients email addresses only - you said that it is not the email address that is blocked why are these important?

"The previous problems were caused by content filtering and have nothing to do with spamcop or your present problems."

this maybe true but is it not possible that this is what caused my address to be on the block list in the first place? This only started happening after I had the original problem

thanks for your time

Your address is not on the blocklist. No email address is ever on the blocklist. See the FAQ. The IP address through which your mail goes out is on a blocklist and that's probably due to its owner (o2?) not being proactive in kicking off abusers.

Essential information is either missing or munged.

A properly-formed rejection message SHOULD contain the IP address of the rejected sending server: something like

Email rejected because 173.203.116.233 is listed by bl.spamcop.net - See http://www.spamcop.net/w3m?action=checkblo...173.203.116.233

It is that IP (xxx.xxx.xxx.xxx) that we need in order to help you. As you say email addresses are not important.

And no, the previous issue would not get your IP onto the blocklist, this is most likely an O2 problem and you an innocent bystander, but without the IP to look up I really can't help you resolve this. Sorry.

Link to comment
Share on other sites

ok, thanks

here is another rejection note from a different email address - again, only email addresses have been removed

is this any good? if not, why is the info not there?

- These recipients of your message have been processed by the mail server:

info[at]********.com; Failed; 5.1.2 (bad destination system address)

Remote MTA mail.*********.com: network error

- SMTP protocol diagnostic: 550-Your IP address is on the RBL blacklist! Sending denied. \r\n550-For further information and delisting procedure,\r\n550 please see http://www.spamcop.net/w3m?action=checkblo...=82.132.130.151

Reporting-MTA: dns; mail.o2.co.uk

Received-from-MTA: dns; [192.168.1.66] (78.105.212.240)

Arrival-Date: Sat, 7 Sep 2013 18:28:25 +0100

Final-Recipient: rfc822; *********.com

Action: Failed

Status: 5.1.2 (bad destination system address)

Remote-MTA: dns; **********.com

From: Stephen Jones *******

Date: 7 September 2013 18:28:24 GMT+01:00

To: *******

Subject: availability

btw - I tried the delisting procedure which worked the first time, but then the problem returned

Link to comment
Share on other sites

- SMTP protocol diagnostic: 550-Your IP address is on the RBL blacklist! Sending denied. \r\n550-For further information and delisting procedure,\r\n550 please see http://www.spamcop.net/w3m?action=checkblo...=82.132.130.151

Yes, that's a great help, thank you. 82.132.130.151 is one of o2's mail-servers (I see four, named after starwars characters, this one is 'yoda') and you will be sharing that with tens of thousands (at least) of o2's other customers. Looking at the senderbase records it would appear that a spam-run from that server (probably a zombied customer) has recently ended (traffic is down 42% today) so it would appear that o2 have taken action to remove the source. The server is NOT currently listed (SpamCop is very quick to de-list once the spam stops) and so the rejections should stop, unless the receiving servers are using out-of-date lists.

Chances are your mail is assigned to the four servers at random. At present none is on the SpamCop blacklist so all should be well. Something was broken, o2 seem to have fixed it :) You were an innocent bystander and need do nothing (apart, of course, from keeping your own anti-malware up to date so that you don't become the next zombie)

EDIT: I've just noticed that the 'vader' server (82.132.130.150) IS now listed for the next 23 hours so you MIGHT get a rejection if your mail gets sent out through this one. Again, O2 seem to have stopped the spew (falling volume). Good luck! :)

For your information:

IP Address 	82.132.130.151
Fwd/Rev DNS Match 	Yes
First Seen Help 	2007-05-23

Email Reputation Help 	
Good
Web Reputation Help 	
Neutral

	Last Day 	Last Month
Email Magnitude Help 	4.2 	4.3
Volume Change Help 	-44% ↓ 	

Hostname 	yoda.london.02.net
Domain 	02.net
Network Owner 	Telefonica O2 UK
Blacklists
bl.spamcop.net 	Not Listed
cbl.abuseat.org 	Not Listed
dnsbl.sorbs.net 	Not Listed
pbl.spamhaus.org 	Not Listed
sbl.spamhaus.org 	Not Listed

Link to comment
Share on other sites

Appears that the IP is back on the list!

82.132.130.151 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

Too many delisting requests were made. Next request might be allowed after 21.7 day

Because of the above problems, express-delisting is not available

Listing History

In the past 19.3 days, it has been listed 8 times for a total of 11.1 days

Link to comment
Share on other sites

great :angry:

and my emails are bouncing back as usual

how does this work? how many complaints does it take to get an IP blocklisted?

"Too many delisting requests were made. Next request might be allowed after 21.7 day"

what does this mean? of course there are going to be loads of delisting requests if loads of innocent people are being affected. Who do I approach to get this sorted? I doubt o2/Sky give 2 hoots

is it the ISP at fault? are Spamcop to quick to blocklist?

Link to comment
Share on other sites

how does this work? how many complaints does it take to get an IP blocklisted?

what does this mean? of course there are going to be loads of delisting requests if loads of innocent people are being affected. Who do I approach to get this sorted? I doubt o2/Sky give 2 hoots

is it the ISP at fault? are Spamcop to quick to blocklist?

As I understand it, it's not so much how many complaints as what the proportion of spam is to genuine mail, so a large-volume server (e.g. yahoo, gmail) will need more complaints (and spam-trap hits, which carry more weight as these addresses have never sent mail to anyone) than a low-volume server. A good spam-spew can increase email from a server by a factor of 10 or more (ie 90% or more spam).

De-listing requests should only be made by the owner of the server AFTER they are sure that the problem is solved. It does say so on the de-listing page.

Whose fault? Ultimately the spammers who take over machines, Microsoft who make such easily-hacked operating systems and ISPs who don't take quick and proactive enough action to keep the spam sources off their servers. Spamcop is one of the most forgiving of blocklists, listing only in response to active spam spews and quick to delist after they stop. There are many less-forgiving lists out there and if o2 don't take action they may soon end up on those too. You are their customer and o2 should be asked to provide the service that you have paid for. Also note that Spamcop does NOT recommend using their list in blocking mode, on the contrary Spamcop recommends using it to filter to a hold/quarantine folder. However, some admins choose to block completely: their server, their rules. But some of the fault does, therefore, lie at the receiving end.

Link to comment
Share on other sites

<snip>

so it would appear that o2 have taken action to remove the source.

<snip>

...Or (as is more likely, now that we know from hawkeye1111 [thanks, hawkeye1111!] that the IP address in question has returned to the SCBL) the particular zombied machine(s) stopped sending for a while or the spammers moved on temporarily to other zombies only to return later.

...Steve: sorry to say, unless O2 quickly gets better at identifying and correcting the use of its services to run spam, you are likely to continue to have this problem. If you are correct in your doubt that "o2/Sky give 2 hoots," do they really deserve to have you as a customer? Of course, if you don't have the option of going to any other provider, there's not much you'll be able to do about it. But you may wish to look for such alternatives as satellite and mobile phone providers as alternatives for your internet service.

Link to comment
Share on other sites

...

is it the ISP at fault? are Spamcop to quick to blocklist?

Well, the ISP is the only one that can do anything about controlling rogue accounts/zombie incursions. SpamCop is not the only player in the RBL (real-time blocklist) business - see

http://multirbl.valli.org/dnsbl-lookup/82.132.130.151.html

for some other public lists including that server. Then there are are private/proprietary lists. And "reputation" rankings which many networks use as well as/instead of RBLs ...

SpamCop just happens to be the one affecting your "deliverability" at the moment. Others come into play when messages are routed through/to other networks Quite a few of those blocklist operators provide excellent information to the o2.co.uk abuse handlers to assist identification and isolation of those accounts/incursions causing the listings. SpamCop does it privately (though not for spamtrap hits), by e-mail to abuse[at]o2.co.uk with very nearly all of each offending spam message provided in evidence and in a timely fashion.

The message subjects for the last two reports at the time of writing:

Submitted: Tuesday, 24 September 2013 10:16:42 PM +0800:

State-of-the-art medications winning impotence battle. Shipped for free!

Submitted: Tuesday, 24 September 2013 6:45:19 PM +0800:

OPEN ATTACHMENT LETTER IRREVOCABLE PAYMENT ORDER VIA ATM CARD HAS BEEN APPROV...

- pushing all the buttons, certainly looks like spambot stuff. SpamCop IS quick to report (but not necessarily to list) - the "early warning" to abuse desks (catching the leading edge of spam spews) is part of its difference from other lists and much of its value in spam control.

Some other RBLs provide their evidence publicly - see

http://www.anti-spam.org.cn/Rbl/Query/Deta...=82.132.130.151

- you can see the rogue o2.co.uk accounts, lightly munged, accessed from the U.K. and elsewhere (or more likely compromised accounts, given the high volumes of total spam that must be involved, as Derek mentions) .

ISPs put as much effort/resourse into spam control as they have to, in order to grow their businesses (merely retaining customers is not enough for them to survive). They DO listen to customer complaints if service is affected (considering value for money from the perspective of the present and prospective customer base) - but only in aggregate. Like any other business. There's some (faint) solace in that.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...