SpamCop blocking a non-listed address

[BAZNET]

Hi there!

I'm having a problem with my current ISP.

Apparently their SMTP IP is being listed as "spammer" by SpamCop but I run a check at http://www.ordb.org/ and http://www.mail-abuse.org/rss/ and there wasn't a single listing showing this IP as "spammer".

I know the SMTP required no relying in the past, but they solved it about 3 months ago.

What can be happening now?.

Tests run:

http://www.ordb.org/lookup/?host=200.32.4.21 = Not Listed

http://www.spamcop.net/w3m?action=blcheck&ip=200.32.4.21 = Listed (System has sent mail to SpamCop spam traps (spam traps are secret, no reports or evidence are provided by SpamCop). No real evidence of spamming, impossible to check the root of the issue

http://work-rss.mail-abuse.org/cgi-bin/nph...ery=200.32.4.21 = Not listed

So, the only block is coming from SpamCop and we don't have any evidence of spamming whatsoever.

Could this be a wrong entry?, can it be removed?, what tests can be done to remove this IP from the blocking system?.

Thank you.

[Spambo]

So, the only block is coming from SpamCop and we don't have any evidence of spamming whatsoever.

Do you run a mailing list? If so do you use confirmed opt-in?

Could this be a wrong entry?, can it be removed?, what tests can be done to remove this IP from the blocking system?.

It's probably not wrong that unrequested email was sent from that IP to a spamtrap. An admin or Deputy would need to look at the actual emails to determine if they were actually spam.

[Merlyn]

ORDB is a list of open relays and Spamcop is a list of IP's reported for spamming.

There could be many reasons. You could have an open proxy, your machine could have been hacked or has a trojan or you could be sending virus notifications to the "From" address of virus emails and in that case you would be spamming innocent victims.

[Wazoo]

http://www.spamcop.net/w3m?action=blcheck&ip=200.32.4.21 = Listed (System has sent mail to SpamCop spam traps (spam traps are secret, no reports or evidence are provided by SpamCop).  No real evidence of spamming, impossible to check the root of the issue

First of all, that's an interesting change to the "evidence" page .... On the other hand, the additional commentary you added in Bold is wrong. First of all, one would have to guess that you didn't take the time to go through the Pinned FAQ (work-in-progress) at http://forum.spamcop.net/forums/index.php?showtopic=972

Bottom line, your entire network may be suspect, rather then the assumed e-mail server. one example is a compromised machine sitting somewhere in back that's spewing stuff using it's own SMTP engine, so there is nothing on your e-mail server logs to show unusual traffic. Another may be exploits of an Exchange server with weak/default passwords in place.

For assistance, a nice note to Depities <at> admin.spamcop.net might get some details that may help you to pinpoint the issues.

So, the only block is coming from SpamCop and we don't have any evidence of spamming whatsoever.

Could this be a wrong entry?, can it be removed?, what tests can be done to remove this IP from the blocking system?.

Start with reading the FAQ, survey your network logs, and query the Deputies on what the spamtrap contents may reveal.