Eric23 Posted May 28, 2004 Share Posted May 28, 2004 What kind of spam service just blacks out entire address blocks without -any- concern for legitimate buisinesses? We are blacklisted. We are contruction company. Our email servers cannot relay mail. We haved asked SpamCop to remove us from the blacklist. No Answer. No phone number. No one to talk too. No address. Cost to our company in terms of time. 16 hours and counting just for one person to try and resolve this. A Professional product sold via PayPal? A product that I would not recommend to any buisiness serious about maintaining communications. Link to comment Share on other sites More sharing options...
turetzsr Posted May 28, 2004 Share Posted May 28, 2004 ...Are you just here to rant or would you like us SpamCop user volunteers to try to help? If the latter, then please post the IP address or addresses you believed are blocked and the message that tells you so (disguising whatever information you believe should be kept in confidence, such as e-mail addressed). You may also want to read some of the SpamCop FAQs, such as: SpamCop - Help for spam report recipients Pinned: FAQ Entry: Why is my email blocked? SpamCop FAQ: Who appointed you the "cop" of the internet? Where do you get off? SpamCop FAQ: How can I be de-listed Pinned: Why Am I Blocked FAQ Pinned: Cost of spam ...Attn: Wazoo -- please consider moving this to the Help forum. ty. Link to comment Share on other sites More sharing options...
Eric23 Posted May 28, 2004 Author Share Posted May 28, 2004 Unless you can work magic with the "dead to the world" SpamCop people. Ranting is apparently all I can do. Qwest says all they can do is give us another static block. Ask yourself as a network admin how much fun that would be. And it would only be a Band-Aid until it happens again. #5.5.0 smtp;550-rejected because 63.227.218.43 is in a black list at bl.spamcop.net extra Like I have said I have gone through the process of requesting to be unbanned. With Zero response. In the meantime I have Project Engineer’s and Architects crawling up my back about undeliverables... time is money and SpamCop is wasting my entire companies time. Cost of being wrongly blacklisted. Priceless. Link to comment Share on other sites More sharing options...
turetzsr Posted May 28, 2004 Share Posted May 28, 2004 Unless you can work magic with the "dead to the world" SpamCop people. Ranting is apparently all I can do. ...Well, I can do a bit more than that for you (note: you could have found this information yourself by looking around the SpamCop.net FAQ information to which I referred you). See below. Qwest says all they can do is give us another static block. Ask yourself as a network admin how much fun that would be. And it would only be a Band-Aid until it happens again. ...Exactly. Better we try to work together to determine the problem so that it can be fixed. #5.5.0 smtp;550-rejected because 63.227.218.43 is in a black list at bl.spamcop.net extra ...Okay, I went to the SpamCop.net - checkblock page and entered that IP address. Here is the response: Query bl.spamcop.net - 63.227.218.43 63.227.218.43 listed in bl.spamcop.net (127.0.0.2) Causes of listing Additional potential problems (these factors do not directly result in spamcop listing) DNS error: 63.227.218.43 has no reverse dns Listing History It has been listed for less than 24 hours. Other hosts in this "neighborhood" with spam reports 63.227.218.42 ...Not much to go on. Perhaps it was reported by so-called "mole" reporters? Let's look at that "neighborhood address: Query bl.spamcop.net - 63.227.218.42 63.227.218.42 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Additional potential problems (these factors do not directly result in spamcop listing) Listing History It has been listed for 2.2 days. Other hosts in this "neighborhood" with spam reports 63.227.218.43 ...Sending e-mail to spam traps is a big problem. ...It appears that only a SpamCop.net deputy (e-mail deputies <at> spamcop <dot> net) can help, as they are the only ones who can find out what reports have been sent and what has gone to spam traps. Have you tried writing to that address? Like I have said I have gone through the process of requesting to be unbanned. With Zero response. ...Care to share with us what it is you have tried? In the meantime I have Project Engineer’s and Architects crawling up my back about undeliverables... time is money and SpamCop is wasting my entire companies time. Cost of being wrongly blacklisted. Priceless. ...Yes, spammers and malware writers have spoiled things for everyone! Link to comment Share on other sites More sharing options...
Eric23 Posted May 28, 2004 Author Share Posted May 28, 2004 Should I have done all that research? If so, WHY? Why is this now -my- problem. Why am I going to other peoples networks to solve their problems? Why am I here in this forum? You understand don't you? Seems to me SpamCop is becoming part of the problem by not providing any kind of direct response method for dealing with this problem. No need to preach to the choire about spyware and malware. Our corporate solution: Netscreen and BlueCoat. Not to mention that there are plenty of solutions for the desktop. Care to share what I tried? I tried sending SpamCop a removal request message. No-Go. A 48 hour response is unacceptable. No autoresponses anymore... understandable, but no response from anyone? I tried working with the ISP that is using this SpamCop service for thier customers. ATG. This was ATG's response: Hello, You need to contact Qwest to get that IP block removed the SpamCop rbl list. regards AdvancedTelcomGroup - Postmaster Services postmaster[at]atgi.net - David McCall Yep... so you can see the ignorant mess this has caused. Meanwhile I still have people knocking on my door. Link to comment Share on other sites More sharing options...
Eric23 Posted May 28, 2004 Author Share Posted May 28, 2004 First, Thank you for your help. I dont know why you stay with this product it seems like a waste to me. Have you tried writing to that address? I will write to anyone who can fix this mess. It appears that only a SpamCop.net deputy (e-mail deputies <at> spamcop <dot> net) can help, as they are the only ones who can find out what reports have been sent and what has gone to spam traps. Have you tried writing to that address? Please Please PM me or post me with it. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Maybe they are not so secret anymore. Wouldnt that be a huge problem? Link to comment Share on other sites More sharing options...
turetzsr Posted May 28, 2004 Share Posted May 28, 2004 Hi, First, Thank you for your help. ...You're most welcome. I only wish I could have been of more direct help, but I'm merely a user. I dont know why you stay with this product it seems like a waste to me. ...In my view, I'm being a good netizen by reporting spam in order to: alert whitehat ISP and e-mail providers that they have a spam (or worse) problem add spam sources to the block list so others can filter their e-mail Have you tried writing to that address? I will write to anyone who can fix this mess. ...Please do that and let us know the outcome! It appears that only a SpamCop.net deputy (e-mail deputies <at> spamcop <dot> net) can help, as they are the only ones who can find out what reports have been sent and what has gone to spam traps. Have you tried writing to that address? Please Please PM me or post me with it. ...Sorry, I should PM you or post you with what? The deputy address? It's in there -- deputies <at> spamcop <dot> net. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week Maybe they are not so secret anymore. Wouldnt that be a huge problem? ...You appear to have misunderstood -- spam traps are "secret" in that they are never used to send real e-mail, they are only posted on web sites (and perhaps other places?) so that worms can harvest them and place them on "lists of e-mail addresses one can spam." Link to comment Share on other sites More sharing options...
turetzsr Posted May 28, 2004 Share Posted May 28, 2004 Should I have done all that research? If so, WHY? ...Well, it's generally considered good netiquette to at least read FAQs, if not other posts, to try to find a little about a forum before posting. It saves others' time in trying to solve problems and it helps you get answers faster. Why is this now -my- problem. ...Pardon me, perhaps I was under the mistaken impression that your (or your clients') e-mail has not been delivered and you believe that it's because a server through which your mail flows is on the SpamCop blocklist. Why am I going to other peoples networks to solve their problems? Why am I here in this forum? You understand don't you? ...Well, I'm not sure I do. My guess would have been that you were referred to SpamCop by an ISP or e-mail service provider. Were I in that situation, I'd be trying to find out how (and whether) the SpamCop blocklist blocks e-mail. The answer is: it doesn't -- ISP and e-mail providers do, as subscribers to the blocklist. Seems to me SpamCop is becoming part of the problem by not providing any kind of direct response method for dealing with this problem. ...This is the direct response method for dealing with the problem. Would you rather call a long-distance phone number, wait on hold for 10 minutes, then talk to some poor soul who can do little more than read some scri_pt which asks you to make sure all your cables are plugged in, reboot your machine, etc? This forum is populated by people with varying degrees of knowledge of SpamCop, e-mail service, blocking, filtering, etc that can help you find out what happened and direct you to the people who can fix it. I am at the bottom of the rung in terms of knowledge -- it seems you have hit a day and time when the more knowledgeable folks are doing other things. No need to preach to the choire about spyware and malware. Our corporate solution: Netscreen and BlueCoat. Not to mention that there are plenty of solutions for the desktop. ...Personally, I don't know what those solutions are so I won't comment. But my remark about malware wasn't meant to imply that you weren't using appropriate measures to avoid it. If you share an upstream IP address with a spammer or people who have accidentally loaded malware (the major cable service users seem especially prone to this), then they're spoiling your experience. Care to share what I tried? I tried sending SpamCop a removal request message. No-Go. ...You write that you sent "SpamCop" a removal request message. Who in this context is "SpamCop" -- is this a specific e-mail address? If so, what address? A 48 hour response is unacceptable. ...That's the maximum for repeat offenders and major spam sources. And it's up to 48 hours after the last spam report was sent to SpamCop. No autoresponses anymore... understandable, but no response from anyone? ...Again, I ask: to whom did you write? I'm hoping you were given an incorrect address by accident. The right place is deputies <at> spamcop <dot> net. I tried working with the ISP that is using this SpamCop service for thier customers. ATG. This was ATG's response: Hello, You need to contact Qwest to get that IP block removed the SpamCop rbl list. regards AdvancedTelcomGroup - Postmaster Services postmaster[at]atgi.net - David McCall Yep... so you can see the ignorant mess this has caused. Meanwhile I still have people knocking on my door. ...David McCall seems to have given you a reasonable reply -- if Qwest owns the server represented by IP address 63.227.218.43, they should either have received spam reports from SpamCop and they should take action to stop the spam or they should contact the SpamCop deputies to work on a resolution to the problem. I don't see any evidence of ignorance, yet. Link to comment Share on other sites More sharing options...
jseymour Posted May 29, 2004 Share Posted May 29, 2004 Maybe they are not so secret anymore. Wouldnt that be a huge problem? ...You appear to have misunderstood -- spam traps are "secret" in that they are never used to send real e-mail, they are only posted on web sites (and perhaps other places?) so that worms can harvest them and place them on "lists of e-mail addresses one can spam." I think you missed his point (which I consider valid)... While spamtraps are "secret", they also must be made public so that spammers can harvest them. If a malicious person gets hold of one, he could send messages out with that address in the From: address and trick someone into responding to it. I assume that the trap addresses are rotated periodically so that this is not a problem - however I have no assurance of that. Additionally, a spammer could send out a spam run with spamtraps in the From address. Messages sent to invalid addresses on "broken" mail servers would then cause non-delivery reports to be sent to the spamtraps. ("broken" in this context includes at least Microsoft Exchange 5.5 and 2000 - which cannot reject messages to invalid recipients during the SMTP session. But that is a rant for another time) Link to comment Share on other sites More sharing options...
turetzsr Posted May 29, 2004 Share Posted May 29, 2004 Maybe they are not so secret anymore. Wouldnt that be a huge problem? ...You appear to have misunderstood -- spam traps are "secret" in that they are never used to send real e-mail, they are only posted on web sites (and perhaps other places?) so that worms can harvest them and place them on "lists of e-mail addresses one can spam." I think you missed his point (which I consider valid)... While spamtraps are "secret", they also must be made public so that spammers can harvest them. If a malicious person gets hold of one, he could send messages out with that address in the From: address and trick someone into responding to it. I assume that the trap addresses are rotated periodically so that this is not a problem - however I have no assurance of that. Additionally, a spammer could send out a spam run with spamtraps in the From address. Messages sent to invalid addresses on "broken" mail servers would then cause non-delivery reports to be sent to the spamtraps. ("broken" in this context includes at least Microsoft Exchange 5.5 and 2000 - which cannot reject messages to invalid recipients during the SMTP session. But that is a rant for another time) ...They are "secret" in that spams sent to spam traps don't generate reports to the abuse address of the server (based on IP address) through which they went. This is in distinction to spams sent to real SpamCop users may be reported by those users, in which case reports are sent by SpamCop to the abuse address of the server from which the spam came. Only SpamCop.net employees, such as deputies, have rights to see this "secret" information. ...If there are servers misconfigured so that they send e-mails to "From" addresses, then IMHO they should get on a blocklist. No one should ever send an e-mail to a "From" address -- they're too easily forged! There may be a problem with MS Exchange (even 2000? I hope not) but 2003 is available so that problem should be going away (or should go away if the admins learn how to configure their services correctly!). Link to comment Share on other sites More sharing options...
Wazoo Posted May 29, 2004 Share Posted May 29, 2004 Topic moved over to "Help" as the issue has nothing to do with a SpamCop Filtered E-Mail account. Reference the alleged lack of response - one can only mention that the address first used in the "I've contacted SpamCop" has yet to be announced ... I'm having to guess that it may have been the "bl" address. If so, the players involved that would have access to that address have been busy with a system upgrade/maintenance issue today. Had the original poster selected the appropriate Forum, the Pinned FAQ on "Why am I Blocked" may have been a bit more apparent. One can't guess why one would post into a "SpamCop Email System and spamcop.net email accounts. Questions about spam reporting should generally be directed to the appropriate forum, not this one" described area about e-mail issues on his/her servers, but .. not the first time. The "evidence" page has not been "real-time" for quite a while, as spammers were using the data once provided for their scummy purposes. That data had not been updated to possibly reflect anything close to current .. well, did I mention system upgrades and maintenance today? I think I did. Beyond that, one would assume that this poster has gotten around to following (at least some of) the advice offered (thanks folks for trying to help) .. though noting that "we" still don't seem to know what system/software configuration is in use, the fact of no RDNS has not been addressed, so actually it's hard to tell what's been accomplished thus far. Guess we'll have to wait for som e future date? Link to comment Share on other sites More sharing options...
turetzsr Posted May 29, 2004 Share Posted May 29, 2004 ...Hazarding a guess from the IP address the OP provided, I'd say her/his company's e-mail goes through Qwest and Qwest is being unresponsive. Basically, I'd say that this construction company needs a more responsible ISP / e-mail provider. Link to comment Share on other sites More sharing options...
Wazoo Posted May 29, 2004 Share Posted May 29, 2004 What kind of spam service just blacks out entire address blocks without -any- concern for legitimate buisinesses? Entire address blocks? . No, just the IP of an e-mail server recognized as sending out unwanted e-mails. We are blacklisted. And hopefully working to resolve why. We are contruction company. Has no bearing on anything. It's the IP of the e-mail server that's at issue. Our email servers cannot relay mail. Would like to go with that you're not technically involved, else you'd know the warning bells that the word "relay" in a conversation like this tends to set off. We haved asked SpamCop to remove us from the blacklist. No Answer. Still unknown as to how this contact was attempted. No phone number. No one to talk too. No address. If configured anywhere near correctly, the rejection notice should have included a reference to one of the SpamCop.net pages ... from there, many things are possible (though noting you've said you'd tried to make contact, thus one would have to make the assumption that you in fact found a "contact address" somewhere. Had complaints/reports gone out, they would have gone to "abuse <[at] > qwest.net which you've apparently already been in contact with. If you're actually runing your own e-mail server, you may want to have your folks register with abuse.net , but of course, one should fix that rDNS issue first. Cost to our company in terms of time. 16 hours and counting just for one person to try and resolve this. there's been a number of folks that have put some time in to minimize the search time for data like this. As stated elsewhere, had you chosen to hit the appropriate Forum first, you may have stumbled across a Pinned FAQ yourself, and I see that you were offered a bunch of links to explain circumstances .. but ... I'm not sure why your time loss couldn't have been much shortened by a bit of reading ..??? A Professional product sold via PayPal? A product that I would not recommend to any buisiness serious about maintaining communications. SpamCop isn't a "product" ... Free reporting accounts are still available, there are paid options that offer some enhancements, there's a Filtered E-Mail account offered, the primary focus is use of the SpamCopDNSbl to "manage" incoming spam, and the SpamCopDNSbl is fed by folks reporting spam via the SpamCop parsing tool .. this DNSbl is currently offered to any that wish to use it ... and based on complaints like yours, it's more than a bit popular ... Link to comment Share on other sites More sharing options...
Wazoo Posted May 29, 2004 Share Posted May 29, 2004 ...Hazarding a guess from the IP address the OP provided, I'd say her/his company's e-mail goes through Qwest and Qwest is being unresponsive. Wouldn't argue, but we're back to the original complaint - "Our email servers cannot relay mail" that begs the bigger question as to how the outgoing e-mail is actually handled. That the word "relay" is involved and the rDNS issue raises a number of questions. I don't recall the company name being mentioned ... a SamSpade trace dies at 63.227.218.46 which pegs back to U.S.West .... but close enough to the originally identified IP of 63.227.218.43 that perhaps one might even guess that there is a firewall in place, but .... this is all smoke at this point. I'm actually unsure if this is the poster's server IP or a Qwest server at this point. Basically, I'd say that this construction company needs a more responsible ISP / e-mail provider. Or an in-house IT person if they are really running some servers in-house ..?? Link to comment Share on other sites More sharing options...
Ellen Posted May 29, 2004 Share Posted May 29, 2004 Unless you can work magic with the "dead to the world" SpamCop people. Ranting is apparently all I can do. Qwest says all they can do is give us another static block. Ask yourself as a network admin how much fun that would be. And it would only be a Band-Aid until it happens again. #5.5.0 smtp;550-rejected because 63.227.218.43 is in a black list at bl.spamcop.net extra Like I have said I have gone through the process of requesting to be unbanned. With Zero response. In the meantime I have Project Engineer’s and Architects crawling up my back about undeliverables... time is money and SpamCop is wasting my entire companies time. Cost of being wrongly blacklisted. Priceless. Your exchange server is relaying spam -- the usual pills stuff -- as the spammers are using the SMTP/AUTH hack against it. See this faq: http://news.spamcop.net/cgi-bin/fom?file=372 The newest spam that we have seen is less than 3 hours ago. Link to comment Share on other sites More sharing options...
Merlyn Posted May 29, 2004 Share Posted May 29, 2004 The information Ellen gave you should help you fix your faulty email system or at least point you in the right direction. You better shut down that Guest Account immediately and have all your users change their password. Next time you should think twice before you blame someone else for your problems. - Why didn't you log some of your outgoing mail to check it? - Why didn't you notice the rise in processing on your email server? - Do you have a registered abuse address? Do you check it? - Is your Postmaster address working? Do you check it? - Why did you just hop in and start ranting without checking anything out? - Are you qualified to be an email administrator? With all those Engineer’s and Architects you should have had someone with enough knowledge to know where to start looking. AND THEN QWorst offers to change your IP's to an unblocked range so you can start assisting the spammers get more of their crap out really takes the cake. No wonder they have so many problems. Sounds like the blind leading the blind. Good luck. Link to comment Share on other sites More sharing options...
Derek T Posted June 1, 2004 Share Posted June 1, 2004 Is it my imagination or has Eric suddenly gone very quiet? Link to comment Share on other sites More sharing options...
Merlyn Posted June 1, 2004 Share Posted June 1, 2004 Is it my imagination or has Eric suddenly gone very quiet? He certainly has done nothing to stop the spammers from using his machines. http://www.spamcop.net/w3m?action=checkblo...p=63.227.218.43 Link to comment Share on other sites More sharing options...
Wazoo Posted June 1, 2004 Share Posted June 1, 2004 Maybe they need to break into their stream of outgoing and ask one of the spammers for the password to get into their own system. Man, that's a pretty silly evidence page result to see after all the bluster ..... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.