Jump to content

How do I get removed from your database?


brogers

Recommended Posts

It appears that you have listed my mailserver as a source of spam and it is preventing us from communicating with our customer. This is some the the text of the NDR:

<crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13>

When I checked your site this is what I was given as a reason why we were listed:

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Please advise as to how I can get us off your list.

Thanks

Link to comment
Share on other sites

Please advise as to how I can get us off your list.

Stop spamming?

Seriously, if you're sending to spam traps (which are unused, unpublished email addresses), either you or someone who shares your mail server's IP has been sending spam. You automatically delist from Spamcop 48 hours after the last spam report.

By the way, according to senderbase:

Last day 782%

Last 30 days 182%

Sounds like your IP jumped up in its mail sending dramatically. If you send through your ISP, you might want to contact them.. if it's your server, please fix the problem.

Link to comment
Share on other sites

Hiya,

To add to the previous post. It is not clear if you are refereing to your own mailserver or yoo are refereing to your ISPs. The server is owned by dsl.net. If you are from dls.net you should investigate why there is such a dramitic increase in traffic and why it has been sending mail to spamtraps. I has been compromised in some way. You can contact spamcop deputies at deputies at spamcop.net who maybe able to help.

If it is ISPs you should contact then to get them to fix their server.

Link to comment
Share on other sites

<crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13>

It appears that you are running MS Exchange. You have probably fallen victim to an attack vector know as an SMTP AUTH Hack. It would be in your best interest to go through all accounts on your Exchange server and close any unused accounts (guest, etc) and then change the password for each and every account to something that is non-trivial. If you do not have employees that need to check/send mail from outside your network then you should disable SMTP AUTH access to your mail server.

You may also want to read the pinned FAQ: Why am I blocked? which has additional links concerning the SMTP AUTH hack.

Link to comment
Share on other sites

It appears that you have listed my mailserver as a source of spam and it is preventing us from communicating with our customer. This is some the the text of the NDR:

<crpowa1.structural.net #5.5.0 smtp;554 Service unavailable; Client host [216.184.200.13] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?216.184.200.13>

When I checked your site this is what I was given as a reason why we were listed:

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Please advise as to how I can get us off your list.

Thanks

14985[/snapback]

Regarding IP 216.184.200.13: see these faqs:

http://news.spamcop.net/cgi-bin/fom?file=372

http://www.winnetmag.com/article/articleid/40507/40507.html

http://www.winnetmag.com/article/articleid/42406/42406.html

Your exchange server is relaying because spammers are suthenticating using guessed names/password combinations.

Link to comment
Share on other sites

Regarding IP 216.184.200.13: see these faqs:

http://news.spamcop.net/cgi-bin/fom?file=372

http://www.winnetmag.com/article/articleid/40507/40507.html

http://www.winnetmag.com/article/articleid/42406/42406.html

Your exchange server is relaying because spammers are suthenticating using guessed names/password combinations.

14998[/snapback]

Thanks for the advise. I was able to confirm that the guest account was being used to relay mail. I have since taken corrective action to prevent this and so far thing appear to have subsided. I will also take steps to beef up our password policies.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...