fedup Posted September 8, 2004 Posted September 8, 2004 Why was an email that I sent to myself (from work to home address) blocked? The IP address is 193.1.169.37 , and no information is provided when I open http://www.spamcop.net/w3m?action=blcheck&ip=193.1.169.37 other than I have been listed for less than 24 hours. If you are going to start blocking people, at least have the decency to make sure they are able to find out why without having to register for the privilage! :angry:
DavidT Posted September 8, 2004 Posted September 8, 2004 Unfortunately, Spamcop can't publicly provide very much information about why a particular IP has been blocked, because spammers can use that to figure out what it takes to get blocked and then use that information to evade blockage. However, I just checked the "history" on what's been reported for that IP and here's an example: Submitted: Tuesday, September 07, 2004 21:01:11 -0700: Download free adult hardcore & everything else you want - secrets revealed...... That looks like spam, doesn't it? Also, when looking up that IP in "Senderbase," you'll see that there's been a rather abrupt increase in email traffic, which often indicates a compromised mail server that's being used by spammers (if it's a Micro$loth Exchange server, the "SMTP Auth hack" would be a likely explanation). Here's the Senderbase lookup: http://www.senderbase.org/?searchBy=ipaddr...ng=193.1.169.37 DT
Wazoo Posted September 8, 2004 Posted September 8, 2004 The senderbase link suggests that this server was recently set-up; Date of first message seen from this address 2004-08-21 and from the traffic results (and you stating that this is allegedly a "work" system) it would appear that the spammers took it easy on this system for a few days ... these numbers would suggest that you need to get in contact with whoever is in charge of this/these servers and get them to "fix" the problem.
fedup Posted September 8, 2004 Author Posted September 8, 2004 Thanks DavidT. Since I now actually have some information to provide to the IT staff about it, I have contacted them. Hopefully they can give me another IP address while they sort the problem. Where did you get that "history" from? As it is eletronically stored data that relates to me, I should have access to it, yet I couldn't find it when I looked around the links I was given on my blocked email. I found the senderbase stuff, but that doesn't really explain a lot.
DavidT Posted September 8, 2004 Posted September 8, 2004 I'm a paying SpamCop user, so when I ran the IP through the web-based SpamCop spam reporting system, there was a "history" link among the details listed about your IP. I would guess that your institution's IT staff has been deluded into using junk from Micro$loth....BIG mistake....which is about as insecure as they get. Have them read up on the "SMTP Auth hack" that's a favorite trick of spammers to hijack systems in order to spew out their dreck. DT
fedup Posted September 8, 2004 Author Posted September 8, 2004 Thanks again DavidT. I'll have to try and find a contact address for an administrator of this site in order to get access to those details.
turetzsr Posted September 8, 2004 Posted September 8, 2004 Thanks again DavidT. I'll have to try and find a contact address for an administrator of this site in order to get access to those details.16573[/snapback] ...You (or, rather, your server's administrator) can contact the SpamCop deputies at deputies <at> spamcop <dot> net.
fedup Posted September 8, 2004 Author Posted September 8, 2004 ...You (or, rather, your server's administrator) can contact the SpamCop deputies at deputies <at> spamcop <dot> net. 16575[/snapback] Thanks. I'm not waiting for the server administrator to get around to sorting it, as the IP address is mine, not shared as far as I'm aware, so I want this sorted ASAP (plus the electronic data relates to me, not the server administrator, so legally it is me who is entitled to the information). I found an admin email address on the ironport.com website of all places (seems incredibly stupid to me to have a contact email address, and only display it on another website!), so I have sent off to them to get the information.
DavidT Posted September 8, 2004 Posted September 8, 2004 I think you'll get a quicker response by writing to the "deputies" address. The "administrators" of SpamCop are often a bit slow to respond. DT
fedup Posted September 8, 2004 Author Posted September 8, 2004 I think you'll get a quicker response by writing to the "deputies" address. The "administrators" of SpamCop are often a bit slow to respond. DT 16583[/snapback] Okay, thanks. I'll send a copy of my email to the deputies.
Wazoo Posted September 8, 2004 Posted September 8, 2004 Thanks. I'm not waiting for the server administrator to get around to sorting it, as the IP address is mine, not shared as far as I'm aware, so I want this sorted ASAP (plus the electronic data relates to me, not the server administrator, so legally it is me who is entitled to the information). I found an admin email address on the ironport.com website of all places (seems incredibly stupid to me to have a contact email address, and only display it on another website!), so I have sent off to them to get the information. On the other hand, there are a number of folks here that contributed to a FAQ, and your query is in fact one those most often asked .. had you started with oe of the "Read before Posting" pinned items "Why am I Blocked?" or followed the "read before Posting" Pinned item that would have taken you to the large FAQ which also included a link to this specific subject .... a large number of your questions would have been answered ... to include addresses.
fedup Posted September 8, 2004 Author Posted September 8, 2004 On the other hand, there are a number of folks here that contributed to a FAQ, and your query is in fact one those most often asked .. had you started with oe of the "Read before Posting" pinned items "Why am I Blocked?" or followed the "read before Posting" Pinned item that would have taken you to the large FAQ which also included a link to this specific subject .... a large number of your questions would have been answered ... to include addresses. 16585[/snapback] But not the questions that I want answered, and they are what are important. I didn't ask anyone here for an email address, (although I appreciate turetzsr posting one), I simply made a comment that I would have to find an admin address (which I did), as this forum doesn't seem to be capable of providing me with the relevant information.
Wazoo Posted September 8, 2004 Posted September 8, 2004 But not the questions that I want answered, and they are what are important. I didn't ask anyone here for an email address, (although I appreciate turetzsr posting one), I simply made a comment that I would have to find an admin address (which I did), as this forum doesn't seem to be capable of providing me with the relevant information. I'm trying to read that last in a non-combative mind-set. What is relevent is that the server in question is compromised, the FAQs were written to explain the various modes and methods that result in a BL listing. If your admin staff didn't set this server up "correctly" .. not sure what flipping it over to another IP will do for you, other than the short time it's going to take to get listed again.
turetzsr Posted September 8, 2004 Posted September 8, 2004 <snip>I didn't ask anyone here for an email address,16586[/snapback] ...Silly me, I apparently misinterpreted your post:<snip> I'll have to try and find a contact address for an administrator of this site in order to get access to those details. 16573[/snapback] as telling us that you would like a way to contact someone who could tell you why your IP address was apparently listed. That contact is the deputies e-mail address, so I presumed that my posting the deputies e-mail address would be helpful to you. (although I appreciate turetzsr posting one), <snip> 16586[/snapback] ...turetzsr is simply my login name - please refer to me as "Steve T" (see my sig). <g> this forum doesn't seem to be capable of providing me with the relevant information.16586[/snapback] ...Note that this is intentional. It's too easy to give too much information to spammers in this public forum. <g>
agsteele Posted September 8, 2004 Posted September 8, 2004 As it is eletronically stored data that relates to me, I should have access to it, yet I couldn't find it when I looked around the links I was given on my blocked email. I found the senderbase stuff, but that doesn't really explain a lot. The Senderbase records really do tell those that understand these things quite a lot. And the information is available to you. A quick look suggests a 902% increase in mail traffic from the IP address in question so you do have a serious problem. A look at several other IP addresses in associated domains appear to show a high % increase in mail as well so changing IP is unlikely to resolve your problem. Getting your IT support people to fix the security breaches will be the quickest way to resolve the frustration you are feeling. One of the associated domains is already listed on a number of other block lists and it may well mean your IP address will be more widely listed if the problem is not fixed. Once the problem is dealt with you might feel more able to sit and read up on the issues you have faced and find out how your IP address came to be listed in the SpamCop BL. The thing to remember is that SpamCop did not block you but did, correctly, identify your IP as a source of unsolicited Email. Your home ISP has chosen to block EMail from your work IP address based on that information. Given the evidence it seems a reasonable course of action. SpamCop will remove you from the list within 48 hours of the last spam report from your work IP address. Andrew
fedup Posted September 8, 2004 Author Posted September 8, 2004 Steve T, you posting of the email address was helpful, and was appreciated, but that was not what I intended in my post (I was just saying what I intended on doing next). Wazoo, I'm just pointing out to you that the FAQ does not answer any specific questions to my case, nor does it tell me how to get those answers, it basically just tells me to use the forums. I have no intention of looking through all that stuff in the hopes of finding something that may or may not tell me how to get the information I require. DavidT seems to be able to access some of those details, so I know SpamCop has them, and they should provide them to a person if they are going to add that person to their blocked list. Those basic details are: What email address is attached to the spam? Is it mine or a different address being attached to my IP address? What spam is being sent from my address? Dates and amounts involved. That is pretty basic information, and should be available to me on the information page linked to by the blocked email message I received.
Miss Betsy Posted September 8, 2004 Posted September 8, 2004 The reason that the information you want is not available via a web page is because spammers have exploited that information to evade the blocklist. I haven't read the whole thread. However, the FAQ for server admins has a lot of very good information including how to contact the deputies. If you don't know how to look for the problem without the information you have requested, then perhaps you need to hire someone who knows more about servers. If you are an end user, none of that information matters anyway and you should contact your service provider and make them handle it. Miss Betsy
Wazoo Posted September 8, 2004 Posted September 8, 2004 Wazoo, I'm just pointing out to you that the FAQ does not answer any specific questions to my case, nor does it tell me how to get those answers, it basically just tells me to use the forums. I find this a bit confusing. The "Why am I Blocked" FAQ goes directly to your issue. I have no intention of looking through all that stuff in the hopes of finding something that may or may not tell me how to get the information I require. DavidT seems to be able to access some of those details, so I know SpamCop has them, and they should provide them to a person if they are going to add that person to their blocked list. There was a time when all was revealed. It was seen that spammers were using that information in their pursuit of sending yet more e-mail. Thus the problem now of the lack of data for the rest of us, the 'evidence' page no longer real-time, and a bunch of other issues ... again, blame the spammers. Those basic details are: What email address is attached to the spam? Is it mine or a different address being attached to my IP address? What spam is being sent from my address? Dates and amounts involved. That is pretty basic information, and should be available to me on the information page linked to by the blocked email message I received. Had you read the FAQ, you'd have found that most of your list is not applicable, and other stuff not available. If you are not the administrator of the server, then even less data will be made available.
fedup Posted September 8, 2004 Author Posted September 8, 2004 The information I want is applicable, as I want to know what SpamCop are accusing me of sending. SpamCop have provided my details to an unknown quantity of people and claimed that I am a spammer. Yet SpamCop refuse to provide any details to back this up. This business of "blame the spammers" for SpamCops lack of support in their accusations simply doesn't cut it. SpamCop are making the accusations, the onus is on SpamCop to back them up. The fact that they won't doesn't really reflect well on them, and I will be getting on to my home ISP about the situation, as I don't feel that they should be using a service that refuses to back up their claims. If I knew more details about the times and amounts involved I might be able to do something about it, not all spam is created by some dork on the other side of the world, some of it is created by people fairly close by. The rather basic information that I want would allow me to deal with that possibility (or rule it out as the case may be).
turetzsr Posted September 8, 2004 Posted September 8, 2004 The information I want is applicable, as I want to know what SpamCop are accusing me of sending.16597[/snapback] ...As one of my fellow SpamCop users would write, "you know so little and you know it so fluently!" <g> ...SpamCop is not accusing you of anything. The accusation came not from SpamCop but (apparently, based on what you wrote in your original post) from the e-mail provider of your "home address." SpamCop have provided my details to an unknown quantity of people and claimed that I am a spammer.16597[/snapback] ...What makes you say this? I don't see any evidence to support this charge. Yet SpamCop refuse to provide any details to back this up.16597[/snapback] ...Not true. SpamCop deputies have and will supply such information to those they are certain are responsible system administrators (from other threads we've seen in this forum). This business of "blame the spammers" for SpamCops lack of support in their accusations simply doesn't cut it.16597[/snapback] ...Too bad you feel that way. You're a very small minority. It would defeat the purpose of SpamCop's service to provide information that spammers can use to defeat it. SpamCop are making the accusations, the onus is on SpamCop to back them up.16597[/snapback] ...No, SpamCop is not making any accusations. The fact that they won't doesn't really reflect well on them, and I will be getting on to my home ISP about the situation, as I don't feel that they should be using a service that refuses to back up their claims.16597[/snapback] ...It seems to me it is you who are making the unsupported claims. The IP address in question has been reported as a spam source. SpamCop has published that information in its blocklist. If I knew more details about the times and amounts involved I might be able to do something about it, <snip> 16597[/snapback] ...What part of "write to the deputies to get the information you require" didn't you understand? <?> ...You're teetering dangerously close to the level between someone requesting assistance and someone whose attitude merits ignoring.
StevenUnderwood Posted September 8, 2004 Posted September 8, 2004 The information I want is applicable, as I want to know what SpamCop are accusing me of sending. Reports were sent to the registered administrator for that IP address: abuse[at]ucd.ie SpamCop have provided my details to an unknown quantity of people and claimed that I am a spammer. Nobody has claimed you were a spammer, only that spam came from the IP address you are claiming is "yours". Yet SpamCop refuse to provide any details to back this up. Because you are not known to the internet as the administrator of that IP, you are not going to receive notification to you. Details were provided to the administrator of the IP. This business of "blame the spammers" for SpamCops lack of support in their accusations simply doesn't cut it. SpamCop are making the accusations, the onus is on SpamCop to back them up. Spamcop is not making any accusations. The people receiving the spam are making the accusations and reports are sent to the administrators. The fact that they won't doesn't really reflect well on them, and I will be getting on to my home ISP about the situation, as I don't feel that they should be using a service that refuses to back up their claims. That is up to you, but without spamcop, your ISP will probably have to impose a heafty increase in your fee to accept all the junk. If I knew more details about the times and amounts involved I might be able to do something about it, not all spam is created by some dork on the other side of the world, some of it is created by people fairly close by. The rather basic information that I want would allow me to deal with that possibility (or rule it out as the case may be). The people at abuse[at]ucd.ie have all the information.
dra007 Posted September 8, 2004 Posted September 8, 2004 This is starting to smell more like we got a resident troll on our hands!
Miss Betsy Posted September 8, 2004 Posted September 8, 2004 If I knew more details about the times and amounts involved I might be able to do something about it, not all spam is created by some dork on the other side of the world, some of it is created by people fairly close by. The rather basic information that I want would allow me to deal with that possibility (or rule it out as the case may be). The From and Return path information is almost always forged so it is useless. All spamcop can tell is that spam came from a particular IP address. The reporter decides it is spam, uses the spamcop parser to identify the administrator of that IP address to send that administrator a report. The administrator of that IP address should investigate to see if this is a typical spam by content. If it doesn't seem to be typical, then s/he should contact the person whose computer has sent the email. Only the administrator of the IP address can tell who that is (and most will not tell anyone without a court order). If their customer seems to be telling the truth and says that he sent email that was solicited or the result of a prior relationship, then the administrator can either ignore the spamcop report or contact the reporter and tell him he made a mistake or contact spamcop and tell them the report was in error. However, the administrator can also tell (from logs and senderbase info, etc.) that this is probably a compromised computer and may disconnect it from the internet until it is fixed, possibly giving the customer some help in how to clean it up. That's the ideal. Other administrators totally ignore spamcop reports, never investigate, never notify customers, never stop computers from continuing to spam. That is one reason for the blocklist. Administrators can use the blocklist to prevent spam from coming into their system. The spamcop blocklist is automatic; when there is no more spam reported, then the IP address is automatically delisted. Other blocklists do not delist as easily. You can talk your home ISP out of using spamcop blocklist to block spam, but sooner or later if spam continues to come from your IP address (which it probably is since the experts are guessing that it is a compromised machine), then it will get on other blocklists and other ISPs will be blocking it. The only way to control spam is by stopping it at the sending end. The anti-spam campaign has been successful enough that spammers are hijacking computers to do their dirty work. Since you have been told that your IP address is doing nothing about stopping spam, you are now aiding and abetting the spammers by refusing to fix your computer (or whatever is the problem). If you want to spend the time and money to track down the actual spammer, you are welcome to do so. However, it is not easy to do and frequently the spammer has no money to reimburse you if you do bring hir to prosecution and conviction. Miss Betsy
Merlyn Posted September 8, 2004 Posted September 8, 2004 The information I want is applicable, as I want to know what SpamCop are accusing me of sending. Spamcop is not accusing you of anything. Whatever gave you that idea? The IP of the server your email went through has been reported for having spam come through it. SpamCop have provided my details to an unknown quantity of people and claimed that I am a spammer. Spamcop knows nothing of your detail. What details are you talking about.? Spamcop does not know who you are and they really don't care who you are. Yet SpamCop refuse to provide any details to back this up. They don't have to. This has nothing to do with you. This business of "blame the spammers" for SpamCops lack of support in their accusations simply doesn't cut it. What doesn't cut it are morons like you that refuse to read or learn how things work. SpamCop are making the accusations, the onus is on SpamCop to back them up. Spamcop made no accusations at all. You are just assuming that. Onus? What onus? Anyone can block anything they want without any reason whatsoever. The fact that they won't doesn't really reflect well on them, and I will be getting on to my home ISP about the situation, as I don't feel that they should be using a service that refuses to back up their claims. Whaddya mean your ISP? 193.1.169.37 = cali.ucd.ie ISP/Who = University College Dublin Looks like University College Dublin has a few problems. If I knew more details about the times and amounts involved I might be able to do something about it, not all spam is created by some dork on the other side of the world, some of it is created by people fairly close by. Yes, you are correct, some of it comes through a server at University College Dublin The rather basic information that I want would allow me to deal with that possibility (or rule it out as the case may be). 16597[/snapback] Yes, and if you were a spammer it would help you bypass the blocking problem. Spammers spoil it for everyone. It makes no sense to come in here and rant and rave because no one will listen to you. In fact, it makes you look like a foolish child. No one - I repeat _No One_ owes you anything! Spamcop blocks nothing. Aministrators have made a conscious decision to use the Spamcop list to block/reject/filter email because they are tired of spam. Anyone can block whatever they want and they do not have to give you any reason for it. Many will now block this server just because of your foolish ranting. The Spamcop listing will age off but private blocklists last forever. If you read the FAQ you would have found a contact address. OK, I have said enough, before I get into how childish you are and how you should learn to read and how the world does not revolve around you I will just stop. nuff said!
dra007 Posted September 9, 2004 Posted September 9, 2004 Looks like University College Dublin has a few problems. Way too much Guiness perhaps?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.