Ellen Posted September 10, 2004 Posted September 10, 2004 I have no idea what ip is listed, I did not ask them. They went and looked into it and came back to me and told me they were currently on the list at spamcop.net and would be down for 48 hours. ok, went back to support and asked them what ip address is listed: 66.225.216.131 There have been no listings for IP 66.225.216.131 and no reports against that IP for at least 30 days. If you are having problems sending mail and you do send thru that IP, then the recipients who are bouncing your mail are bouncing it for some reason not associated with SpamCop.
DavidT Posted September 10, 2004 Posted September 10, 2004 Ellen, I don't think you read far enough in the thread. That first IP that the OP provided was incorrect. He later came back with the correct one, which had indeed been blocked recently. Please scroll back a few messages and you'll see the correct one for you to check on. DT
Wazoo Posted September 10, 2004 Posted September 10, 2004 I dropped the dear lady a note, suggesting that she got in and out a bit too quickly on this one. Answer was perfect until the "real" IP address made its appearance <g>
Richard W Posted September 10, 2004 Posted September 10, 2004 66.225.215.32 is the ip they claim is the one that is blocked, and they tell me that that is the direct ip of where my mailserver is. 16784[/snapback] Hi David, 66.225.215.32 does have a listing history, but is currently delisted (as of about six hours ago). A spammer(s) have gained authenticated access to the server through the smtp-auth exploit (http://www.spamcop.net/fom-serve/cache/372.html) and has been using the server to relay spam to traps on our systems. Your problem is over (for now), but these spammers are known to come back repeatedly once they have a hole poked in a server. If the admin for the service contact us (deputies at admin.spamcop.net) we'll give them more information, but all they should really need is in the faq above. Richard
Ariel Posted September 10, 2004 Posted September 10, 2004 It's very hard to understand what is really going on here... but this is what I think the poster is saying: He has some web sites "out there" somewhere that collect orders. Those web sites forward the orders to his dial-up (!) email account. So... instead of forwarding those emails, why don't you just set up your email client to connect to the email servers of the web sites, directly? Makes more sense to do that if you have to reply to the emails, IMO... I know if I sent an order to orders[at]somecompany.com and I got an email back from unprofessionaluser[at]dialupisp.com I would question whether or not I should be doing business with that company. Also, you do realize that it is your dial-up ISP that is blocking the emails, right? Spamcop is not blocking them. Your complaints should really go to that dial-up ISP.
dbiel Posted September 10, 2004 Posted September 10, 2004 Ariel has probably made the best point yet. Who's brilliant business plan was it to forward email from your own web site in the first place. You should be accessing them directly from your web site yourself.
StevenUnderwood Posted September 10, 2004 Posted September 10, 2004 He may have a scri_pt that sends email messages "From" the site which are being blocked because that (or another) scri_pt is not secure and being used to spew throughout the internet. We had a similiar setup for a while and every once in a while that account would receive strange looking messages as someone tried to exploit it. It was usually during school breaks so I always assumed it was a kiddie with nothing better to do that try out something he found on the internet. Our scri_pt was hard coded to only send to the one address, so was not exploitable.
Bumpkin Posted September 10, 2004 Posted September 10, 2004 davidll, If you don't mind, please check back in and let us know how things go for you.
Miss Betsy Posted September 10, 2004 Posted September 10, 2004 I second Bumpkin's comment. You took exception to one of my comments saying that you had a right to be upset. I am not disputing that. However, there are many online businesses and many of them are just as upset and harassed by the spam that they have to deal with. Blocklists have been so successful that spammers are resorting to hijacking computers. You wouldn't be very responsive if a computer geek started telling you about the fine points of boat restoration - particularly if he couldn't even describe the basic problems he thought would be better fixed his way. It is not that hard to understand the concepts as I know because I am technically non-fluent. At this point in the spam fight, being blocked is more like being caught in a traffic jam because some driver did something stupid. It is annoying, but there is no point in yelling at the policeman directing traffic around the wreck. And unlike traffic jams, there are ways to be careful that no accidents happen on your email route, though there is always the possibility of a temporary problem. No system is fail safe and if it is essential to one's business, there should be a back up plan when it does fail. Miss Betsy
email1@evolutionwebinc.com Posted March 10, 2005 Posted March 10, 2005 It is not a matter adding IP's to a block list...it is a matter of verifying the offender before doing so. We have servers with multiple domains using shared IPs and started receiving complaints from customers of bounced emails as a result of recipients subscribing to spamcop lists. We have never received one single confirmation of a spam message sent by any of our clients so that we can terminate their email accounts. Instead, SpamCop simply blocked all of them with one fell swoop without any notice to us as to who the offender is making it pretty hard for us to take any action to stop the spam. In the mean time people who rely on these lists are tossing the baby out with the bathwater. I have been a supporter of spam cop from the begining but there needs to be a system whereby SpamCop notifies hosts of spam to allow us to take action. With the limited number of IPs available many hosts now rely on name-based hosting and the listing of a single IP can effectivly shut down hundreds of legitimate email accounts. This is a serious problem that keeps me from using spam lists...I can't afford to have my clients screeming at me so it is up to them to filter their own spam and take their own risks of losing valuable messages. The goal of SpamCop is noble but they need to be careful that the cure is not worse than the disease. ...that it does not penalize the innocent for the actions of actual spammers. If SpamCop becomes aware of an actual spam message from one of my clients TELL ME ABOUT IT so I can deal with it. Blocking dozens of clients blindly w/o proof they sent junk mail will only lead to serious legal problems for someone along the line. Bottom line to SpamCop... be prepared to prove who an offender is PRIOR to listing them or their IP address in block lists. This falls on SpamCops head not those who use the list because they have no means to verify offending IP addresses provided to them by SpamCop. This falls under the "Product Liability" laws and responsibilities. Paul
Jeff G. Posted March 10, 2005 Posted March 10, 2005 evolutionwebinc.com,Mar 10 2005, 11:49 AM]We have servers with multiple domains using shared IPs and started receiving complaints from customers of bounced emails as a result of recipients subscribing to spamcop lists. We have never received one single confirmation of a spam message sent by any of our clients so that we can terminate their email accounts.25259[/snapback] What are the IP Addresses of those servers?
StevenUnderwood Posted March 10, 2005 Posted March 10, 2005 I have been a supporter of spam cop from the begining but there needs to be a system whereby SpamCop notifies hosts of spam to allow us to take action. Unless it is a spamtrap hit, reports are sent to the registered owner of the IP. As I stated in your other thread, the IP address for evolutionwebinc.com is a rackspace owned one, so they receive the messages. You should be dealing with them to get the information you request. As stated here and in your other thread, reveal the IP address in question and we can tell you likely specifics about why it is on the list.
DavidT Posted March 10, 2005 Posted March 10, 2005 What are the IP Addresses of those servers? I just did a little detective work, and I think that the server that *was* blocked was: 69.20.21.155 = evohost.net It's showing as not blocked at the moment, but in the current SenderBase display, the SpamCop BL status is still showing as blocked: http://www.senderbase.org/?sb=1&searchBy=i...ng=69.20.21.155 so it either fell off the list automatically, or Mr. Kruger (the "Paul" who is posting here, who owns the company) might have used the one-time-removal feature. DT
studog Posted March 16, 2005 Posted March 16, 2005 If you consider loss of business, money and maybe even clients, because a business that depends on the web and email, to be silly, I don't know what to say to you, other than, you may have some of your own issues.16669[/snapback] Business has come to the net/web, and not the other way around. If business does not do what all immigrants must do, that is, learn the systems of their newly adopted homes, then business will have the same experience as failed immigrants do; an unpleasant stay in their newly adopted home, and a general lack of prosperity. And you make a statement like that with seriousness? A business owner who finds himself disabled because of this list, who merely wants to receive email that is sent to him, receive sales, and notices from customers, is abusing the system? ooook then...16669[/snapback] A business owner who doesn't know how to provision redundant systems in case of emergency? What if your phones failed? Power failed? Sounds like you'd be in trouble. ...Stu
WB8TYW Posted March 19, 2005 Posted March 19, 2005 I just did a little detective work, and I think that the server that *was* blocked was: 69.20.21.155 = evohost.net It's showing as not blocked at the moment, but in the current SenderBase display, the SpamCop BL status is still showing as blocked: 25269[/snapback] http://ops.mail-abuse.com/cgi-bin/nph-ops-sview?69.20.21.155 From January of this year, hopefully fixed since then: Bouncing undelivered e-mail to forged addresses. Effectively means that the mail server is participating in a denial of service attack against the forged domains/e-mail addresses that spammers and viruses use. For every real message coming in, statistics are indicating that a mail server is receiving about 3 viruses or spam delivery attempts. And almost all undeliverable messages are from viruses or spam using forged addresses. Using SMTP rejects is the only way to non-abusively and most reliably notify a real sender that their message was not delivered. Usually the only way that the victims of such a denial of service attack can protect themselves from having to pay for the bandwidth from the abusive bounces is to block all e-mail from that mail server. There is a possiblity that the unknown people that reported that data to MAPS also got the I.P. put in a local blocking list to protect their own mail servers. Who knows if that was an administrator for a major ISP, and who knows if they are using that local list to silently delete all e-mail instead of rejecting it? -John Personal Opinion Only
Recommended Posts
Archived
This topic is now archived and is closed to further replies.