Michael Posted January 23, 2004 Share Posted January 23, 2004 Hello. Today we've found that our mailserver is blacklisted by Spamcop, but neither we, nor our ISP received any reports on a spam-message listed on a webste. Also there is no any reports on that spam-message in a Report History section of spamcop.net website. So we had no chance to take an appropriate measures against spammers. We're web-hosting company and spam facts from our clients happen sometimes and we are always reacting on received spam-reports. Also Spamcop blacklist is used on our mailserver. But this time a mailserver's IP was blocked without any notification from SpamCop! Sad but true Can anyone help to resolve the situation? -- WBR, Michael Link to comment Share on other sites More sharing options...
jefft Posted January 23, 2004 Share Posted January 23, 2004 Hello. Today we've found that our mailserver is blacklisted by Spamcop, but neither we, nor our ISP received any reports on a spam-message listed on a webste. Michael, What IP address are you talking about? JT Link to comment Share on other sites More sharing options...
Michael Posted January 23, 2004 Author Share Posted January 23, 2004 What IP address are you talking about? JT We're hoster.ru company. and mail.hoster.ru is 195.209.36.35 I've received some answers in a newsgroup. Just want to say that we're always received reports on 3 emails. But this time - no. -- WBR, Michael P.S. Sorry, I've got to go now, I will answer a little bit later. Link to comment Share on other sites More sharing options...
jefft Posted January 23, 2004 Share Posted January 23, 2004 We're hoster.ru company. and mail.hoster.ru is 195.209.36.35 I've received some answers in a newsgroup. Just want to say that we're always received reports on 3 emails. But this time - no. -- WBR, Michael P.S. Sorry, I've got to go now, I will answer a little bit later. It appears to me that someone inappropriately reported a couple emails that they got from your system. At least one was a warning notice about a spam that couldn't be delivered for 48 hours. Because we've never seen any traffic from this host before, two reports was enough to put you on the blacklist for a few hours. You're off the blacklist now, though. JT Link to comment Share on other sites More sharing options...
Jeff G. Posted January 23, 2004 Share Posted January 23, 2004 Hello. Today we've found that our mailserver is blacklisted by Spamcop, but neither we, nor our ISP received any reports on a spam-message listed on a webste. Also there is no any reports on that spam-message in a Report History section of spamcop.net website. So we had no chance to take an appropriate measures against spammers. We're web-hosting company and spam facts from our clients happen sometimes and we are always reacting on received spam-reports. Also Spamcop blacklist is used on our mailserver. But this time a mailserver's IP was blocked without any notification from SpamCop! Sad but true Can anyone help to resolve the situation? -- WBR, Michael The OP posted from a citytelecom.ru address. citytelecom.ru MX (Mail Exchanger) Priority: 10 mail.hoster.ru mail.hoster.ru A (Address) 195.209.36.35 According to http://www.spamcop.net/w3m?action=checkblo...p=195.128.48.80 : Query bl.spamcop.net - 195.128.48.80 195.128.48.80 is hsto-15.citytelecom.ru 195.128.48.80 not listed in bl.spamcop.net SpamCop has no record of this system According to http://www.spamcop.net/w3m?action=checkblo...p=195.209.36.35 : Query bl.spamcop.net - 195.209.36.35 195.209.36.35 is mail.hoster.ru 195.209.36.35 listed in bl.spamcop.net (127.0.0.2) Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 2.6 days. It has been listed for less than 24 hours. In the past week, this system has: Been reported as a source of spam less than 10 times Been witnessed sending mail less than 10 times A sample sent sometime during the 24 hours beginning Tuesday 2004/01/20 19:00:00 -0500: Received: from -.-.- (-.-.- [195.209.36.35]) by -.-.- (Postfix) with - id - for <-[at]-.->- Wed, - Jan 2004 - - (-) Subject: - spam - warning - message - delayed - hours From: ma.. at ..er.ru According to http://www.moensted.dk/spam/?addr=195.209.36.35 , 195.209.36.35 was found in 12 lists. SpamCop would send reports to panov[at]parkline.ru . The following text by Merlyn has helped others to understand the process in the past: Lets go through this step by step together. Please read this carefully and do not just scan it otherwise you will not understand the process. 1.) If you did not post the entire message you received about your email being blocked it will be very hard to help you solve your problem. 2.) Next we will talk about why Spamcop cannot block your email. Spamcop has no access to your email. When you send your email it goes through your ISP's email server and travels through the Internet until it reaches the ISP's server of the person you are sending your mail to then their ISP's server routes it to their mailbox. Spamcop has no access to either server or to the process between servers. 3.) Next we will discuss why you think Spamcop blocked you email. You probably received a "bounced" email saying something like: 451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx: or email from xxx.com blocked,refused by Spamcop,see http://www.spamcop.net or Anything saying your email was "blocked" by Spamcop and they directed you to some page on the Spamcop site. 4.) Now we will talk about who is "really" blocking your email Remember how we discussed the way your email traveled from your computer to the recipients computer in #2? The only person who could block your email is the recipients ISP or the recipient themselves. Most likely the recipients ISP is using the Spamcop List (we will discuss this in the next part #5) and they have blocked this email because the sending ISP's server is a known source of spam on the Internet. You should be complaining to your ISP because they allow spammers to use their resources which in turn caused your email to get blocked. You ISP did receive complaints. You could also contact the recipients ISP asking them to "whitelist" you. They recipients ISP decided on their own to incorporate this list into their email server software. Now you say you do not send spam but before you get upset, read the next part about how this list is compiled by Spamcop. 5.) What is the Spamcop List and why do ISP's use it? Spamcop runs a service for reporting spam. This is a free service where people either send their spam email or copy their spam email in a form that parses the email to find out where it originated from. Once the amount of spam reaches a calculated amount the originating server is placed on the list of spammers. This list is made freely available to anyone running an email server to use to enable them to block email originating from known spam servers. This list only contains IP numbers and not email addresses as email addresses in the "From" field can be readily forged and are not reliable. The only reliable source is the IP address the spam originated from. for more detailed information on how Spamcop works see: http://www.spamcop.net/fom-serve/cache/3.html 6.) Final Notes (VERY IMPORTANT) Before you start getting upset just remember what brought you here. Your email was blocked, not by Spamcop but the ISP of the person you were sending your email to. Spamcop has no control over what they do with their servers. Also, get proactive and help stop the flow of spam. Complain to your ISP because it is their servers that are being blocked. Let them know that you are paying for email service in your contract with them and they are not able to provide you with this service because they allow spammers to abuse their servers. I think you would agree with me that everyone is tired of receiving mortgage quotes, penis enlargement, breast enhancement, weight loss, nude 40 year old teenage sluts, Viagra, vacation, lottery, prescription drug, business opportunities, genealogical, university degrees, gambling, get rich quick, MLM, pyramid schemes, Web Cams, Russian brides, work from home, stock scams, pirated software and everything else that is force fed into our inboxes. If you have any more questions please post them here, there are many people willing to assist. And remember most people in this group are here to help you and they did not block your email so do not take your wrath out on them. HTH HAND Link to comment Share on other sites More sharing options...
Michael Posted January 23, 2004 Author Share Posted January 23, 2004 It appears to me that someone inappropriately reported a couple emails that they got from your system. At least one was a warning notice about a spam that couldn't be delivered for 48 hours. Because we've never seen any traffic from this host before, two reports was enough to put you on the blacklist for a few hours. You're off the blacklist now, though. Thanks to everyone. I really appreciate your help. I have one more question. Where can I read about how to set up an email adress for spam reports from our domains or ip-addresses to avoid the situations like this? -- WBR, Michael Link to comment Share on other sites More sharing options...
Jeff G. Posted January 23, 2004 Share Posted January 23, 2004 Where can I read about how to set up an email adress for spam reports from our domains or ip-addresses to avoid the situations like this? You should create an abuse.net listing for each of the domains you manage per http://www.abuse.net/addnew.html. You should ensure that your RIPE WHOIS information (for example, at http://www.ripe.net/perl/whois?form_type=s...t=195.209.36.35 or http://shorterlink.com/?IKTW9X) accurately reflects netblock contact information for the netblocks you manage. Please also review "How can I get SpamCop reports about my network?" at http://www.spamcop.net/fom-serve/cache/94.html. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.