Jump to content

Help, I reported my own hosting provider...


xipe

Recommended Posts

Posted

Hello,

This morning I received an e-mail from my hosting provider.

They are very angry, because i accidentally reported them.

I'm afraid it has happened because I used Quick Reporting?

Normally I use "Queue for reporting and move to trash"

How can I correct this reporting?

In the Held Mail I find a message, which raw view I will post here.

Widexs is my hosting provider.

Any help would be very welcome.

Kind regards,

Xipe

==============================================================================

Previewing raw email. Use your browser's back button to return to menu.

==============================================================================

Return-Path: <a.williamsonpd[at]clico.pl>

Delivered-To: spamcop-net-xipe[at]spamcop.net

Received: (qmail 5132 invoked from network); 4 Nov 2004 07:08:20 -0000

Received: from unknown (192.168.1.103)

by blade1.cesmail.net with QMQP; 4 Nov 2004 07:08:20 -0000

Received: from s429.widexs.nl (212.204.254.66)

by mailgate2.cesmail.net with SMTP; 4 Nov 2004 07:08:20 -0000

Received: from localhost (mailscan-1.mail.widexs.nl [213.206.99.78])

by s429.widexs.nl (Postfix) with ESMTP id C22AC1A0030

for <robert[at]xipe.nl>; Thu, 4 Nov 2004 08:08:19 +0100 (MET)

Received: from s429.widexs.nl ([212.204.254.66])

by localhost (mailscan-1.mail.widexs.nl [213.206.99.78]) (amavisd-new, port 10024)

with SMTP id 60971-08 for <robert[at]xipe.nl>;

Thu, 4 Nov 2004 08:09:24 +0100 (CET)

Received: from cloud9.fi (unknown [211.44.247.158])

by s429.widexs.nl (Postfix) with SMTP id A54B41A0029

for <robert[at]xipe.nl>; Thu, 4 Nov 2004 08:08:17 +0100 (MET)

Received: from 16.158.45.76 by smtp.clico.pl;

Thu, 04 Nov 2004 07:06:24 +0000

Message-ID: <cf5801c4c23c$2cb60e7c$82eedfa2[at]cloud9.fi>

From: "Alejandro Williamson" <a.williamsonpd[at]clico.pl>

To: robert[at]xipe.nl

Subject: ***spam*** Italian Crafted Rolex from $75 to $275 - Free Shipping

Date: Thu, 04 Nov 2004 08:06:16 +0100

MIME-Version: 1.0

Content-Type: text/plain;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Virus-Scanned: by amavisd-new at mailscan-1.mail.widexs.nl

X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade1

X-spam-Level: ************

X-spam-Status: hits=12.1 tests=MSGID_DOLLARS,URIBL_AB_SURBL,URIBL_OB_SURBL,

URIBL_SBL,URIBL_SC_SURBL,URIBL_WS_SURBL version=3.0.0

X-SpamCop-Checked: 192.168.1.103 212.204.254.66

X-SpamCop-Disposition: Blocked bl.spamcop.net

Heya,

Do you want a rolex watch?

In our online store you can buy replicas of Rolex watches. They look

and feel exactly like the real thing.

- We have 20+ different brands in our selection

- Free shipping if you order 5 or more

- Save up to 40% compared to the cost of other replicas

- Standard Features:

- Screw-in crown

- Unidirectional turning bezel where appropriate

- All the appropriate rolex logos, on crown and dial

- Heavy weight

Visit us: http://www.roiex.com/rep/rolex/

Best regards,

Hilton Jones

No thanks: http://roiex.com/z.php

Posted

Hi, xipe!

Hello,

This morning I received an e-mail from my hosting provider.

They are very angry, because i accidentally reported them.

I'm afraid it has happened because I used Quick Reporting?

Normally I use "Queue for reporting and move to trash"

How can I correct this reporting?<big snip>

19562[/snapback]

...First, a couple of suggestions that you didn't ask for:
  • Please avoid posting spam in these fora. We all receive enough of our own! Instead, post the TRACKING URL for a spam report you submit.
  • Before posting, have a glance at the descriptions of the fora. The forum in which you posted, "Mailhosts System Beta Test," has no description, but the one labeled "SpamCop Help" is described as being "[a] forum to help users with the SpamCop Reporting System." Admittedly, you have to use this suggestion advisedly as the description for "SpamCop Lounge" forum is widely accepted as being incorrect.
  • Before posting in these fora, look at the "pinned items." One of these for the "SpamCop Help" forum is labeled "Pinned: Original SpamCop FAQ Plus - Read before Posting." Hitting the link in that message ("http://forum.spamcop.net/forums/index.php?showtopic=2238") brings you to a page that includes a message labeled "Why does SpamCop want to send a report to my own network administrator?" which is relevant to your question.

...Serendipitously, you happened to post in the MailHosts forum, which is relevant because the "MailHosts" configuration capability was created in part to help avoid the mistake you made (reporting your own hosting provider as the source of spam).

...As you have discovered, Quick Reporting is very dangerous. Even after going through the MailHosts configuration process, I have found that the SpamCop parser identified my provider as the source of spam (to solve this, I deleted my MailHosts entry and went through the process again). Basically, it is up to you to ensure that each and every report sent by SpamCop is not being mis-directed and Quick Reporting makes this difficult to do.

...If you, like many others, are using Quick Reporting because you get a lot of spam to report and don't have time to go through each and every SpamCop parse for each and every spam, then just report what you do have time to review.

...Hope this helps.

Posted

decisions, decisions .... although apparently talking about an action taken by whacking on buttons from the "e-mail account / web interface" it does boil down to a "reporting" issue, so moved it to the Help Forum. Steve T's response is pretty complete, so not going ot add anything to that <g> Next step will be to go back and edit out at least 90% of that Rolex spam in the original post.

The only other point would be to note that Rolex is very aware of this traffic.

Posted

Despite the issues with the posting of the spam and where it was posted, I had the headers analyzed via http://mailsc.spamcop.net/sc?id=z688926811...edc9412ff4334fz and here is what the parser found:

Received:  from s429.widexs.nl ([212.204.254.66]) by localhost (mailscan-1.mail.widexs.nl [213.206.99.78]) (amavisd-new, port 10024) with SMTP id 60971-08 for <x>; Thu, 4 Nov 2004 08:09:24 +0100 (CET)

...

Cannot accept line without valid 'by'. Skipping chain test - would fail.

This could be a problem, but is not currently. In order to provide less confusion to the parser, mailscan-1.mail.widexs.nl should stop calling itself "localhost (mailscan-1.mail.widexs.nl [213.206.99.78]) (amavisd-new, port 10024)" and should instead call itself mailscan-1.mail.widexs.nl and perhaps refer to "amavisd-new" and "port 10024" in another manner.

Received:  from cloud9.fi (unknown [211.44.247.158]) by s429.widexs.nl (Postfix) with SMTP id A54B41A0029 for <x>; Thu, 4 Nov 2004 08:08:17 +0100 (MET)

211.44.247.158 found

host 211.44.247.158 (getting name) no name

213.206.99.78 not listed in dnsbl.njabl.org

213.206.99.78 not listed in cbl.abuseat.org

213.206.99.78 not listed in dnsbl.sorbs.net

213.206.99.78 is not an MX for s429.widexs.nl

213.206.99.78 is not an MX for mailscan-1.mail.widexs.nl

213.206.99.78 is not an MX for s429.widexs.nl

213.206.99.78 is not an MX for s429.widexs.nl

213.206.99.78 not listed in dnsbl.njabl.org

Possible spammer: 211.44.247.158

host s429.widexs.nl (checking ip) = 212.204.254.66

212.204.254.66 not listed in dnsbl.njabl.org

212.204.254.66 not listed in cbl.abuseat.org

212.204.254.66 not listed in dnsbl.sorbs.net

Chain test:s429.widexs.nl =? mailscan-1.mail.widexs.nl

host mailscan-1.mail.widexs.nl (checking ip) = 213.206.99.78

213.206.99.78 is not an MX for s429.widexs.nl

host s429.widexs.nl (checking ip) = 212.204.254.66

213.206.99.78 is not an MX for s429.widexs.nl

s429.widexs.nl and mailscan-1.mail.widexs.nl have same domain - chain verified

Possible relay: 213.206.99.78

213.206.99.78 not listed in relays.ordb.org.

213.206.99.78 has already been sent to relay testers

Received line accepted

...

Report spam to:

Re: 211.44.247.158 (Administrator of network where email originates)

To: postmaster#[211.44.247.158][at]devnull.spamcop.net

This appears to be the appropriate action for this spam, although I'd suggest that the Deputies and/or Admins find better reporting addresses at Hanaro Telecom. Given the bounces indicated at http://www.rfc-ignorant.org/tools/lookup.p...naro.com&full=1 and http://www.rfc-ignorant.org/tools/lookup.p...anet.net&full=1 and my own experience of unresponsiveness and resultlessness at Hanaro Telecom, I'd suggest abuse <at> att.net.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...