Email is being blocked

[ScottSwingleComputers]

A company I work for is having all their emails to another company be blocked by spamcop. They get a blank message back from MAILER-DAEMON with an undeliverable header. It reads:

<pop.directnic.com><thillenv[at]hillenvale.com> <tmoyer[at]jmcclainco.com>550 5.7.1 Mail from blaze1.lax.untd.com (64.136.29.16) refused (blackholed by bl.spamcop.net);Blocked - see http://www.spamcop.net/bl.shtml?64.136.29.16

I have no idea why this is happening. hillenvale.com IP address is not blocked. Our host isn't blocked (www.freeservers.com) their mail server isn't blocked, jmcclainco.com isn't blocked, and the IP listed in the header from this untd.com place isn't blocked.

This is important business related email that has always gone through in the past. Why is it suddenly being blocked by a program I have never heard of until today?

Thanks!

[Wazoo]

Although your referenced link http://www.spamcop.net/bl.shtml?64.136.29.16 does show that this iP is cueerntly not listed, it is known that this page hasn't been exactly real-time in a long while. On the other hand, there is nothing that precludes the possibility that the receiving ISP has a screwed up configuration and the "error message" is bad .. possibly rejecting the e-mail based on some decision but pulling up the wrong "reason" ....

http://www.senderbase.org/?searchBy=ipaddr...ng=64.136.29.16

Date of first message seen from this address 2004-10-26 might explain something, but ....

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 5.5 .. 695%

Last 30 days .. 5.5 .. 689%

Average ........ 4.6

offers some nasty connotations. Can you explain the ramp-up in traffic? IS it possible your e-mail server/network has been compromised?

http://openrbl.org/ip/64/136/29/16.htm shows this IP being listed all over the place.

http://moensted.dk/spam/?addr=64.136.29.16&Submit=Submit shows nothing of real interest.

http://groups-beta.google.com/groups?q=64.136.29.16 came back with nothing.

The SpamCop parser suggests that complaints would go to;

Parsing input: 64.136.29.16

host 64.136.29.16 = blaze1.lax.untd.com (cached)

Routing details for 64.136.29.16

Report routing for 64.136.29.16: spamdesk[at]support.juno.com

So one would ask whether this is "your" e-mail server or something shared amongst other users?

At this point, I'd really like to see the actual "bounce" message, as I'm not sure what all the addresses in your snippet are actually referring to ... e-mail normally goes from Point A to Point B (with a few things in-between) but you've introduced four "players" into your query ....

[StevenUnderwood]

While that IP is not currently blocked, there are reports (visible to paid subscribers) against it as recently as 7:00AM this morning.

Submitted: Tuesday, January 11, 2005 7:00:11 AM -0500:

Cheap Meds

1334314176 ( 64.136.29.16 ) To: spamcop[at]imaphost.com

1334314167 ( 64.136.29.16 ) To: spamdesk[at]support.juno.com

It was probably blocked when the messages were sent. Someone that you share that server IP address with is sending spam, please contact Juno and have them remove their spammers.

[ScottSwingleComputers]

While that IP is not currently blocked, there are reports (visible to paid subscribers) against it as recently as 7:00AM this morning.

It was probably blocked when the messages were sent.  Someone that you share that server IP address with is sending spam, please contact Juno and have them remove their spammers.

22923[/snapback]

It is a shared email server. We have our domain name and website at www.freeservers.com (A paid package, even though the name implies its free) We get as many email accounts as we want, and set up our pop servers as mail.freeservers.com

I have no idea where Juno comes into all this????

So I should contact freeservers.com and tell them our email is getting blocked?

That increase in usage...thats for a shared server somewhere out there and not specifically one of our addresses, right?

[Merlyn]

Freeservers.com email servers are on the Spamcop list at times. (sometimes more than others). You can find many public sightings in NANAS.

You are at the mercy of the spammers when you share an email server.

Contact them when you can show that it is in fact listed but the server you are talking about is currently only in 1 list (jammconsulting).

[ScottSwingleComputers]

So what do I need to do to get this email to work? Thats all I am really after. I am all for spam prevention, but it seems like spamcop is taking things a little too far.

[Merlyn]

How can spamcop be taking things to far? You were blocked by the very people you were sending your email to.

If there is anyone to "blame" it's the spammers.

[DavidT]

So what do I need to do to get this email to work? Thats all I am really after. I am all for spam prevention, but it seems like spamcop is taking things a little too far.

Actually, the server listed in the error message you quoted, "blaze1.lax.untd.com" is indeed related to Juno, which is apparently part of the same company as Freeservers.com.

DT

ps - some clarification.... I think the company you work for is "The McClain Company" and it is messages sent from someone at that company to a recipient at "The Inn at HillenVale" that are being blocked, correct? If so, then the people who administer the Hillenvale email servers are the ones to contact...that seems to be the Freeservers folks.

[ScottSwingleComputers]

Actually, the server listed in the error message you quoted, "blaze1.lax.untd.com" does indeed belong to Juno, so it would seem that the person sending the mail in question is dialing up to Juno for their Internet connection and then sending the mail "From" the business' domain. The SpamCop BL is based on the orignating IP, which in this case is a Juno connection, which has noting to do with the hosting of the domain. The Juno IP's wind up getting on blacklists frequently, so the solution is for the people sending the messages to use a better ISP for their actual connection to the 'net.

DT

22935[/snapback]

Well, WE are the people sending the message, and we have Road Runner for our ISP. So yea, I still don't see the juno connection.

[DavidT]

Well, WE are the people sending the message, and we have Road Runner for our ISP. So yea, I still don't see the juno connection.

Our messages are crossing....I made major edits to the message to which you just responded after looking up the companies and the hosting.

You must be using the "webmail" features of your domain hosting to send the messages, or else your messages would be seen as coming from RoadRunner.

DT

[Wazoo]

It is a shared email server. We have our domain name and website at www.freeservers.com (A paid package, even though the name implies its free)  We get as many email accounts as we want, and set up our pop servers as mail.freeservers.com

At this point, we seem to be standing in the produce department, talking about vegetables but looking at the fruit selection. Yout original query dealt with a particular e-mail. SpamCop and the SCBL deal primarily with the IP address of the source of the e-mail. Your web-hosting, Domain names, etc. aren't exactly part of the original issue.

I have no idea where Juno comes into all this????

Based on the snippet of data you provided. I did suggst that seeing the actual bounce message would help clear up a number of items.

So I should contact freeservers.com and tell them our email is getting blocked?

Only if you can prove that your original query is based on an e-mail from a freeservers.com ... at this point, there is no connection seen.

That increase in usage...thats for a shared server somewhere out there and not specifically one of our addresses, right?

That's for the server sitting at the IP referenced in your starting post ... and that was actually a question asked of you, based on all the extra data you tossed into that starting query. Again, thus far, not related to the snippet of data you provided on a rejected e-mail.

Stated earlier was that you had brought four players into the picture, now I see you've added a fifth .... seriously, the actual bounce/rejection e-mail is needed at this point to make much sense out of what's going on. (and based on your first pot, it looks like the entire message to include full headers is going to be needed, as your snippet is more than just a bit odd the way it's presented.)

[ScottSwingleComputers]

Our messages are crossing....I made major edits to the message to which you just responded after looking up the companies and the hosting.

You must be using the "webmail" features of your domain hosting to send the messages, or else your messages would be seen as coming from RoadRunner.

DT

22938[/snapback]

You got it backwards. I work for Hillenvale. You are right, one user is using the webmail. However, I was informed that another user using Outlook Express emailng the same company is having problems also.

So basically, we use webmail on freeservers, freeservers uses Juno, so the receiving server see's that juno is bad, and blocks the email. Am I right so far?

So EVERYONE who uses Juno is getting their email blocked. Wonderful spam prevention you got there. So if someone using road runner starts spamming, i could find my road runner email blocked. God help Hotmail and Yahoo email users.

[ScottSwingleComputers]

At this point, we seem to be standing in the produce department, talking about vegetables but looking at the fruit selection.  Yout original query dealt with a particular e-mail.  SpamCop and the SCBL deal primarily with the IP address of the source of the e-mail.  Your web-hosting, Domain names, etc. aren't exactly part of the original issue.

Based on the snippet of data you provided.  I did suggst that seeing the actual bounce message would help clear up a number of items.

Only if you can prove that your original query is based on an e-mail from a freeservers.com  ... at this point, there is no connection seen.

That's for the server sitting at the IP referenced in your starting post ... and that was actually a question asked of you, based on all the extra data you tossed into that starting query.  Again, thus far, not related to the snippet of data you provided on a rejected e-mail.

Stated earlier was that you had brought four players into the picture, now I see you've added a fifth ....  seriously, the actual bounce/rejection e-mail is needed at this point to make much sense out of what's going on. (and based on your first pot, it looks like the entire message to include full headers is going to be needed, as your snippet is more than just a bit odd the way it's presented.)

22939[/snapback]

This is all I have, the actual body of the message is empty.

from mail.freeservers.com ([10.133.22.1]) by pop.communityarchitect.com (v1.106) with ESMTP id (D587D182AF2F8AEE) for <thillenv[at]hillenvale.com>; Tue, 11 Jan 2005 11:11:42 -0700

Received: from pop.communityarchitect.com (unknown [10.133.22.1]) by mail.freeservers.com (Postfix) with ESMTP id 8D3BE600052 for <thillenv[at]hillenvale.com>; Tue, 11 Jan 2005 11:11:42 -0700 (MST)

Undeliverable: <pop.directnic.com> <thillenv[at]hillenvale.com> <tmoyer[at]jmcclainco.com>550 5.7.1 Mail from blaze1.lax.untd.com (64.136.29.16) refused (blackholed by bl.spamcop.net); Blocked - see http://www.spamcop.net/bl.shtml?64.136.29.16

Message-Id: <20050111181142.8D3BE600052[at]mail.freeservers.com>

Date: Tue, 11 Jan 2005 11:11:42 -0700 (MST)

From: MAILER-DAEMON

To: undisclosed-recipients:;

[Wazoo]

You got it backwards. I work for Hillenvale. You are right, one user is using the webmail. However, I was informed that another user using Outlook Express emailng the same company is having problems also.

Technically speaking, the e-mail application isn't in question. It's the source of the e-mail that is at issue (and still in a lot of confusion at this point, other than pointing to the bouce message snippet you provided)

So basically, we use webmail on freeservers, freeservers uses Juno, so the receiving server see's that juno is bad, and blocks the email.  Am I right so far?

Some folks block Juno on just general principle. As stated in a previous rsponse, it is still possible that the receiving ISP is one of those folks, but thier configuration is pulling up a "Blocked by SpamCop" line in error.

So EVERYONE who uses Juno is getting their email blocked. Wonderful spam prevention you got there.  So if someone using road runner starts spamming, i could find my road runner email blocked. God help Hotmail and Yahoo email users.

You are getting way off target fast. Perhaps it's time to step back and point you to the FAQ here, specifically the "Why am I Blocked" entry.

[DavidT]

You got it backwards. I work for Hillenvale.

I got confused because the "Technical Contact" for jmcclainco.com is a "Doug Swingle" of Newark OH...no connection?

You are right, one user is using the webmail. However, I was informed that another user using Outlook Express emailng the same company is having problems also.

That doesn't add up, unless the receiving server's blocking routines also doesn't like the IP being used by the OE user.

So basically, we use webmail on freeservers, freeservers uses Juno, so the receiving server see's that juno is bad, and blocks the email.  Am I right so far?

That's accurate, AFAICT from the error you submitted above. It means that the IP of the Juno server in Los Angeles (LAX) was reported for spamming and was listed in various blacklists.

So EVERYONE who uses Juno is getting their email blocked.

Nope...you just went WAY too far there.

Wonderful spam prevention you got there.  So if someone using road runner starts spamming, i could find my road runner email blocked. God help Hotmail and Yahoo email users.

Let's step back a bit and review a very basic concept....SpamCop doesn't do the blocking! The blocking is done by various ISP's who choose to consider a temporary listing in the SpamCop BL as enough evidence to reject mail. Whoever is running the mail servers for the McClain folks are the ones who are doing the blocking, and they are the ones with whom you need to communicate. They *should* be allowing their users to receive whatever messages they choose, by way of user-configurable whitelisting, etc. It doesn't sound as if they're doing that, and that is NOT SpamCop's fault.

DT

[Merlyn]

addresses 64.136.29.16

canonical name blaze1.lax.untd.com.

Registrant:

United Online, Inc. (YCIWJTNJKD)

Network Whois record

Queried whois.arin.net with "64.136.29.16"...

OrgName: Juno Online Services, Inc.

OrgID: JUNO

It is not currently on the Spamcop list but it was probably listed earlier because of all the spam reported from that server like stated above.

Here are a few shubect lines of the spam reported:

Cheap Meds

Cheap Meds

tempting, pleasant and little Claudia and Karissa at 4-th issue of our Unreal...

And the list goes on.....

Porn spammers and criminal pills spammers.

Looks like you are sharing an email server with some good people.

I suggest you find another way to send your email.

Hope this helps.

[DavidT]

This is all I have, the actual body of the message is empty.

Are you sure? It's possible that if you reveal the "raw source" of the entire message, the original message headers might be below the part you just quoted...or they might not, but that's what is needed.

DT

[ScottSwingleComputers]

I got confused because the "Technical Contact" for jmcclainco.com is a "Doug Swingle" of Newark OH...no connection?

That doesn't add up, unless the receiving server's blocking routines also doesn't like the IP being used by the OE user.

That's accurate, AFAICT from the error you submitted above. It means that the IP of the Juno server in Los Angeles (LAX) was reported for spamming and was listed in various blacklists.

Nope...you just went WAY too far there.

Let's step back a bit and review a very basic concept....SpamCop doesn't do the blocking! The blocking is done by various ISP's who choose to consider a temporary listing in the SpamCop BL as enough evidence to reject mail. Whoever is running the mail servers for the McClain folks are the ones who are doing the blocking, and they are the ones with whom you need to communicate. They *should* be allowing their users to receive whatever messages they choose, by way of user-configurable whitelisting, etc. It doesn't sound as if they're doing that, and that is NOT SpamCop's fault.

DT

22943[/snapback]

There is no connection between me and Doug Swingle, although I have heard of him..

I think I understand all of this now. I'm glad its not a problem on our end. Although the people at jmcclainco say its not their problem either, they don't have anything set up to block spam supposedly. I'll attribute that to user ignorance though.

Would it be safe to tell my users to set up a yahoo, hotmail, gmail, etc mail account to use when emailing jmcclainco, or is there a chance that would be blocked also?

[Wazoo]

This is all I have, the actual body of the message is empty.

from mail.freeservers.com ([10.133.22.1]) by pop.communityarchitect.com (v1.106) with ESMTP id (D587D182AF2F8AEE) for <thillenv[at]hillenvale.com>; Tue, 11 Jan 2005 11:11:42 -0700

Received: from pop.communityarchitect.com (unknown [10.133.22.1]) by mail.freeservers.com (Postfix) with ESMTP id 8D3BE600052 for <thillenv[at]hillenvale.com>; Tue, 11 Jan 2005 11:11:42 -0700 (MST)

Undeliverable: <pop.directnic.com> <thillenv[at]hillenvale.com> <tmoyer[at]jmcclainco.com>550 5.7.1 Mail from blaze1.lax.untd.com (64.136.29.16) refused (blackholed by bl.spamcop.net); Blocked - see http://www.spamcop.net/bl.shtml?64.136.29.16

Message-Id: <20050111181142.8D3BE600052[at]mail.freeservers.com>

Date: Tue, 11 Jan 2005 11:11:42 -0700 (MST)

From: MAILER-DAEMON

To: undisclosed-recipients:;

22941[/snapback]

First line has no line starter data, assumedly should have been Recieved:

Only IPs involved in the handling of this e-mail are non-routable, assumedly some one's internal network involved ...

First line says that ...architect.com received it from ..freeservers.com at 11:11:42 -0700

Second line says that ..freesrvers.com received it from ..architect.com at 11:11:42 -0700

Interesting spin of this e-mail flow ...????

whois -h whois.melbourneit.com communityarchitect.com ...

Domain Name.......... communityarchitect.com

Creation Date........ 2000-04-25

Registration Date.... 2003-03-21

Expiry Date.......... 2005-04-25

Organisation Name.... Web Services

Organisation Address. 1253 N. Research Way

Organisation Address. Suite Q-2500

Organisation Address. Orem

Organisation Address. 84097

Organisation Address. UT

Organisation Address. UNITED STATES

Now we have a sixth party in the mix ... (or a situation of someone's internal network configuration that coincidentally has a matching "real" domain out there ..???

[DavidT]

Although the people at jmcclainco say its not their problem either, they don't have anything set up to block spam supposedly. I'll attribute that to user ignorance though.

Their domain seems to be parked at DirectNIC.com, and so it would seem that the DirectNIC admins are indeed utilizing the SpamCop Blacklist as a "blocklist" as opposed to a "tagging/filtering" list. The *other* Mr. Swingle (the Tech Contact for McClain) needs to submit a trouble ticket with DirectNIC and see what solutions, if any, are possible. Looking at their site, I wouldn't hold my breath...a MUCH better domain host is GoDaddy.com...they actually have a phone number and they don't do this kind of thing.

Would it be safe to tell my users to set up a yahoo, hotmail, gmail, etc mail account to use when emailing jmcclainco, or is there a chance that would be blocked also?

If DirectNIC is using blacklists to bounce messages during attempted delivery, then there's no guarantee that any sending source will necessarily get through. A better long-term solution is for them to demand whitelisting capabilities from DirectNIC, or for them to move their domain to a host that offers that.

DT

[ScottSwingleComputers]

Their domain seems to be parked at DirectNIC.com, and so it would seem that the DirectNIC admins are indeed utilizing the SpamCop Blacklist as a "blocklist" as opposed to a "tagging/filtering" list. The *other* Mr. Swingle (the Tech Contact for McClain) needs to submit a trouble ticket with DirectNIC and see what solutions, if any, are possible. Looking at their site, I wouldn't hold my breath...a MUCH better domain host is GoDaddy.com...they actually have a phone number and they don't do this kind of thing.

If DirectNIC is using blacklists to bounce messages during attempted delivery, then there's not any guarantee that any sending source is guaranteed to get through. A better long-term solution is for them to demand whitelisting capabilities from DirectNIC, or for them to move their domain to a host that offers that.

DT

22949[/snapback]

Ok. Thank you all for your help. Sorry for being such a pain in the butt.

[DavidT]

Now we have a sixth party in the mix ...

No, I don't think so. I think that Scott supplied some email rejection headers that were local to the person doing the sending, and therefore don't really shed any light on the original headers of the blocked message. We're getting a bit off-track here.

DT

[agsteele]

There is no connection between me and Doug Swingle, although I have heard of him..

I think I understand all of this now. I'm glad its not a problem on our end. Although the people at jmcclainco say its not their problem either, they don't have anything set up to block spam supposedly. I'll attribute that to user ignorance though. 

Would it be safe to tell my users to set up a yahoo, hotmail, gmail, etc mail account to use when emailing jmcclainco, or is there a chance that would be blocked also?

22946[/snapback]

A lot of problems that arise when Emails are blocked come because:

1. The ISP they use doesn't actually tell them it is blocking Emails or offer a means for bypassing the blocks (often done to save the not inconsiderable costs of passing spam)

2. Even when the use of blocklists is explained the message doesn't get through to the folk actually using the Email

Either way it becomes frustrating for the sender who can do little to resolve the problem.

Yes, many folk recommend setting up a Yahoo! or Hotmail type account for these situations. You cannot be totally reassured that mail will get through that way but you would be singularly unlucky if both routes got blocked at the same time

Andrew

[DavidT]

Ok. Thank you all for your help. Sorry for being such a pain in the butt.

You're welcome...and you weren't.

BTW, given the overlap of the FreeServers servers with Juno, I'd recommend against using them if you want outbound webmail to reliably reach other people. There are plenty of other hosts out there with better reputations than Juno.

And one last comment...isn't it a shame that all of us are having problems sending and receiving messages due to the lack of adequate punishment and control of spamming? You can thank the wimps in Washington, DC for all being bought and paid for by the DMA, who has fought effective controls from the very first floods of spam.

DT