How to find the problem

[dothenoodle]

Okay, this is a little long. I have an IP address listed in spamcop.net (66.82.48.1). I use direcway as my ISP, but a different company for my email provider. My email provider uses the spamcop list, so I am unable to send any emails right now because I am on the list. I am trying to find out if the problem is on my end or if it is direcway''s problem.

I have a PC and a Mac connected by a router. The internet connection goes through the PC to the router to the Mac. I have installed Ad Aware and a virus program on the PC. I also have installed a firewall on the PC. I am not sure what else I can do to make sure that some one isn't using my PC or Mac to send spam. Any ideas?

Thanks!

[turetzsr]

Hi, Noodle!

...Please check out the Pinned: FAQ Entry: Why is my email blocked? or the SpamCop FAQ. If you still have questions after looking there, please don't hesitate to come on back here and ask them.

...Good luck!

[Jeff G.]

In addition, according to http://www.spamcop.net/w3m?action=checkblock&ip=66.82.48.1 :

Query bl.spamcop.net - 66.82.48.1

66.82.48.1 is dpc6682048001.direcpc.com

66.82.48.1 listed in bl.spamcop.net (127.0.0.2)

Since SpamCop started counting, this system has been reported about 130 times by about 30 users. It has been sending mail consistently for at least 111.9 days. In the past 676.0 days, it has been listed 52 times for a total of 150.9 days

In the past week, this system has:

Been detected sending mail to spam traps

Been witnessed sending mail about 140 times

Other hosts in this "neighborhood" with spam reports:

66.82.47.125

66.82.48.31

A sample sent sometime during the 24 hours beginning Friday 2003/11/14 19:00:00 -0500:

Received: from - (-6682-48-1.-.com [66.82.48.1])

by -.-.com (- - - - -.-.-)

with SMTP id -

Sat, 1- Nov 2003 -1- - (-)

Subject: a - good -

From: so.. at ..l.com

A sample sent sometime during the 24 hours beginning Sunday 2003/11/23 19:00:00 -0500:

Received: from [66.82.48.1] by - (- SMTP -.-)-

with SMTP id -1- Mon Nov - 1- - -

Subject: free - cool newsletter -

From: fr.. at ..w.com

A sample sent sometime during the 24 hours beginning Wednesday 2003/12/03 19:00:00 -0500:

Received: from -6682-48-1.-.com (66.82.48.1) by -1- with SMTP id <-.-1-[at]->- Wed, - - 2003 1- -1-

Subject: - what does the blue pill do

From: ma.. at ..y.net

A sample sent sometime during the 24 hours beginning Sunday 2003/12/14 19:00:00 -0500:

Received: from -6682-48-1.-.com (- -6682-48-1.-.com) (66.82.48.1) by -.-.-.com (-.-) with - Mon, 1- Dec 2003 - -

Subject: - spam - spam - hi

From: ir.. at ..l.com

A sample sent sometime during the 24 hours beginning Monday 2003/12/15 19:00:00 -0500:

Received: from -6682-48-1.-.com ([66.82.48.1] -1-)-

by -.-.-.-.net with smtp (Exim -.- -1)-

id 1-1-

for -[at]-.net- Tue, 1- Dec 2003 1-1- -

Subject: action alert

From: li.. at ..a.net

A sample sent sometime during the 24 hours beginning Saturday 2003/12/20 19:00:00 -0500:

Received: from -6682-48-1.-.com (-6682-48-1.-.com [66.82.48.1])

by -1.-.- (Postfix) with SMTP id -82-

for <-.-[at]-.->- Mon, - Dec 2003 - -1- (-)

Subject: notice

From: bv.. at ..b.com

A sample sent sometime during the 24 hours beginning Wednesday 2004/01/14 19:00:00 -0500:

Received: from [66.82.48.1] (-6682-48-1.-.com)-

by -.-.-.net with smtp id 1-1-

for -[at]-.-.-.- Thu, 1- Jan 2004 - -

Subject: hi

From: au.. at ..n.com

A sample sent sometime during the 24 hours beginning Monday 2004/01/26 19:00:00 -0500:

Received: from -.-.com (-6682-48-1.-.com [66.82.48.1]) -

by -.com (-.1-.-.11.-) with SMTP id -1-1- -

for <-[at]-.com>- Tue, - Jan 2004 11-1-1- - -

Subject: [none]

From: re.. at ..x.com

A sample sent sometime during the 24 hours beginning Tuesday 2004/01/27 19:00:00 -0500:

Received: from -.- (-6682-48-1.-.com [66.82.48.1])-

by -.-.net (-.1-.1-.1-.1-) with SMTP id -

for <-.-[at]-.net>- Wed, - Jan 2004 -1-1- -

Subject: - of - fraying

From: al.. at ..y.org

A sample sent sometime during the 24 hours beginning Wednesday 2004/01/28 19:00:00 -0500:

Received: from - (-6682-48-1.-.com [66.82.48.1])-

by -.-.com (-.11.-.11.-) with - id -1-1-

for <-[at]-.com>- Wed, - Jan 2004 - -

Subject: - rocky mount kingdom hall

From: jr.. at ..y.com

A sample sent sometime during the 24 hours beginning Wednesday 2004/01/28 19:00:00 -0500:

Received: from -6682-48-1.-.com ([66.82.48.1] -.-)-

by -.-.-.-.net with - (Exim -.- -1)-

id 1-1- Thu, - Jan 2004 1- -

Subject: - zero - de -

From: cj.. at ..o.com

A sample sent sometime during the 24 hours beginning Monday 2004/02/02 19:00:00 -0500:

Received: from [66.82.48.1] (-)-

by -.-.net with smtp (Exim -.-)-

id 1-

for -[at]-.com- Tue, - Feb 2004 1- -

Subject: my last weekend - oh

From: bu.. at ..l.com

Been detected sending mail to spam traps is a kiss of death for any IP Address. ISPs whose IP Addresses have Been detected sending mail to spam traps need to review FAQ Entry "How can I be de-listed" at http://www.spamcop.net/fom-serve/cache/298.html ASAP.

[Wazoo]

  I have  an IP address listed in spamcop.net (66.82.48.1).

You believe that this is "your" IPA? I see it running back to Hughes, i.e. direcway

I use direcway as my ISP, but a different company for my email provider.

and the reason you felt that this other ISP wasn't important enough to identify is ...?

  My email provider uses the spamcop list, so I am unable to send any emails right now because I am on the list.

It doesn't work like that. Use of the SpamCop BL is to handle the incoming mail, not outgoing.

I am trying to find out if the problem is on my end or if it is direcway''s problem.

I'm not actually sure that you've described your specific problem. The mis-diagnosis of use of the SpamCop BL and that "can't send e-mail" can mean any of a thousand different things, it's hard to take a stab at an answer.

I have a PC and a Mac connected by a router.  The internet connection goes through the PC to the router to the Mac.

Reading these words (over and over) paints me a picture of you having two different set-ups ...???? The second part stating that the internet connection goes through the PC, then the router, then the Mac ....??? In general, the net connection would be through the router, through which the PC and the Mac looked at the world, and is kind of the way the first sentence suggested things were hooked up. To try to clear things up, does the PC currently contain two NICs?

I have installed Ad Aware and a virus program on the PC.  I also have installed a firewall on the PC.  I am not sure what else I can do to make sure that some one isn't using my PC or Mac to send spam.  Any ideas?

Idea at this point is that you are not asking about a SpamCop (implementation) problem. You went from "can't send e-mail" to "making sure that 'my' computer isn't used to send spam" ..... Somewhere, your focus shifted, and I'm not sure what your problem actually is at this point. (well, I'm actually ignoring that you said you really did install a virus program on the PC, thinking that this also isn't what you meant to say)

[dothenoodle]

Okay, let's see if I can clarify my original post a little. First, as you can tell, I am not an expert at this, so some of what I wrote is what other people have told me.

I read the FAQ's, and I have read the report on my IPA. I check spamcop.net almost on a daily basis because of the problems of being listed. I can't figure out why I am being listed.

I will try to go in order of the replies below. I was told that 66.82.48.1 is my computer's IPA. I use direcway as my internet provider. My email provider is equitek. The owner is also my Mac consultant. I didn't think the email provicder name was that important. Anyway, the email provider told me that he uses the blacklist to block spam, and because my IPA was listed, my mail would not relay (I think that is the correct term) through his servers.

The internet connection actually runs into my PC, which is connected to the router that is connected to my Mac. Direcway does not support Mac, so I have to run the connection through the PC, not into the router. And you guys wonder why I am confused!!!!

I was told that some viruses or spyware could make it so some one could use my computer to send spam. I installed these programs to make sure the PC was clean. Same reason for having the firewall up.

I have sent emails to direcway asking for information on this, since they may or may not be part of the problem, but all I ever get is an auto reply with no information whatsoever.

I know that the spam trap thing is a huge problem. I am trying to identify if the problem is coming out of my computers, or if it is coming out of direcway's networks. Does any of this make sense at all?

Thanks.

[Wazoo]

Okay, let's see if I can clarify my original post a little.  First, as you can tell, I am not an expert at this, so some of what I wrote is what other people have told me.

I read the FAQ's, and I have read the report on my IPA.  I check spamcop.net almost on a daily basis because of the problems of being listed.  I can't figure out why I am being listed. 

I will try to go in order of the replies below.  I was told that 66.82.48.1 is my computer's IPA.  I use direcway as my internet provider.

OK, let's start by that the IPA you list isn't really "your" IPA ...

Parsing input: dothenoodle[at]direcpc.com

66.82.4.71 is an mx ( 10 ) for direcpc.com

host 66.82.4.71 = mx1.direcpc.com (cached)

Think of mx = mail exchange

My email provider is equitek.  The owner is also my Mac consultant.  I didn't think the email provicder name was that important.

As above, you said you got connectivity via direcway, but said e-mail was handled elsewhere. But as the IPA you mentioned is an MX, that means that Direcway is in fact handling your e-mail. It appears that the other respondents made this assumption, but I only went with what you wrote. I would have caught on had you said that you had an e-mail account on this other system, which is a lot different then being your (only) e-mail provider.

Anyway, the email provider told me that he uses the blacklist to block spam, and because my IPA was listed, my mail would not relay (I think that is the correct term) through his servers.

Yes, from your previous and this additional data, when you send an e-mail, it's going through Direcway's servers, then out to equitec. And this is where equitec has the SpamCopBL in use, checking incoming e-mail ... and yep, direcway's MX is on the crap list. The immediate way around this is for you to learn how to TELNET over to equitec directly, but I'm guessing that one s going to go right by you. The other alternative would be .. does equitec have a web-based entry into "your" e-mail account there? This way, your outgoing e-mail would be entered and leaving from their servers, thus bypassing the direcway issue. (and yes, I know too well what a pain in the behind that mode would entail)

The internet connection actually runs into my PC, which is connected to the router that is connected to my Mac.  Direcway does not support Mac, so I have to run the connection through the PC, not into the router.  And you guys wonder why I am confused!!!!

The phrase "we do not suport ..." usually means "don't call us if you have a problem" .. in this case, suggesting that they don't have any one hired in the tech support office that's ever played with a Mac. Though, I will say that I'm not 100% sure just how you're wired up to the sat-modem box. (My feelings won't be hurt if someone points out that it's a Windows-only software/hardware thing.) So, though plug-and-play of a mixed PC / Mac network can sometimes take a bit of tap-dancing, the old Ethernet is Ethernet maxim does apply. But, that's not the issue at this point <g>

I was told that some viruses or spyware could make it so some one could use my computer to send spam.  I installed these programs to make sure the PC was clean.  Same reason for having the firewall up.

You did good! Would further suggest SpyBot - Search & Destroy .. similar to AdAware, but they catch different things. (Note that both tools need to have their databases updated everytime you run them. Like an anti-virus tool, the database only holds the stuff known at the time it was created, and the lowlife's of the world keep right on working their magic on a daily basis ..)

I have sent emails to direcway asking for information on this, since they may or may not be part of the problem, but all I ever get is an auto reply with no information whatsoever.

Situation normal .. just need to find out how to escalate the issue to an office that will actually do something about it .... have a phone number to try to actually talk / holler at someone?

I know that the spam trap thing is a huge problem.  I am trying to identify if the problem is coming out of my computers, or if it is coming out of direcway's networks. 

It is definitely a direcway problem (which makes it your problem also) ... JeffG posted stuff that I looked at, but there was a spam issue back in Novemeber. Current listings show the spamtrap issue. Back to the original data, the IPA in question is NOT "your" computer, it's the "computer" your outgoing e-mail is using to get out to the rest of the world.

[dothenoodle]

Wow!!! Thank you so much for the information!!! It is a big relief to know the problem is with Direcway, and not my personal computer. Now I can start hounding them! I am going directly through equitek's servers for my email, but it is a pain (as you probably know). My biggest frustration was the thought that this might be completely my fault and I didn't know it.

I will look for the spy-bot software and get it. Anything to help get rid of spam!

Thanks again!

The Noodle

[Ellen]

Okay, this is a little long.  I have  an IP address listed in spamcop.net (66.82.48.1).  I use direcway as my ISP, but a different company for my email provider.  My email provider uses the spamcop list, so I am unable to send any emails right now because I am on the list.  I am trying to find out if the problem is on my end or if it is direcway''s problem.

I have a PC and a Mac connected by a router.  The internet connection goes through the PC to the router to the Mac.  I have installed Ad Aware and a virus program on the PC.  I also have installed a firewall on the PC.  I am not sure what else I can do to make sure that some one isn't using my PC or Mac to send spam.  Any ideas?

Thanks!

OK if we are talking about the IP: 66.82.48.1 which has rDNS: dpc6682048001.direcpc.com and looks to me like an end-user IP, there are a bunch of spamtrap reports for that IP. It looks like direct to mx spam transmission. It appears that 66.82.48.1 may not be up right now.

If you have a dynamic IP then someone else may have had this IP during the spam transmission; if it is a static IP then you may have a trojan/worm problem. If you do have a dynamic IP then I would bounce the router or disconnect and reconnect or power off and on to get a new IP and see what happens when you try to send mail.

[bobsun]

Hi,

I have the same problem with 66.82.48.1 - my direcway mail. It's been bl on and off for several weeks. Sometimes 12 hours, sometimes 48. I've made the sense that I could out of the faq and reading this board. Direcway support is useless. E-mails to them are unreturned and phone calls end up in India.

Unfortunately my dial up connection before dway was about 20k, if I could connect at all. No cable or dsl available.

Should I be looking for an alternative? Maybe set my system up as a mail server?

My other question is - why aren't thousands of other dway customers having this problem? It seems if they were then dway would be doing something about it. Unless of course they can't get any info out of India either.

I use my own domain for incoming and outgoing server in my e-mail account in Outlook Express. Is there a way to eliminate dway in the route?

Bob

[Jeff G.]

Perhaps you could discuss this with the direcway Accounts Receivable people who keep asking for your money every month. Surely they have an interest in keeping your business.