My email provider blacklisted - others?

[carlscheider]

Hi. I am not new to this, but I don't quite understand what is going on that is blocking my emails going out.

About a year ago, I signed up with 1and1 for email and site hosting, for myself and a non profit that I am associated with.

We are using outlook and standard POP accounts for access.

As of last week, both accounts are suddenly blacklisted by a wide variety of domains. AOL / Netscape was one of the first, but it spread. And sometimes it is turned off, and then back on.

The provider says that they are sorry about it, and they are working on it. I assume some customer is generating spam through this provider.

It was news to me that my emails go out through the provider's relay with their IP. I get to the web via QWEST, and then 1and1 does the relay of the emails. Their relay IP is the one that gets blocked. My IP never goes anywhere -- I am behind QWest's firewall.

I have some consolation in that ALL of their customers are blocked, but it is very annoying, to say the least.

I am trying to give the non profit some other options, to avoid this kind of problem in the future. Any suggestions?

I thought of signing up with AOL to provide the email service. They don't do POP but they support IMAIL. And we would lose our unique domain name -- but I think it unlikely anyone is going to block an AOL address.

Any other good ideas? Anything out there that is impervious to this problem?

Thanks. Appreciate your reading this far!

Carl

[Merlyn]

but I think it unlikely anyone is going to block an AOL address. 

Carl

23376[/snapback]

AOL gets listed if spam is reported from one of their IP's. You should change your thinking a little. Every IP gets blocked that has spam reported from it. It does not matter who is hosting it.

You might be better off getting a static IP that is not on any blocklists and host your own server on it. Make sure you use confirmed opt-in otherwise you will have problems.

[Wazoo]

You offered no details.

http://www.mxtoolbox.com/index.aspx says;

ns27.1and1.com reports the following MX records:

Preference Host Name IP Address TTL

10 mxi00.1und1.com 212.227.126.151 86400

10 mxi01.1und1.com 212.227.126.152 86400

Whereas SenderBase is only showing;

Addresses in 1and1.com used to send email

Showing 1 - 1 out of 1

address hostname DNS Verified Daily Mag Monthly Mag

212.227.126.170 pmt.1and1.com Y 4.5 4.4

http://openrbl.org/ip/212/227/126/170.htm

Lookup 212.227.126.170 (pmt.1and1.com) in 20+9 Zones

AS: 212.227.0.0/16 AS5430 Mobilcom Cityline GmbH Dusseldorf

Net 212/8 RIPE-NCC-212 Amsterdam

Results: Positive=1, Negative=27, Timeouts=1 (2005-01-20 23:31:42 UTC)

FIVETEN/kundenserver.de.misc: UNKNOWN TXT (permfail,nodata)

neither 212.227.126.151 or 212.227.126.152 appear to be anything really nasty ... however chasing them down led to yetanother e-mail server at 212.227.142.1 .. hmmmm ... the first two IP's were showing downward trends in the flow of e-mail .. maybe it's all headed through this IP now?

Report on IP address: 212.227.142.1

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.2 .. 1834%

Last 30 days .. 3.8 ... 691%

Average ........ 2.9

or at least that's one possible explanation ..???

However, just doing some quick checks, I can't come up with your "currently" and "repeatedly" blocked IP address.

It was news to me that my emails go out through the provider's relay with their IP. I get to the web via QWEST, and then 1and1 does the relay of the emails. Their relay IP is the one that gets blocked. My IP never goes anywhere -- I am behind QWest's firewall

Extraneous facts, path described, yet qualified by "I'm surprised" ... what e-mail server would you expect to be involved in actually sending your e-mail if not tha folks you "bought your e-mail service" from?

but I think it unlikely anyone is going to block an AOL address

Apparently you'd be surprised then to find out that lot's of folks do <g>

don't quite understand what is going on that is blocking my emails going out

I'm guessing that this isn't 100% accurate ..??? The usual e-mail symptom of a problem like this is that when sending e-mail to an ISP that uses some sort of BL, then your e-mail may be rejected as it's coming from an IP on that BL. Again, this is not "preventing you from sending" .. only preventing "someone else receiving" that piece of e-mail. Typically you'd have a bounce/rejection notice (though thanks to spammer activity, folks are turning off this once desireable function) .. If you have one of these, the specific data needed to do any research on your behalf may be in that notice.

[DavidT]

Carl,

First, going with AOL would be a bad idea....trust all of us on that.

We need just a little more info in order to help evaluate your situation. For example, it would be good if you could identify the domain name of the nonprofit that you're hosting at "1and1" (we're assuming "1and1.com," yes?).

It would also be helpful if you could clarify some things about the way the mail is being sent. For example, if you're sending using your Qwest connection and a standard POP account, then your messages shouldn't be going "out through the provider's relay with their IP" -- they should be handled entirely by Qwest. With normal domain hosting, the only email that usually is handled by the web server is mail sent either from their webmail interface, or messages rebroadcast from mailing lists hosted on the web server. In those cases, the providers often have all the hosting accounts on a given box (and there are often hundreds on one box) share a single outbound IP address.

A solution would be to move the domain to a provider that doesn't do that. I know that Spry.com doesn't, for example, and I'm in the process of moving all my accounts there, and I'm also affiliated with some nonprofits who are also moving there for the same reason. Their current provider's machines keep winding up on AOL's blocking list.

DT

[nathangg]

The 1and1 server that I see being blocked is:

mout.perfora.net (217.160.230.41).

I am a 1and1 user and I am having the same problems as Carl.

Here's what's happening with me:

I set up an alias with 1and1 that points to my real account. When someone sends mail to the alias, 1and1 (mout.perfora.net) forwards the email on to my POP account. BUT, my POP account is sitting on a server that uses spamcop, so, the email is sent BACK to the sender because mout.perfora.net is black-listed.

(I'm not familiar with all the spamcop lingo... sorry if I messed up).

Anyhow, this is frustrating because...

1. I am not spamming anyone

2. The actions of other people are affecting me

3. I've emailed 1and1 about this and asked them to fix the problem... it seems that they tried fixing it once, but mout.perfora.net showed up again on spamcop's list.

4. I just want to receive email and I can't right now

--

Nathan

PS So, I'm using 1and1.com as an alias right? And mout.perfora.net is putting it's IP address on mail going through my alias right? Would it be possible for the 1and1 people to configure it so mout.perfora.net does NOT put the it's IP address on mail going through my alias?

B/c then the mail would have the originator's ip address, instead of mout.perfora.net, and therefore it might not be blocked by spamcop?

[Wazoo]

http://www.spamcop.net/w3m?action=checkblo...=217.160.230.41

217.160.230.41 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 16 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Additional potential problems

(these factors do not directly result in spamcop listing)

System administrator has already delisted this system once

Because of the above problems, express-delisting is not available

http://openrbl.org/ip/217/160/230/41.htm

Lookup 217.160.230.41 (mout.perfora.net) in 20+9 Zones

AS: 217.160.0.0/16 AS8560 Schlund + Partner AG Karlsruhe/Baden-Wurttemberg

Net 217/8 217-RIPE Amsterdam

Results: Positive=3, Negative=25, Timeouts=1 (2005-01-22 23:18:28 UTC)

AUDNSBL/dnsbl.net.au: 553 AUDNSBL Multiple spam Traps Block List [Remove]

PSBL/surriel.com: 553 PSBL spam received [Remove]

SPAMCOP/bl.spamcop.net: Blocked - see http://www.spamcop.net/bl.shtml?217.160.230.41

Just a quick check, but as you can see, SpamCop isn't the only place receiving unwanted e-mail from this IP. Also noted is the attempt at removing the SpamCop BL listing, but not fixing the problem. At best, talk to your 'local' e-mail host and see if there's a whitelisting capability.

Due to the specific data offered in this last post, discussion is now being moved back into the Blocking List Forum. Thank you nathangg for providing sufficient data to work with.

[DavidT]

Nathan,

I did a lookup on the reports complaining about 217.160.230.41, and there's a lot of bad spam. Given that, you should end whatever relationship you have with the complany...is it "Schlund.de"?...and find a reputable provider that isn't relaying so much spam.

In anser to your question, the system that's doing the blocking probably won't accept any connections from 217.160.230.41 because of it's bad reputation (specifically because it's listed in the SpamCop BL). Until the spamming stops long enough to remove the blacklisting, you're not going to be able to have mail forwarded successfully through that IP, unless the servers on the receiving end can be configured to simply "tag" the messages and allow them through, rather than blocking them. That's something that you'll need to discuss with the people responsible for the receiving domain.

DT

[Miss Betsy]

2. The actions of other people are affecting me

That's where consumer savvy comes in. If the product you are using doesn't give you the results you want, then you get another product.

The problem lies in technical competence. spam is a problem for the internet and if blocklists were not used, it would impact you, as an end user, much more forcibly. All competent ISPs know how to avoid blocklists. Mistakes happen but when they do, the listing is very short in duration - no more problem than a backhoe or thunderstorm. Either the admin of a server that is listed is incompetent or prefers the money that is received by not taking proper measures against spammers. If it is a recurring problem, it will not be long before other blocklists will be listing them.

Miss Betsy

[nathangg]

Thanks everyone

Here is the latest email from 1and1:

---------

Dear Nathan Given,

Thank you for contacting 1&1

Currently, we are being blocked by spamcop. We sincerely apologize for the inconvenience this has caused you. But no need to worry. We are already working on it.

If you have any further questions do not hesitate to contact us.

--

Sincerely,

Vanessa Noblejas

Technical Support

1&1 Internet Inc

------------

Anyhow... maybe I'll consider changing companies... anyone have any suggestions? (I currently have one domain that I use, and I also have 500 mb disk space, 25 GB bandwidth, and shell access... I'd like something with the similar/same specs).

Thanks in advance!

--

Nathan

[DavidT]

The 1and1 server that I see being blocked is:

mout.perfora.net (217.160.230.41).

And as of Monday night, that server was still spewing spam, with subjects like this:

Your eBay Account May Be Suspended

That's probably a phishing attempt to steal someone's information....bad stuff. As for finding a new host, here's a good resource/community:

http://www.webhostingtalk.com

DT