Jump to content

direcway and spamcop


bill j

Recommended Posts

I use Direcway and my ISP and webmail.us as and MSN.com as email providers. I run a nice consultant business mostly from my remote mountain home with drive and fly trips as necessary. Recently one of my clients installed SpamCop on their server and I began to get rejected as a spammer. When I call and have my client sys admin trace the rejection headers it always points to a Direcway IP. I send an email to direcway and the problem clears up for 12 to 24 hours and re-occures. I sent and called in several messages to Direcway about this with nothing but very shot canned responses. I don't know who to talk to at SpamCop so I registered and am posting to this forum.

Please help. This is very important to me. At this time DW is the only ISP I can use. If all my clients were to install SpamCop it would destroy my business and way of life.

I'm am highly skilled user of computer applications such as Word, Excel, MS Project, Power Point etc but I am not an expert on routing protocal and telecommuications. I am willing to become one If I have to but prefer a simple soulution if possible.

Is there any way to fix this problem permanantly.

Is there a way my clients can ID on the "white list" by email and not the DW IP address?

Link to comment
Share on other sites

We will try to help you, but we need more information. Could you post the IPs in question? They will usually be mentioned in the rejection messages that you get.

I don't know who to talk to at SpamCop so I registered and am posting to this forum.
That is the right place. Many experienced users are here to help.

Is there a way my clients can ID on the "white list" by email and not the DW IP address?
That will depend on their email system. Many email systems allow the user to whitelist by email address, which should override any blacklist. Other systems reject any blacklisted IPs outright without looking at anything else.
Link to comment
Share on other sites

Is there a way my clients can ID on the "white list" by email and not the DW IP address?

You do not provide the IP address of the system(s) being listed so all that can be provided are general guidelines. If properly implemented, the reject message you received should have included the IP address causing the problem.

Most RBL setups have some way to provide a whitelist capability. The feasibility of it being used increases if they are running the server themselves. Usually, the IP wil be listed but the whitelisted email address (or domain) will override the block.

Link to comment
Share on other sites

I thought that if one used MSN, even if your ISP was listed, that the email would go through.
Maybe Bill does not use the MSN or webmail.us servers for SMTP, although he could. Maybe he cannot use them because his ISP blocks port 25 and 587 to anything but their own SMTP server. Maybe the blocklisted IP is assigned to his own machine. We don't know without the IP.
Link to comment
Share on other sites

Wow thanks for the quick responses. I will attempt to provide more info.

It seems the blocking is occuring on any of the range of dynamic IPAs that DW is using. When I get a block, I call the Sys Admin and he emails me the IPA that is blocked. The latest one was 64.157.32.1. I send this info to abuse[at]direcway.com and it is usually unblocked within 0-2 hours but the next day, I am blocked again. I assume that DW is using the unblock process. I do not want to get involved with unblocking it my self because there is no way I can personally vouch for a DW IPA-- there could in fact be a spammer on it.

I have given all this info to DW and suggested that they open a dialog with SpamCop but I don't know if they have.

Webmail.us completed their own trace on two of my blocked emails and determed that it was a DW problem.

I don't usually use MSN for my professional email but will try to see it it makes it through.

I will call the sys admin at the blocking org and ask about getting on a white list.

It has been suggested to me that my computer could have been hijacke by a spammer. Any thing is possible but I run Symantechanti virus, McCaffy firewall, Lava soft Spyware, Spybot firwall and spyware checker, and a couple of others. I update these daily and run the several times per day. I use strong passwords on everything, change them often and employ a firewall checker once a week. The fire wall checker I use has never even penetrated the DW firwall.

Some of my government clients demand to inspect my laptop periodically using their own software to ensure I am not comprimizing their systems. So far, non of my government clients that have granted be access to their systems have detected any problems.

Any more suggestions would be appriciated. Thanks to all.

Link to comment
Share on other sites

Any thing is possible but I run Symantechanti virus, McCaffy firewall, Lava soft Spyware, Spybot firwall and spyware checker,

Yeah, I know, this might just tick you off .... however, if the stuff you are using is actually identified and called what you just listed, you do have some severe problems. You have listed incorrectly spelled company names, misidentified some of these applications ... a similar specific issue was someone installing some software found on the www.spamcop.COM site, but then coming to the www.spamcop.NET forum to raise the complaints that this software didn't work ....

employ a firewall checker once a week.  The fire wall checker I use has never even penetrated the DW firwall.

Neither tool mentioned above or by name ...????

Any more suggestions would be appriciated.  Thanks to all.

Have you looked at any/all of the previous discussions about Direcway issues yet?

Link to comment
Share on other sites

Yeah, I know, this might just tick you off .... however, if the stuff you are using is actually identified and called what you just listed, you do have some severe problems.  You have listed incorrectly spelled company names, misidentified some of these applications ... a similar specific issue was someone installing some software found on the www.spamcop.COM site, but then coming to the www.spamcop.NET forum to raise the complaints that this software didn't work ....

Neither tool mentioned above or by name ...????

Have you looked at any/all of the previous discussions about Direcway issues yet?

24571[/snapback]

OK, Guilty as charged regarding misspellings. When I type fast without the use of a spellchecker I do spew a lot of mistakes. Sorry.

I did a search on Direcway before I made my first post and found one post that was a year old. Maybe I misspelled that also, I'll try again. I'm not sure what you mean about misidentifying applications. Was it the Spybot firewall that you’re speaking of. All I know is that it warns me when an outside source tries to update something on my computer.

The firewall checker I use is Hackerwatch.org linked to by the McAfee firewall I use. If you would like to recommend a better one I will be glad to try it.

This is the message I get when use it: The IP address requesting this page is different from the IP address of your computer. This indicates that your computer is behind a proxy or NAT. These devices allow you to access the Internet by relaying traffic, typically from multiple computers, through a single IP address.

We are unable to directly probe your computer, you should take comfort from this. You have that much more protection between your computer and the Internet.

Anyway the only reason I brought this up to to idicate that I work hard to stay secure. Constructive criticism accepted.

Link to comment
Share on other sites

Any thing is possible but I run Symantechanti virus, McCaffy firewall, Lava soft Spyware, Spybot firwall and spyware checker,  and a couple of others.

24570[/snapback]

Let me guess. You run Symantec AntiVirus, McAfee Personal Firewall Plus, Lavasoft Ad-Aware, and Spybot - Search & Destroy. Is that correct?

Was it the Spybot firewall that you’re speaking of. All I know is that it warns me when an outside source tries to update something on my computer.
Do you mean the resident "SDHelper" and "TeaTimer" modules? Those are not firewalls.
Link to comment
Share on other sites

OK, I did anther search using of Direcway and found 11 posts. Not a lot new expect a frustrated user making idle threats and getting flamed by the administrator. I have no interest in going there. I also re-read the pinned post by Betsey. I also rechecked the latest reported IPA of 64.157.32.1. and found it was now not listed as a blocked IPA. So there's no point if checking if my MSN email can get through. But I will if/when I'm blocked again. Since I was unblocked, I emailed my client and asked if I could be put on a "White list" as suggested.

Let me try to restate my cry for help. Remember, I am a user that makes a large part of my living using email. I am assuming that both Direcway and SpamCop are legitimate companies, trying to make a living by providing a service. As a busy user, who hates spam as much as the next guy, I applaud any effort to get rid of it. But I have no other choice for an ISP at the present time besides DW and SpamCop is the only entinty out there blocking me. Thanks for the help I've gotten so far, sorry for the spelling, I am open to other suggestions.

Link to comment
Share on other sites

For purposes of this post, I will give you the benefit of the doubt and assume that it is not your computer that is spewing out the spam.

The IP address you gave us, 64.157.32.1, is known as a spam source. It is currently not listed here, but it has been listed here before because it has been reported as a source of spam many times in the past. It is currently listed in other spam blocklists, so your problems are not limited to SpamCop.

If your system is not sending the spam, it is likely that the same IP address was previously assigned to a compromised machine and then reassigned to your computer by your ISP. I recommend that when you grab a new IP address, check if it is listed in a lot of blocklists. If yes, return the IP address and grab another one. This is usually done by disconnecting and reconnecting your modem or router. Repeat this process until you get one that is clean, then hold on to the clean one for as long as you can.

If your ISP hands you a lot of dirty IP addresses, I would normally recommend that you switch to a less spammy ISP. This might not be possible for you, as I understand that you are sitting alone on a mountain peak where only this ISP is available.

That's just my USD 0.02. I am sure other people will come along with better ideas.

Link to comment
Share on other sites

Most of the examples I saw on nanas did not come from the Direcway IP address you gave, but were about home mortgages. and there were more than 11. I looked up the IP address on arin and it didn't say it was from Direcway, but from Hughes DirecPC in Germantown, MD. I am not technically fluent so perhaps that is a Direcway company. Perhaps it wasn't spamcop blocklist, but another one. Occasionally the returning ISP uses the spamcop template for other blocklists.

There are hundreds of blocklists out there, not just spamcop. The other blocklists are not as easy to get off as spamcop which is automatic, the listing expires when the spam does.

The reason that so many ISPs use blocklists is because they are effective in preventing spam to their customers without losing any email. With a content filter, you would never have known that your client did not get your email.

If users such as you complain to their ISPs about getting blocked, perhaps more of them will be more careful about allowing spam. The only place spam can be stopped is at the *sending* end.

I am sorry that your living depends on Direcway when it seems as though it is a very unreliable company even if legitimate. Hopefully you can use MSN to email even if the IP address you are using gets blocked again.

Miss Betsy

Link to comment
Share on other sites

Thanks all, I'm reading every word. I think Hughes Direcpc is the same company as Direcway. I have left a voice mail with them to discuss this. Let's see if they call me back. Yes I would consider changing ISP if I could. There is one alternate but it is cell phone based but it is slow and some of my neighbors are having similar problems. Thanks for the tip from swingspacers. I suppose I would need to run one of the "what's my IP" web sites to find out what my dynamic IP is and then check it out. And yes, swingspacer, you deciphered my half spelled words correctly. Direcway offers a "business class" service that gives you a stable IP but it costs $100 per month versus the $59 I'm paying now. Might consider it though.

Early in this post, miss Betsey replied: Maybe Bill does not use the MSN or webmail.us servers for SMTP, although he could. Maybe he cannot use them because his ISP blocks port 25 and 587 to anything but their own SMTP server. Maybe the blocklisted IP is assigned to his own machine. We don't know without the IP.

I don't if DW blocks these ISP ports but the only way anything gets out of my computer is through my DW modem and through the Satellite link to the DW ground station in Virginia.

I know there are a lot of spam lists out there. I worked for a company 5 years ago that let their server become an open relay. They finally had to change domains and start over to continue to do business. But since I've been using DW, the only blocked or undelivered emails I have any knowledge of are those by spamcomp.

And Wazoo, I don't tick off easily so tell me like you see it.

Thanks again for the help and I will remain an active reader of this

site.

Link to comment
Share on other sites

I suppose I would need to run one of the "what's my IP" web sites to find out what my dynamic IP is and then check it out.
You could do that, but most routers can show you directly which IP address is currently assigned to you. I don't know what technology DW uses, so I cannot tell you where to find it, but it is often called your WAN IP address. You can then use the tools listed in Merlyn's post here to find out which blocklists contain your IP addy.

And yes, swingspacer, you deciphered my half spelled words correctly.
Good. There are many malwares out there that use names surprisingly similar to these security tools. As Wazoo pointed out, even the SpamCop name is used by a couple of cheap imitations.

Direcway offers a "business class" service that gives you a stable IP but it costs $100 per month versus the $59 I'm paying now.  Might consider it though.
That might be the way to go if many of their dynamic IPs are used by spammers and frequently get blocklisted. If you get a static IP and that number gets blocklisted, you will know for sure that your own machine is doing the spamming.

Early in this post, miss Betsey replied: Maybe Bill does not use the MSN or webmail.us servers for SMTP, although he could. Maybe he cannot use them because his ISP blocks port 25 and 587 to anything but their own SMTP server. Maybe the blocklisted IP is assigned to his own machine. We don't know without the IP.

I don't if DW blocks these ISP ports...

That is easy to find out. Check the SMTP setting in your email program. If it is set to connect to smtp.emailsrvr.com (the SMTP server for webmail.us), then you know that DW does not block ports 25 and 587. In any case, this would matter only if DW's mail servers were blocklisted. Since it seems to be your own IP, this whole line of thought is irrelevant.
Link to comment
Share on other sites

Check the SMTP setting in your email program. If it is set to connect to smtp.emailsrvr.com (the SMTP server for webmail.us), then you know that DW does not block ports 25 and 587. In any case, this would matter only if DW's mail servers were blocklisted. Since it seems to be your own IP, this whole line of thought is irrelevant.

My outlook ccount is set to secure.emailsrvr.com but with no SMPT. To make DW work, I have to check "use Poxy server" on IE browser un Tools/internet options/connections/LAN settings/ and uncheck this when I carry the laptop to another network and plug in.

my gov clients require me to ues only secure connections

I am sorry that your living depends on Direcway when it seems as though it is a very unreliable company even if legitimate

Thanks for your concern but sympathy is not required, this life has it's own compensations. I just wish I could spend less time wrestling with email. Question, do you and others on this site really believe DW is an unreliable company? I have had my problems: one bad transmitter, unsuccessful software updates that caused me to have to bundle up everything but the antenna and find a neighbor with a phone line, and English as a second language help staff. I am a Space systems consultant by trade and the fact that I can communicate directly with a geo sync satellite at 22K miles from earth with a fractional watt transmitter, still seems like a dream to me. There is a rocket launch scheduled for Mar 5 which will put BGAN (Broadband Global Area Network) satellite in place. If successful, this will allow links to 500 Meg with a portable modem and antenna the size of a small laptop.

Link to comment
Share on other sites

New round of problems

After 36 hours of good connectivity to fremont county (my spamcop using client), I began getting rejection notices. I found my IPA which was 66.82.9.63 and looked it up on the block list and it was not blocked. I cycled power on my modems and got a new IPA of 66.82.9.28 and verified it was not on the block list. A test mail was also blocked. As suggested, I tried my msn hotmail account and the email went through. I logged in via exchange server and verified it was there. I will contact my Fremont County sys admin tomorrow and see what IPA the rejected emai came in on to see if it matched the ones i think I am on. If I am getting rejected when coming in on a IPA which is not on the blocked list, what is the most likely problem? webmail.us doesn't believe they are causing it. I sent this all off to direcway as usual....

If I could configure my Outlook to pick up my Hotmail account I would be golden, but if it can be done I can't figure it out.

Link to comment
Share on other sites

The catch is that it isn't "your IPA" that's the listed item in question. At issue is the IPA of tte e-mail server used to kick your e-mail out. A nicely configured e-mail server at the rejecting end would have listed the specific IPA that it was basing the decision on, which you would also have then found listed on the referenced BL .. be that SpamCop or another one ....

In the never-ending chase for even more money, Microsoft is putting the halt on POP access to the free HotMail accounts. I believe I have read that new accounts don't allow the option .. and was actually under the belief that my accounts (one daiting back to a month after HotMail was born) were to have had this access killed off by now. Going with the paid version of a HotMail account will allow POP access. (Recall, POP access via OE was a "feature" back around version 5 .... acess via Outlook, I'm not sure about)

Link to comment
Share on other sites

Excuse my confusion. But, are you saying the problem could lie with my webmail.us account or that I'm just not getting the correct IP address when I use whatsmyip.com? I'll be able to contact my client sys admin in the morning. The Ip he gives me when this happens is usually one that I find blocked.

PS: You must be an insomniac like me

Link to comment
Share on other sites

Excuse my confusion. But, are you saying the problem could lie with my webmail.us account or that I'm just not getting the correct IP address when I use whatsmyip.com?  I'll be able to contact my client sys admin in the morning. The Ip he gives me when this happens is usually one that I find blocked.

PS:  You must be an insomniac like me

24619[/snapback]

Unless you are running your own email server (either intentionally or as a result of a trojan) the IP you connect on will NOT be the IP your mail is sent out from. For example, I have a static IP from my ISP which resolves to leire.plus.com, however my mail is sent out via relay.plus.net, the ISP's SMTP server. Many sysadmins will not recieve ANY mail from 'dynamic space'. What is in your email client under 'outgoing/SMTP server' ? - that is the server that is being rejected, unless, as I said, you are running your own mailserver in dynamic space which would be a VERY bad idea! Dynamically-assigned IP's usually end up in the blocklists because (a) they ARE dynamically assigned (!) or (B) that IP has hosted a zombied machine.

In order to help you more 'we' really need to know which IP the mail is being sent from rather than the one you connect from. A properly-configured rejection-notice would contain that info (post it here if you get one). An address like 'relay.plus.net' would allow us to look it up and narrow the possibilities.

Link to comment
Share on other sites

What is in your email client under 'outgoing/SMTP server' ?
Bill mentioned that just a few posts earlier: secure.emailsrvr.com, an SMTP server at webmail.us that allows secure login. He also mentioned that his email service provider has already investigated and determined that they are not the problem, but that the problem lies with his ISP. Maybe his recipient checks all the Received: lines for blocklisted IPs???

In order to help you more 'we' really need to know which IP the mail is being sent from rather than the one you connect from. A properly-configured rejection-notice would contain that info (post it here if you get one).

24621[/snapback]

That's right. Bill, give us the IP mentioned in the rejection notice. It will often look something like this, where the x's are the blocked IP:

451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx:

Link to comment
Share on other sites

Bill mentioned that just a few posts earlier: secure.emailsrvr.com, an SMTP server at webmail.us that allows secure login. He also mentioned that his email service provider has already investigated and determined that they are not the problem, but that the problem lies with his ISP. Maybe his recipient checks all the Received: lines for blocklisted IPs???

That's right. Bill, give us the IP mentioned in the rejection notice. It will often look something like this, where the x's are the blocked IP:

451 Blocked - see http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx:

24624[/snapback]

OK that address in senderbase yields

Addresses in emailsrvr.com used to send email

Showing 1 - 4 out of 4

View others in emailsrvr.com or address block:

address hostname DNS

Verified Daily

Magnitude Monthly

Magnitude

69.20.112.2 omx112.emailsrvr.com Y 4.9 5.0

206.158.107.174 mx2.emailsrvr.com Y 3.6 3.7

206.158.107.173 mx2.emailsrvr.com Y 3.6 3.7

69.20.58.195 mx1.emailsrvr.com Y 3.0 3.2

Of those 4, 3 have a spamcop history (have been reported at some time).

The top one was spewing spam on 17th Feb. The abuse address is set to rackspace so the ISP may not have received reports.

No matter what they say, they have had problems in the past.

Link to comment
Share on other sites

Of those 4, 3 have a spamcop history (have been reported at some time).
Not surprising, since that is a large email service provider that handles the mail exchange for thousands of companies. Given their huge mail volume (coming from many different end user machines), you can expect a few reports.

No matter what they say, they have had problems in the past.

24626[/snapback]

They may have been reported a few times, but have they been listed? I have never seen them blocklisted anywhere.
Link to comment
Share on other sites

I'm just not getting the correct IP address when I use whatsmyip.com?

24619[/snapback]

You're just not getting your correct Internet-facing IP Address when you use whatsmyip.com (at least I'm not getting my IP Address). http://privacy.net or http://www.privacy.net is much nicer - the second line says "xxx.xxx.xxx.xxx is your IP address."
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...