Jump to content

Blocked mail


j9s1131

Recommended Posts

Can someone please help me with this problem. I have been told by my ISP that there is one nutcase subscriber who is virus-laden and a spammer. A friend uses Spamcop and Spamcop is blocking ALL mail from my ISP. I can't send mail to her and have it RECEIVED by her. My ISP is no help. HELP!!!!!!!!!!!!!!! j9s1131[at]iland.net

Link to comment
Share on other sites

SpamCop shows no SCBL listings and one report for 205.242.230.1 and no reports for 205.242.230.2 (your ISP's incoming mailservers):

Submitted: Friday, March 04, 2005 1:05:52 PM -0500:

Banned file: your_bill.pif in mail from you

1373749677 ( 205.242.230.1 ) To: spamcop[at]imaphost.com

1373749676 ( 205.242.230.1 ) To: abuse[at]sprint.net

OTOH, the following iland.net mailservers do appear to be listed by the SCBL for sending bounces to SpamCop spamtraps and only to SpamCop spamtraps:

205.242.230.200 hewey.iland.net

205.242.230.201 dewey.iland.net

205.242.230.202 lewey.iland.net

205.242.230.203 chewey.iland.net

205.242.230.204 phewey.iland.net

Please have your ISP's support people read Why autoresponders are bad (Misdirected bounces), and vote with your feet if they can't and/or won't. Thanks!

Link to comment
Share on other sites

Thanks, Jeff G. We're in the sticks but there is one local ISP that I can switch to, if necessary. I have let my ISP know that I need some help with this(or else). Jerry

25335[/snapback]

Another thing to remember is that you don't have to use your ISP for mail. I supposedly have a mail account with my broadband provider, but have never used it. I use other mail providers for my mail instead.

I just wanted to bring this up because I see people saying that they live out of the way, there's only one provider to connect to the internet, what are they supposed to do? So just wanted to put it in as a reminder. :)

-JEV

Link to comment
Share on other sites

A friend uses Spamcop and Spamcop is blocking ALL mail from my ISP. I can't send mail to her and have it RECEIVED by her.

25328[/snapback]

How, exactly, is she a SpamCop user? if she's a paying filtered email subscriber tehn whilelisting you on her personal whitelist is a no-brainer. If you mean that her ISP uses SpamCop then she should investigate whether or not she has a personal whitelist facility with them. Won't hurt to nag your own ISP about backscatter at the same time!

Link to comment
Share on other sites

You might find this answer of John's to be helpful (someone in the newsgroup did) to understand and be able to explain to your ISP why backscatter is not good.

I have added the Q's and A's

Misdirected Bounces/Backscatter Q&A

Q: We do require from our email server to auto-reply to undeliverable emails due to the business requiremnents. Our clients and partners do require notification should email not reach the intended recipient.

A: The SMTP protocol does not guarantee notifications will be made of delivery success or failure. If you mail server does not respond or issues an SMTP reject for undeliverable e-mail, then if the sender's mail server is set up correctly they will get notified by their mail server that it could not deliver the message.

Your auto-replies to spam or viruses are effectively a denial of service attack on the owners of domains that the spammers are forging.

Q: My company can loose money, if our email servers aren't doing this. This is RFC822 compliant and SpamCop should not arbitrary change the RFC.

A: The RFCs may permit such bouncing, but that method is no longer acceptable to much of the internet. Even the very conservative spamhaus.org is now starting to list mail servers that are so abusive when they do not stop it after receiving complaints.

And the spamhaus.org service is far more widely used than spamcop.net.

I know of at least two large U.S. ISPs that will quicly put a local block on your IP address if any of their users complain about backscatter from it. It seems to take a lot more hoops to get off of those ISP's local blocking lists than spamcop.net and it seems that it is extremely easy to get on them, and no way to tell until your e-mail is rejected that you are even on their local list.

The RFCs are guidelines. The bounce part of the protocol was when most e-mail when through one or more unknown third-party relays before it reached the destination mail server. The end system would issue a reject, and the intermediate relays systems would generate the bounce message.

As the internet facing mail server of a company is the destination, and not an independent third party relay, it should be able to check if the e-mail is deliverable or not before accepting it, and issue the SMTP rejection.

Even independent third party relays are now probing the destination server for delivery before they accept a mail for relay, and will reject it if they can not get an assurance that the destination will accept the mail.

Q: The worst is that in the US anyone is considered innocent until proven guilty. The exception is SpamCop where they pronounce you guilty and then you have jump through loops to prove that your are not guilty.

A: While your operation may pay a fixed rate for your e-mail systems, for large operations, they have to pay a metered rate.

Accepting your backscatter to forged addresses greatly increase the costs of operating a mail server that is on a metered rate connection. The faster that a source of spam, virus or backscatter can be identified, the less money is needlessly spent on bandwidth. Why should my mail server operators pay two to three times as much per month so that your mail server can auto reply to forged addresses instead of using SMTP rejections?

Q: [There is] Marginal effect at best to the spam emails. SpamCop's action does hurt legitimate businesses and does nothing to the spammers.

Spamcop.net makes them switch more often, and network operators with a clue use the spamcop.net reports to quickly remove zombies from their networks because they know that every second that the zombie is on their network it is needlessly costing them operating cash.

There are people and companies that have lost the use of their e-mail addresses because of the volume of abusive bounces was so high that either their individual mail quota was used up, or either their bandwidth or mail server was not up to the capacity.

It is particularly a problem for some domains that people think do not exist, so use them for posting to avoid spam themselves.

The best known example of that is TEST.COM, they made the national news about the bounces from abusive mails servers effectively wiped out their mail server.

HERE.COM does not seem to have an I.P. address allocated assigned to it at the moment, but google shows over 100,000 hits on the e-mail address you used for posting, which means that if the owner of that domain actually were to try to use it for e-mail, the backscatter from the viruses and spam would likely overload their connection or server.

Is that fair to the legitimate owner of a domain? A domain that otherwise would have great marketing value?

Q: Just for your knowledge most, if not all cable service provider issues DHCP IPs for their subscribers. Should I shut down my cable modem, then the next time I'll have a different IP address. That IP might already be on the SpamCop BL despite the fact, that I have nothing to do with the previous history of the IP address currently assigned to me.

A: If your brand new DHCP address was already listed with spamcop.net, or any DHCP addresses on your subnet are listed with spamcop.net, it likely means that there is a computer on your cable modem leg that is compromised and controlled by a zombie.

Since the spammmers will be periodically pushing as much spam through it as your ISP's network capacity can handle, the compromised computer is likely causing noticable slowdowns if not complete outages for you and your neighbors.

I did an experiment last year on a forum where people were complaining about outages and severe slow downs on their cable modems. In every case a search using google revealed the IP address of one or more compromized system in their area, and since the people that post such evidence publically also ususally send notifications to the abuse or postmaster addresses, the ISP should have been aware of what it took to fix the problem for days before they started issuing refunds or credits to the affected users.

The problem was is that the ISP was giving the owners of the infected machines 5 business days to fix their machine before cutting them off, without realizing all the damage and costs those infected machines were causing them.

Almost all mail server operators now use blocking lists that list DHCP addresses. A spamcop.net listing of a DHCP address would probably not be noticed as the DHCP blocking lists are in far more common use than spamcop.net.

Q: If spam fighting is a war, then we are loosing judging by the percentage of spam increase on my spam filtering server at work since last year.

A: It is only the people whose mail server operators do not know how to keep spam out that are losing the battle.

-Jonn

wb8tyw[at]qsl.network

Personal Opinion Only

Link to comment
Share on other sites

You might find this answer of John's to be helpful (someone in the newsgroup did) to understand and be able to explain to your ISP why backscatter is not good.

<snip>

25374[/snapback]

...Thanks, Miss Betsy (and also to John -- does he lurk here or is one of the NNTP-only types?).
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...