dustin Posted May 24, 2005 Share Posted May 24, 2005 How can someone get in contact with a tech at SpamCop? The reason given for listing of one of our mail servers is pretty vague ("It appears this listing is caused by misdirected bounces"), so I would like to speak to someone about the listing. As an ISP, you must give your customers access to Auto-Responders, as well as sending back bounce back messages. Yes, modification to the configuration on how bounces are sent back can be done, but like I said it's a necessity that auto-responses are available to customers. How are you suppose to fix a problem without being presented with any evidence? I'm sorry, but I'm not about to reverse engineer the mail system and cross my fingers that it won't be listed again without some sort of data to help me fix this "problem." It bothers me that SpamCop does not have any ways to contact them directly listed on their site. Perhaps I'm blind and haven't found the almighty golden link, but viewing the links off of the sitemap yielded no results. Thanks. Link to comment Share on other sites More sharing options...
Wazoo Posted May 24, 2005 Share Posted May 24, 2005 The Forum FAQ offers a 'Contact' link, which in fact points back to an entry on the www.spamcop.net FAQ, found via the Help button on that page ... folks that get lost 'there' have much better luck with the single-page access point 'here' You say the 'generic' message doesn't help you, yet as a FAQ (Frequently Asked Question), this data has been incorporated into the FAQ, added to the Glossary, and much discussed within this Forum section ... All this was done to try to lessen the load on the (very) few staff members. Identifying the actual email server IP in question may have allowed some research and answers provided by other volunteers here. An MX lookup for the IP you posted from turns up an IP that is not currently listed in the SCBL. (though noting that SenderBase shows a 28% increase in daily traffic from that IP) That said, the same FAQ contains much additional data, to include yet another link to a Pinned item in this very Forum section titled "Why am I Blocked?" ... taking a look at this first may allow you to compose a better question, solve some of your immediate issues, clear up some other concepts ... or even take the time to read other Topics/Discussions that have previously taken place to see the solutions found/derived by other folks. Link to comment Share on other sites More sharing options...
dustin Posted May 24, 2005 Author Share Posted May 24, 2005 First off, thanks for the reply. Reading what the FAQ had to say did not give me a precise answer. You have to understand that as a person coming to spamcop.net to resolve an issue, I'm not exactly happy to invest hours upon hours reading about how all of the rules are setup. I don't think you would be too pleased if I created a new anti-spam system that prevented your users from e-mailing my users (assumingly), and you had to read pages upon pages of data to try and figure out what's going on, why it keeps happening, etc. without actual e-mails (the ones that triggered the alarm) to look at. You must also reaslise that I am in no way hounding spamcop. I hate spam as much as the next guy (except for the guy that's trying to make money off of spamming). I just hate having to invest a lot of time reading up on something that I have no actual proof to look at to figure out what exactly I need to do. I'm a simple man, and would rather just plug in the IP, show the reports, and fix the problem, but in this case I'm not presented with an actual report, nor did our postmaster account get any warnings. The IP address of the blacklisted mail server is 216.155.96.76. If you care to help me out with the problem, much appreciation to you. However, I know that this is not your problem, and you're obligated to quietly move along. Thank you, Dustin Link to comment Share on other sites More sharing options...
Merlyn Posted May 24, 2005 Share Posted May 24, 2005 Looking at the evidence available to paid members there are no reports, the only info available is what is posted: "It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it." It can be found here: http://mailsc.spamcop.net/fom-serve/cache/329.html Many of us are ISP's or Email Admins like yourself and as an ISP you should know that 99% of spam is sent with forged "From" or "Reply-To" addresses. When you use autoresponders or out-of-office replies etc. you are sending the email to an innocent victim. In this day and age of spam you should do as the rest of us and notify your users of the evils of autoresponding as this is also a form of spam if it is sending mail/spam to someone who did not send or request it. Link to comment Share on other sites More sharing options...
Lking Posted May 24, 2005 Share Posted May 24, 2005 ... had to read pages upon pages of data to try and figure out what's going on, why it keeps happening, etc. without actual e-mails (the ones that triggered the alarm) to look at. ... I just hate having to invest a lot of time reading up on something that I have no actual proof to look at to figure out what exactly I need to do. ... I'm not presented with an actual report, nor did our postmaster account get any warnings. The IP address of the blacklisted mail server is 216.155.96.76. 28458[/snapback] have you checked: http://www.spamcop.net/w3m?action=checkblo...p=216.155.96.76 Link to comment Share on other sites More sharing options...
Wazoo Posted May 24, 2005 Share Posted May 24, 2005 OK, had there been user complaints, reports would have gone to: Parsing input: 216.155.96.76 host 216.155.96.76 = mail3.acceleration.net (cached) Routing details for 216.155.96.76 Cached whois for 216.155.96.76 : postmaster <at> acceleration.net Using abuse net on postmaster <at> acceleration.net abuse net acceleration.net = kent <at> acceleration.net, support <at> acceleration.net, postmaster <at> acceleration.net Using best contacts kent <at> acceleration.net support <at> acceleration.net postmaster <at> acceleration.net Standardizing on an "abuse[at]" address would be nice ... As stated in the previous though, it appears that either no or not enough user complaints have appeared, thus making it look like spamtrap hits only are involved ... http://www.senderbase.org/?searchBy=ipaddr...g=216.155.96.76 shows: Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.0 .. 144% Last 30 days .. 4.0 .. 126% Average ........ 3.7 It looks like an 'old' server, but perhaps you've recently moved some more clients there (just one possible 'good' explanation for the increase in traffic shown) http://groups-beta.google.com/groups?q=216.155.96.76&hl=en doesn't show any listings, suggesting that no posts have been made to 'sightings' at this point. There once was a time when all 'evidence' was made known. However, it was seen that spammers were using that data to game the system, so these days, the data available to other then less than a half-dozen people is unfortunately very much restricted. The FAQ entries were developed to cover at least the minimum items to be looked at. Some folks complain bitterly about the lack of anything seen in their e-mail logs but somehow not notice that their firewall logs had increased exponentially from traffic that was being routed around the e-mail server. Some folks complain bitterly about having their systems set up correctly, but not noting that yeras-old exploits had been involved with the server being 'hacked' (actually guessing at password on default accounts that should have been removed or at least had the password changed from the default .. such that there was no real 'hack') Then we add in those that find the problem but are restricted by corporate policy from "fixing" the problem. The scenario you are in right now is in fact covered in Miss Betsy's "Why am I Blocked" entry ... for 'specific' data, you do need to ask for Deputy assistance, but again noting that even the data they will release is a bit restricted. If you care to help me out with the problem, much appreciation to you. However, I know that this is not your problem, and you're obligated to quietly move along. The reason for this Forum is to help folks. The reason for this Forum section is to help folks. It is true that the world would be a better place if there was no need for things like SpamCop, the SCBL, etc. but .... It's to everyone's best interest to solve your issue .... makes you happy, makes your users happy, makes 'us' happy, and the end result should be one less source for spammers to abuse and spew from .... Link to comment Share on other sites More sharing options...
Jeff G. Posted May 24, 2005 Share Posted May 24, 2005 IP Address 216.155.96.76 has two names, mail.bugsville.org (the only mailserver for bugsville.org) and mail3.acceleration.net (not a mailserver for acceleration.net). The mailserver on it thinks of itself as mail3.acceleration.net. Link to comment Share on other sites More sharing options...
Merlyn Posted May 25, 2005 Share Posted May 25, 2005 Actually I see 9 names for IP Address 216.155.96.76 Resolved mail.TATTOOALEX.COM to 216.155.96.76 Resolved mail3.acceleration.net to 216.155.96.76 Resolved mail.ARTBYDIRK.COM to mail3.acceleration.net to 216.155.96.76 Resolved mail.BUGSVILLE.COM to 216.155.96.76 Resolved mail.BUGSVILLE.org to 216.155.96.76 Resolved mail.EASTATLANTATATTOO.COM to mail3.acceleration.net. to 216.155.96.76 Resolved mail.TATTOOBYDIRK.COM to mail3.acceleration.net. to 216.155.96.76 Resolved mail.VILLIANCYCLEWORKS.COM to mail3.acceleration.net. to 216.155.96.76 Resolved mail.VILLINCYCLEWORKS.COM to 216.155.96.76 Link to comment Share on other sites More sharing options...
dustin Posted May 25, 2005 Author Share Posted May 25, 2005 Hello everyone, Thanks for the support. Regarding all of the hosts resolving to either a cname which points to mail3.acceleration.net, or the direct IP address, there are multiple domains that use 1 of 3 mail servers, in a shared hosting environment. I'm trying to get that cleaned up so it's consistent with pointing directly to an IP as RFC says it should. Also, thank you for pointing out the PTR issue Jeff G. It looks as though 216.155.96.76 (mail3.acceleration.net) is no longer listed. I am pretty sure that the listing said it would be removed in 9 days and not 9 hours, though I could be wrong(?). I did modify a lot of rules that previously rejected messages to just accepting them and then deleting them, but I doubt that cleared up the issue. Perhaps an admin saw my post and manually removed it? Again, I'd like to make sure it's resolved 100% instead of just assuming. I think the main culprit is the challenge response system we have setup to help our users. When I was reading the spamcop FAQs and such yesterday, challenge response systems were put down. They are flawed, but they do help users check to see if any mail is pending, and "work" for the most part. I can definitely see how bouncing back messages to e-mail addresses that could be spam traps could get us on the list, and I'm pretty sure this accounts for 90%+ of the bounces that our servers generate. However, as an ISP providing services to users, it's kind of hard to find a perfect balance, but I'll keep looking into options. Thank you. Link to comment Share on other sites More sharing options...
Merlyn Posted May 25, 2005 Share Posted May 25, 2005 Just an FYI: C/R systems are the worst abusers on the internet and that is probably what caused it. If the email system worked the way it was intended this would be different but spammers have ruined it for everyone. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 25, 2005 Share Posted May 25, 2005 They (C/R systems) are flawed, but they do help users check to see if any mail is pending, and "work" for the most part. 28524[/snapback] They work for the users behind them but add to the problems of people whose addresses are forged as the senders of all the spam and virus messages being sent to your domain. I personally confirm every C/R that falsely gets to me so I can send a message to that person informing them how their system is affecting me. If that action allows a virus or spam through to them, that is their problem. Link to comment Share on other sites More sharing options...
Derek T Posted May 25, 2005 Share Posted May 25, 2005 I think the main culprit is the challenge response system we have setup to help our users. When I was reading the spamcop FAQs and such yesterday, challenge response systems were put down. They are flawed, but they do help users check to see if any mail is pending, and "work" for the most part. I can definitely see how bouncing back messages to e-mail addresses that could be spam traps could get us on the list, and I'm pretty sure this accounts for 90%+ of the bounces that our servers generate. However, as an ISP providing services to users, it's kind of hard to find a perfect balance, but I'll keep looking into options. 28524[/snapback] So could sending C/R to a forged but genuine address! If someone spoofed my address into the 'from' field of a spam run and you bombarded me with challenges I would not hesitate to report them as spam, nor, I suspect, would any of 'us'. C/R 'works' for the people behind it and abuses the hell out of everyone else. It will get your servers onto lists that are a lot less forgiving and dynamic than SpamCop. Stop it! NOW! PS you definitely read 9 days wrong: maximum listing on SpamCop is 48hrs - it is very dynamic and forgiving! Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 26, 2005 Share Posted May 26, 2005 I think the main culprit is the challenge response system we have setup to help our users. When I was reading the spamcop FAQs and such yesterday, challenge response systems were put down. They are flawed, but they do help users check to see if any mail is pending, and "work" for the most part. I can definitely see how bouncing back messages to e-mail addresses that could be spam traps could get us on the list, and I'm pretty sure this accounts for 90%+ of the bounces that our servers generate. However, as an ISP providing services to users, it's kind of hard to find a perfect balance, but I'll keep looking into options. Thank you. 28524[/snapback] Good that you are looking into options! C/R is a headache for everyone! There are lots of admins here who explain to you how to use blocklists so that your customers are happy. It helps if you can explain it to them. Not all end users are absolute idiots who can't understand about blocklists. (though actually there are an enormous number of idiots out there! - 'the whole world is crazy except thee and me - sometimes I wonder about thee.') Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.