sergei_msk Posted February 12, 2020 Share Posted February 12, 2020 Hello, I am security officer at Gasprombank. Could you write me, whose mail address caused blocking the ip 195.225.38.43? Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 12, 2020 Share Posted February 12, 2020 I don't see this listed in the blocking list. 195.225.38.43 not listed in bl.spamcop.net Being a user as yourself, I also don't have access to view email addresses that may have caused any listing. From https://www.spamcop.net/sc?track=195.225.38.43, it looks like abuse[at]gazprombank[dot]ru should have all the reports. It takes more than one user or email address to be listed on the blocking list. The abuse address should have most of those reports. Quote Link to comment Share on other sites More sharing options...
Lking Posted February 12, 2020 Share Posted February 12, 2020 https://talosintelligence.com/reputation_center/lookup?search=195.225.38.0%2F24 That IP is not listed on any blocklist that I can see. in fact it has a "Good" reputation. SpamCop of course can not speak for any other blocklist manager, but providing source email addresses of specific reports is not possible. Revealing the source could expose the address of spamtraps More information Quote Link to comment Share on other sites More sharing options...
petzl Posted February 12, 2020 Share Posted February 12, 2020 9 hours ago, sergei_msk said: Hello, I am security officer at Gasprombank. Could you write me, whose mail address caused blocking the ip 195.225.38.43? No reports made by SpamCop members for 90 days which is as long as records are kept? Can you show the bounce, edit it to remove any sensitive information Quote Link to comment Share on other sites More sharing options...
sergei_msk Posted February 14, 2020 Author Share Posted February 14, 2020 On 2/12/2020 at 11:17 PM, petzl said: No reports made by SpamCop members for 90 days which is as long as records are kept? Can you show the bounce, edit it to remove any sensitive information Hi, Thanks all for answers! There aren't mail in abuse[at]gazprombank[dot]ru. This (attached file) message received our users from recipient. Quote Link to comment Share on other sites More sharing options...
petzl Posted February 15, 2020 Share Posted February 15, 2020 10 hours ago, sergei_msk said: Hi, Thanks all for answers! There aren't mail in abuse[at]gazprombank[dot]ru. This (attached file) message received our users from recipient. SpamCop blocklist can be activated by a large number of emails hitting "SpamCop's spamtraps" . These email addresses are not public but can be scraped by "bots" from poisoned Web-sites. Records of such attacks are not recorded will be blocked for 24 hours from last spam. Two reasons for this is someone is not using a Virus scanner and a computer/device has been compromised or best practice for marketing is not being done "double opt-in confirmation" Minimum ishttps://en.wikipedia.org/wiki/Opt-in_email#Best_practice How easy is it to be put on a/your mail list? Your competitors may well try to sabotage your mail list by loading it with poisoned email addresses? Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 15, 2020 Share Posted February 15, 2020 14 hours ago, sergei_msk said: This (attached file) message received our users from recipient. Also one note, is that at one point a while back most of the mail servers allowed/required separate rbl and text response entries. There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop. If this is still being blocked, but the IP is now showing up on the list, maybe they have pointed the blacklist to something like spamhaus. Another thing you might want to try is one of the following commands around the time an email is blocked. If you do see a "NXDOMAIN" or a "SOA" record instead of an "A" record, they the block is not coming from SpamCop. dig any 43.38.225.195.bl.spamcop.net nslookup -type=any 43.38.225.195.bl.spamcop.net Quote Link to comment Share on other sites More sharing options...
petzl Posted February 15, 2020 Share Posted February 15, 2020 (edited) 6 hours ago, gnarlymarley said: There were a number of administrators that copied the spamcop blacklist settings but changed only the dns part to point to their own blacklist and they left the text as blaming spamcop. Yes if the IP shows as ever being blocked by SpamCop it would lose it's GOOD TALOS reputation EMAIL REPUTATION Good Not uncommon for SpamCops blocklist to be falsely blamed However this IP has a malware infection, But never been reported by SpamCop 195.225.38.17 abuse[at]gazprombank [dot]r u.https://www.abuseat.org/lookup.cgi?ip=195.225.38.17 Edited February 15, 2020 by petzl Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.