Jump to content

E-mail blocked but server is not listed


Recommended Posts

The following is an excerpt from an e-mail notification of a message blocked by spam Cop. This IP address is not shared (so no one else is using it to send out spam) and it is not an open relay (as confirmed by dnsreport.com and ORDB). How could this have happened? Oh, and by the way... we don't send spam either.

> The original message was received at Wed, 6 Jul 2005 00:27:20 GMT

> from dealerlinkonline.com [66.6.216.162]

>

> ----- The following addresses had permanent fatal errors -----

> <ICHANGEDTHISNAME[at]garberautomall.com>

> (reason: 571 Blocked: Listed by bl.spamcop.net

> (http://spamcop.net/bl.shtml) as an open relay or suspected of being a

> source for unsolicited e-mail broadcast.)

>

> ----- Transcript of session follows -----

> ... while talking to mail.garberautomall.com.:

>>>> RCPT <ICHANGEDTHISNAME[at]garberautomall.com>

> <<< 571 Blocked: Listed by bl.spamcop.net (http://spamcop.net/bl.shtml) as

> an open relay or suspected of being a source for unsolicited e-mail

> broadcast.

Link to comment
Share on other sites

Wondering why you made it so much work to sort out just what IP you might be talking about.

netlab-server.thenetlab.net reports the following MX records:

Preference Host Name IP Address TTL

10 mail.garberautomall.com 65.204.231.3

20 mail.uu.net 199.171.54.245

65.204.231.3 not listed in bl.spamcop.net

199.171.54.245 not listed in bl.spamcop.net

And of course, SpamCop blocks nothing. The SpamCopDNSBL does not deal with open relays, only spam spew. Based on the current (and lack of) details, it would appear that the ISP in question has a misconfigured server, using the wrong justification note to explain the blocking action.

http://moensted.dk/spam/?addr=65.204.231.3&Submit=Submit shows some issues.

http://www.dnsreport.com/tools/dnsreport.c...berautomall.com shows some severe issues, most notably the rDNS issues.

It appears that you have some issues that need work, but they don't appear to be with SpamCop at present.

Link to comment
Share on other sites

Please clarify...is the sending IP [66.6.216.162]? If so, the SenderBase stats on that IP are a bit alarming:

http://www.senderbase.org/?searchBy=ipaddr...ng=66.6.216.162

Volume Statistics for this IP

Last day -100%

Last 30 days 345%

A tripling of email output in a month often signals some bad traffic (hijacked/infected machine, etc.) going out...but I'm not clear if that's actually the sending IP involved in this case.

DT

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...