elroyskimms Posted July 6, 2005 Share Posted July 6, 2005 The following is an excerpt from an e-mail notification of a message blocked by spam Cop. This IP address is not shared (so no one else is using it to send out spam) and it is not an open relay (as confirmed by dnsreport.com and ORDB). How could this have happened? Oh, and by the way... we don't send spam either. > The original message was received at Wed, 6 Jul 2005 00:27:20 GMT > from dealerlinkonline.com [66.6.216.162] > > ----- The following addresses had permanent fatal errors ----- > <ICHANGEDTHISNAME[at]garberautomall.com> > (reason: 571 Blocked: Listed by bl.spamcop.net > (http://spamcop.net/bl.shtml) as an open relay or suspected of being a > source for unsolicited e-mail broadcast.) > > ----- Transcript of session follows ----- > ... while talking to mail.garberautomall.com.: >>>> RCPT <ICHANGEDTHISNAME[at]garberautomall.com> > <<< 571 Blocked: Listed by bl.spamcop.net (http://spamcop.net/bl.shtml) as > an open relay or suspected of being a source for unsolicited e-mail > broadcast. Link to comment Share on other sites More sharing options...
Wazoo Posted July 6, 2005 Share Posted July 6, 2005 Wondering why you made it so much work to sort out just what IP you might be talking about. netlab-server.thenetlab.net reports the following MX records: Preference Host Name IP Address TTL 10 mail.garberautomall.com 65.204.231.3 20 mail.uu.net 199.171.54.245 65.204.231.3 not listed in bl.spamcop.net 199.171.54.245 not listed in bl.spamcop.net And of course, SpamCop blocks nothing. The SpamCopDNSBL does not deal with open relays, only spam spew. Based on the current (and lack of) details, it would appear that the ISP in question has a misconfigured server, using the wrong justification note to explain the blocking action. http://moensted.dk/spam/?addr=65.204.231.3&Submit=Submit shows some issues. http://www.dnsreport.com/tools/dnsreport.c...berautomall.com shows some severe issues, most notably the rDNS issues. It appears that you have some issues that need work, but they don't appear to be with SpamCop at present. Link to comment Share on other sites More sharing options...
DavidT Posted July 6, 2005 Share Posted July 6, 2005 Please clarify...is the sending IP [66.6.216.162]? If so, the SenderBase stats on that IP are a bit alarming: http://www.senderbase.org/?searchBy=ipaddr...ng=66.6.216.162 Volume Statistics for this IP Last day -100% Last 30 days 345% A tripling of email output in a month often signals some bad traffic (hijacked/infected machine, etc.) going out...but I'm not clear if that's actually the sending IP involved in this case. DT Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.