Spamcop Getting Extra Aggressive?

[mmasnick]

Howdy...

I'm a longterm spamcop customer, and hadn't noticed any problems until this morning, when all of a sudden it seemed like Spamcop has become extra aggressive. I normally find that I get about one false positive (legit email held as spam) per week. This morning alone, it's held about 20 legit non-spam messages as spam. In fact, it seems to be catching almost all of my email. That's such a big change that it seems out of the ordinary.

It could just be a fluke, but figured it was worth mentioning in the forums. Any changes made recently? Or anyone else notice that Spamcop has become extra aggressive today? If it's not Spamcop is it possible that it's something I did on my end?

Thanks!

[Wazoo]

No idea on what's up, but the traffic is definitly up today on folks finding themselves on the SpamCopDNSBL .... nothing yet seen as a "mistake" though ... all items looked at thus far today 'earned' their listing ...

[StevenUnderwood]

In fact, it seems to be catching almost all of my email.  That's such a big change that it seems out of the ordinary.

30533[/snapback]

Have you looked at the headers of the messages to determine why spamcop held them?

There is a FAQ at the top of every section with the note Please read before posting. Inside that FAQ is a section on the email service with one link labeled FAQ about Filtering and Held Mail. That will take you another list with links like:

Why is all my mail being held? and Why did this message get held?

These two entries will help you read those headers and determine why the messages are being held.

[mmasnick]

Ok... Looks like somehow the IP of my site has been included on the BL -- which obviously is a problem. I've sent a note to my hosting company to figure out what happened.

As far as I can tell, since I forward all of my emails into Spamcop, Spamcop is judging all of them based on that IP... and thus blocking them all (including emails from myself). The few messages that are going through are those that I had previously whitelisted. That doesn't necessarily seem right though. Shouldn't it at least recognize that the emails originated elsewhere?

[Wazoo]

Tracking URL .. at least the IP in question ... something to do some research on.

[StevenUnderwood]

That doesn't necessarily seem right though.  Shouldn't it at least recognize that the emails originated elsewhere?

30539[/snapback]

Because of the use of legitimate forwarders and forged headers, spamcop email service scans ALL IP addresses a message has travelled through (as seen in the Received headers) to determine if any of them are listed.

Most bl's are configured to only look at the connecting IP because that is the only one that can be fully trusted without other tests (i.e. overhead).

The use of spamcop email service forwarded from a non-responsive ISP (one that gets their servers listed often) is not a good match unless you use the whitelisting function.

[mmasnick]

Tracking URL .. at least the IP in question ... something to do some research on.

30540[/snapback]

IP in question: 66.209.74.50 which just is a default for the hosting company I use (and have used for nearly a decade... they're not spammers). As mentioned, I sent them a note to figure out what's going on. My only guess is that maybe they were hosting someone who spammed.

In the meantime, though, all of my email is being held, which is quite a pain, and much worse than if I just had to suffer through spam because now I have to go log in and weed through all the spam anyway, and then forward (and whitelist) everything on to my real email account.

Can I whitelist my IP at least for myself until this gets sorted out?

[Wazoo]

http://www.spamcop.net/w3m?action=checkblock&ip=66.209.74.50

66.209.74.50 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 9 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

Listing History

In the past 131.4 days, it has been listed 2 times for a total of 38 hours

Other hosts in this "neighborhood" with spam reports

66.209.74.130 66.209.74.150 66.209.74.231 66.209.74.245

[Jeff G.]

There is no Report History for that IP Address - all of the Reports have been from spam Traps. The Parser would currently send Reports to abuse[at]actionweb.com - please have abuse[at]actionweb.com contact the Deputies via deputies[at]spamcop.net to discuss this matter. Thanks!

[dbiel]

I am starting to find problems as well that I have never had

Looks like Earthlink has been listed several places causing mail I am sending to bounce back

207.69.195.67 IS LISTED BY:

A Info

spammers.v6net.org 65.77.130.111

multihop.dsbl.org 127.0.0.2

unconfirmed.dsbl.org 127.0.0.2

block.blars.org 127.1.0.9

TXT Info

multihop.dsbl.org http://dsbl.org/listing?207.69.195.67

unconfirmed.dsbl.org http://dsbl.org/listing?207.69.195.67

--> /usr/local/bin/fwhois 207.69.195.67[at]whois.arin.net

[whois.arin.net]

EarthLink, Inc. EARTHLINK2000-D (NET-207-69-0-0-1)

207.69.0.0 - 207.69.255.255

ITC Deltacom MINDSPRING-DEDA-C300 (NET-207-69-195-0-1)

207.69.195.0 - 207.69.195.255

207.69.195.67 PTR record: pop-tawny.atl.sa.earthlink.net.