mmasnick Posted July 22, 2005 Share Posted July 22, 2005 Howdy... I'm a longterm spamcop customer, and hadn't noticed any problems until this morning, when all of a sudden it seemed like Spamcop has become extra aggressive. I normally find that I get about one false positive (legit email held as spam) per week. This morning alone, it's held about 20 legit non-spam messages as spam. In fact, it seems to be catching almost all of my email. That's such a big change that it seems out of the ordinary. It could just be a fluke, but figured it was worth mentioning in the forums. Any changes made recently? Or anyone else notice that Spamcop has become extra aggressive today? If it's not Spamcop is it possible that it's something I did on my end? Thanks! Link to comment Share on other sites More sharing options...
Wazoo Posted July 22, 2005 Share Posted July 22, 2005 No idea on what's up, but the traffic is definitly up today on folks finding themselves on the SpamCopDNSBL .... nothing yet seen as a "mistake" though ... all items looked at thus far today 'earned' their listing ... Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 22, 2005 Share Posted July 22, 2005 In fact, it seems to be catching almost all of my email. That's such a big change that it seems out of the ordinary.30533[/snapback] Have you looked at the headers of the messages to determine why spamcop held them? There is a FAQ at the top of every section with the note Please read before posting. Inside that FAQ is a section on the email service with one link labeled FAQ about Filtering and Held Mail. That will take you another list with links like: Why is all my mail being held? and Why did this message get held? These two entries will help you read those headers and determine why the messages are being held. Link to comment Share on other sites More sharing options...
mmasnick Posted July 22, 2005 Author Share Posted July 22, 2005 Ok... Looks like somehow the IP of my site has been included on the BL -- which obviously is a problem. I've sent a note to my hosting company to figure out what happened. As far as I can tell, since I forward all of my emails into Spamcop, Spamcop is judging all of them based on that IP... and thus blocking them all (including emails from myself). The few messages that are going through are those that I had previously whitelisted. That doesn't necessarily seem right though. Shouldn't it at least recognize that the emails originated elsewhere? Link to comment Share on other sites More sharing options...
Wazoo Posted July 22, 2005 Share Posted July 22, 2005 Tracking URL .. at least the IP in question ... something to do some research on. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted July 22, 2005 Share Posted July 22, 2005 That doesn't necessarily seem right though. Shouldn't it at least recognize that the emails originated elsewhere? 30539[/snapback] Because of the use of legitimate forwarders and forged headers, spamcop email service scans ALL IP addresses a message has travelled through (as seen in the Received headers) to determine if any of them are listed. Most bl's are configured to only look at the connecting IP because that is the only one that can be fully trusted without other tests (i.e. overhead). The use of spamcop email service forwarded from a non-responsive ISP (one that gets their servers listed often) is not a good match unless you use the whitelisting function. Link to comment Share on other sites More sharing options...
mmasnick Posted July 22, 2005 Author Share Posted July 22, 2005 Tracking URL .. at least the IP in question ... something to do some research on. 30540[/snapback] IP in question: 66.209.74.50 which just is a default for the hosting company I use (and have used for nearly a decade... they're not spammers). As mentioned, I sent them a note to figure out what's going on. My only guess is that maybe they were hosting someone who spammed. In the meantime, though, all of my email is being held, which is quite a pain, and much worse than if I just had to suffer through spam because now I have to go log in and weed through all the spam anyway, and then forward (and whitelist) everything on to my real email account. Can I whitelist my IP at least for myself until this gets sorted out? Link to comment Share on other sites More sharing options...
Wazoo Posted July 22, 2005 Share Posted July 22, 2005 http://www.spamcop.net/w3m?action=checkblock&ip=66.209.74.50 66.209.74.50 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 9 hours. Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Listing History In the past 131.4 days, it has been listed 2 times for a total of 38 hours Other hosts in this "neighborhood" with spam reports 66.209.74.130 66.209.74.150 66.209.74.231 66.209.74.245 Link to comment Share on other sites More sharing options...
Jeff G. Posted July 23, 2005 Share Posted July 23, 2005 There is no Report History for that IP Address - all of the Reports have been from spam Traps. The Parser would currently send Reports to abuse[at]actionweb.com - please have abuse[at]actionweb.com contact the Deputies via deputies[at]spamcop.net to discuss this matter. Thanks! Link to comment Share on other sites More sharing options...
dbiel Posted July 23, 2005 Share Posted July 23, 2005 I am starting to find problems as well that I have never had Looks like Earthlink has been listed several places causing mail I am sending to bounce back 207.69.195.67 IS LISTED BY: A Info spammers.v6net.org 65.77.130.111 multihop.dsbl.org 127.0.0.2 unconfirmed.dsbl.org 127.0.0.2 block.blars.org 127.1.0.9 TXT Info multihop.dsbl.org http://dsbl.org/listing?207.69.195.67 unconfirmed.dsbl.org http://dsbl.org/listing?207.69.195.67 --> /usr/local/bin/fwhois 207.69.195.67[at]whois.arin.net [whois.arin.net] EarthLink, Inc. EARTHLINK2000-D (NET-207-69-0-0-1) 207.69.0.0 - 207.69.255.255 ITC Deltacom MINDSPRING-DEDA-C300 (NET-207-69-195-0-1) 207.69.195.0 - 207.69.195.255 207.69.195.67 PTR record: pop-tawny.atl.sa.earthlink.net. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.