abuse At Load.com Posted July 23, 2005 Share Posted July 23, 2005 1. Gmail doesn't include in any Header Lines the IP Addresses of its web-based users when they send email like most every other web-capable public email system, causing their server's IP Address to get listed for spamming, rather than their web-based spammer users' IP Addresses, and causing their web-based spammers users to gravitate towards it This is more of question than anything else. We started doing this with our webmail service and it is just ignored by spamcop, I guess my question is are we doing it incorrectly ? Received: from smtp-out.load.com (smtp-out.load.com [209.58.232.26]) by rly-xh06.mx.aol.com (v106.2) with ESMTP id MAILRELAYINXH65-70f42db76c7e1; Mon, 18 Jul 2005 05:30:47 -0400 Received: (qmail 8741 invoked by uid 0); 18 Jul 2005 09:30:45 -0000 Received: from 66.178.81.115 ([66.178.81.115]) by smtp-out.load.com (Load SMTP 5.0.1) with HTTP id 2DAACD9B_E1EF_443B_9977_AAC36F1C8216[at]webmail.loadmail.load.com for gibson[at]tygo.com; Mon, 18 Jul 2005 09:30:40 -0000 Here are a couple of lines from a message from a spaming user, when this message is parsed by spam cop it basicly gets to the Received line with ref to 66.178.81.115 and says this host is not associated with your domain, and ignores the ip address thus falling back to our default outbound smtp ip address. we began including this type of header in addition to our x-truesender-ip header, but it has not done any thing for us. What do you think ? Or are we doing anything you can see wrong ? Thanks Adam Rogas CTO Load Ltd Link to comment Share on other sites More sharing options...
Wazoo Posted July 24, 2005 Share Posted July 24, 2005 Data provided is out of context. Added line is a bit lite on included data. "this host is not associated with your domain" indicates that MailHost Configuration has been performed on the reporting account ... and the specified line has not been added to "your" mailhost data ... as to what then fails and forces this line to be the "guilty" party goes back to the data provided being out of context. Any better analysis will be waiting for a Tracking URL, which will show the entire spam submittal. Link to comment Share on other sites More sharing options...
abuse At Load.com Posted July 24, 2005 Author Share Posted July 24, 2005 I would love to send you a track back url but it has been quite some time since I have had one, The problem we are having is that our users keeps hitting the spam traps and we don't know who yet. Link to comment Share on other sites More sharing options...
abuse At Load.com Posted July 24, 2005 Author Share Posted July 24, 2005 I can post the entire message and let spam cop parse it ? Would that help ? Thanks -Adam Link to comment Share on other sites More sharing options...
Jeff G. Posted July 24, 2005 Share Posted July 24, 2005 I can post the entire message and let spam cop parse it ? Would that help ?30596[/snapback] We prefer not to have spam bodies posted, but you could post: the Tracking URL for a spam or test message; the full headers for a spam or test message; or a full test message. Link to comment Share on other sites More sharing options...
abuse At Load.com Posted July 24, 2005 Author Share Posted July 24, 2005 Here are the complete headers for the message as recieved by aol Thank's for taking the time to help me figure this out. Return-Path: <test[at]rock.com> Received: from rly-xg03.mx.aol.com (rly-xg03.mail.aol.com [172.20.115.200]) by air-xg02.mail.aol.com (vx) with ESMTP id MAILINXG23-45c42e0762876; Fri, 22 Jul 2005 00:29:47 -0400 Received: from smtp-out.load.com (smtp-out.load.com [209.58.232.26]) by rly-xg03.mx.aol.com (vx) with ESMTP id MAILRELAYINXG36-45c42e0762876; Fri, 22 Jul 2005 00:29:29 -0400 Received: (qmail 16430 invoked by uid 0); 22 Jul 2005 04:29:24 -0000 Received: from 192.116.119.135 ([192.116.119.135]) by smtp-out.load.com (Load SMTP 5.0.1) with HTTP id 8F488A60_F22F_4C7A_9F34_7E1F63CA718B[at]webmail.loadmail.load.com for test[at]rock.com; Fri, 22 Jul 2005 04:29:17 -0000 Date: 22 Jul 2005 04:29:17 +0000 Message-ID: <8F488A60_F22F_4C7A_9F34_7E1F63CA718B[at]webmail.loadmail.load.com> From: "test" <test[at]rock.com> To: <Undisclosed Recipients> X-TrueSenderIP: 192.116.119.135 X-SenderHTTPUserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) X-Mailer: LoadMail SMTP 6.1.2.0322 X-TrueHostName: X-WebServer: webmail.rock.com X-CS-SpamStatus: 0 X-Queue: AFFINITY X-Priority: 3 Subject: test message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_33926b6b_6fb4_4b81_9f88_2543e52cfb98" X-AOL-IP: 209.58.232.26 Link to comment Share on other sites More sharing options...
Wazoo Posted July 24, 2005 Share Posted July 24, 2005 http://www.spamcop.net/sc?id=z789441805zfe...96d52231330e36z If reported today, reports would be sent to: Re: 192.116.119.135 (Administrator of IP block - statistics only) abuse-gilat[at]012.net.il abuse[at]gilat.net Link to comment Share on other sites More sharing options...
abuse At Load.com Posted July 25, 2005 Author Share Posted July 25, 2005 Ok so not to seem slow but what you are telling me is that we are doing it correct ? If that is the case why do we continue to get listed as the source of the spam ? We have been doing it this way for at least the last 3 months, and every time we check to see on a report it has shown the host is not associated with your domain name error that I spoke of before. I am guessing when you have mailhosts fully implemented this will no longer work either, is that true ? Lastly is there anything we can do moving forward when mailhosts becomes the standard methodology for spamcop.net Link to comment Share on other sites More sharing options...
Wazoo Posted July 25, 2005 Share Posted July 25, 2005 Ok so not to seem slow but what you are telling me is that we are doing it correct ? If that is the case why do we continue to get listed as the source of the spam ? Not really correct ... Do you have your own SpamCop reporting account? If not, please sign-up for a free one. Then set preferences to show all/full Technical details. With that done, click on the Tracking URL I provided in my last post. Witness the struggle the parser has in trying to do a chain test, trying to identify the flow of the e-mail. We have been doing it this way for at least the last 3 months, and every time we check to see on a report it has shown the host is not associated with your domain name error that I spoke of before. I don't quite understand what you are saying here. Please explain "check on a report" .... a report has links back into parts of the SpamCop system. Are you talking of following one of these links, are you talking of running a spam parse yourself ... trying to sort out whether it is "you" that has a mailhost configuration issue, one of your uisers, or is there something else really strange going on. I am guessing when you have mailhosts fully implemented this will no longer work either, is that true ? Lastly is there anything we can do moving forward when mailhosts becomes the standard methodology for spamcop.net 30639[/snapback] Still confused as to why you are pointing to a mailhost configuration of a reporting account as "the issue" .... how about starting with some configuration items ... as seen in the parse; 209.58.232.26 is not an MX for smtp-out.load.com http://www.mxtoolbox.com/index.aspx says No MX records found for smtp-out.load.com ns1.load.com reports the following MX records: Preference Host Name IP Address TTL 20 smtp-id.load.com 209.58.236.25 300 This may feed into the mailhost 'failed' situation, but ..... I don't think there's enough specific data offered at this point .. so not much more that possible guesses here. Link to comment Share on other sites More sharing options...
Jeff G. Posted July 25, 2005 Share Posted July 25, 2005 You should probably ask a SpamCop Admin (via How can I contact a real person about this? (for Internet Service Provider personnel only)) to have smtp-out.load.com flagged as a trusted relay to resolve this problem. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.