SpamCop IP listed in SpamHaus RBL

[newjoiseyboy]

I have my system set up to forward spam to SpamCop, which I did earlier today and was expecting to get report notifications. When I didn't, I logged in and I saw that my system had bounced mail from SpamCop. I didn't see what had gone wrong at first, because the error message was incomplete, and I saw that the only report I had in the queue was a bit of spam from 4 days ago.

I double-checked my logs, and my system bounced SpamCop's report email because the IP is now listed with Spamhaus. The report is still active, and I'm not sure I should necessarily whitelist SpamCop's IPs if the contents of this report are accurate.

I do not recall seeing this from SpamCop's servers before, so I figure, better safe than sorry.

In the meantime, I can use the form to submit email so I don't trigger any more bounces, until this is resolved.

Feb 26 17:08:21 <myserver> postfix/smtpd[20277]: NOQUEUE: reject: RCPT from unknown[184.94.240.88]: 554 5.7.1
  Service unavailable; Client host [184.94.240.88] blocked using zen.spamhaus.org;
  https://www.spamhaus.org/query/ip/184.94.240.88; from=<spamid.6800685979@bounces.spamcop.net>
  to=<me@mydomain.com> proto=ESMTP helo=<vmx.spamcop.net>

Let me know if there's a better place to fire this report.

[petzl]

59 minutes ago, newjoiseyboy said:

I have my system set up to forward spam to SpamCop, which I did earlier today and was expecting to get report notifications. When I didn't, I logged in and I saw that my system had bounced mail from SpamCop. I didn't see what had gone wrong at first, because the error message was incomplete, and I saw that the only report I had in the queue was a bit of spam from 4 days ago.

Now I'm getting bogus spam threats so spammers have read about the glitch!
https://www.spamcop.net/sc?id=z6801175589z9204dccb4f827821d33a630dd4eafcc5z

[newjoiseyboy]

Oh, I think that's different. I get those to my domain from time to time, that's just your regular crypto threat-phishing email.

[gnarlymarley]

The blocklist issue with IPs being added that probably shouldn't is why I went from the idea of block it if only any list to SpamAssassin where it blocks it based on a score. Either the email needs to be spammy, or else be on more than one blocklist.

[petzl]

3 hours ago, newjoiseyboy said:

Oh, I think that's different. I get those to my domain from time to time, that's just your regular crypto threat-phishing email.

But this is addressed to "SpamCop User"
Dear user of spamcop.net!

I am a spyware software developer.
Your account has been hacked by me couple months ago

 

[newjoiseyboy]

23 minutes ago, petzl said:

But this is addressed to "SpamCop User"
Dear user of spamcop.net!

I am a spyware software developer.
Your account has been hacked by me couple months ago

 

Yeah, I looked at your link earlier. That's got nothing to do with what I posted. Somebody was trying to get you to send them Bitcoin. They haven't hacked anything.

[newjoiseyboy]

3 hours ago, gnarlymarley said:

The blocklist issue with IPs being added that probably shouldn't is why I went from the idea of block it if only any list to SpamAssassin where it blocks it based on a score. Either the email needs to be spammy, or else be on more than one blocklist.

Yeah, maybe I should do that at this point. I don't believe I've ended up blocking legitimate mail before now -- never had this happen with SpamCop before -- but I wanted to put this out there in the event there was an actual security issue, just in case.

[newjoiseyboy]

Aha. I found this thread which is relevant. Seems a few bits got dropped on the floor, and things are working for other people already. I was just 4 days late to finding out.

[Calion]

Is this related to the fact that I have not been getting emails from Spamcop for some time now? I checked today and discovered that my email was marked as “bouncing.”

Has there been a recent crackdown on spammy emails? The BSA has had their email messaging system completely blocked from several domains.

[newjoiseyboy]

@Calion, I believe that is correct. My email got marked as bouncing spamcop emails on the 26th of February which is when I think this all started. 

[crp5591]

Me too!

Apple is blocking SpamCop emails as well to iCloud accounts.

Any impacted iCloud users are (per the Apple Support advisor I spoke with) encouraged to call also Apple support and let them know, just in case it takes a long time to get Spamcop off the SpamHaus RBL.

[petzl]

19 minutes ago, crp5591 said:

Me too!

Apple is blocking SpamCop emails as well to iCloud accounts.

Any impacted iCloud users are (per the Apple Support advisor I spoke with) encouraged to call also Apple support and let them know, just in case it takes a long time to get Spamcop off the SpamHaus RBL.

SpamCop's NEW email server IP is not listed in SpamHauas, Apple must have different blocking method?
https://check.spamhaus.org/not_listed/?searchterm=184.94.240.112

[gnarlymarley]

For Apple, it could be that someone forgot to update their SPF records with the 184.94.240.88 IP to it. It is currently set to a five minutes cache.


;; QUESTION SECTION:
;devnull.spamcop.net. IN TXT

;; ANSWER SECTION:
devnull.spamcop.net. 300 IN TXT "v=spf1 ip4:184.94.240.88 ip4:184.94.240.112 ip4:204.15.80.0/22 -all"


;; QUESTION SECTION:
;bounces.spamcop.net. IN TXT

;; ANSWER SECTION:
bounces.spamcop.net. 300 IN TXT "v=spf1 ip4:184.94.240.88 ip4:184.94.240.112 ip4:204.15.80.0/22 -all"
Edited March 5, 2023 by gnarlymarley

[newjoiseyboy]

I suggest adding a reply to this other thread as the SpamCop staff/admins were watching it: