No assistance from an ISP

[littleblubunnie]

My yellow brick road has seems to have come to a dead end. At 3:00 pm Wednesday November 23rd One of my customers called to inform me he was receiving unsolicited spam from a realty company every 15 minutes. After several minutes (he's on a 56k connection) he was finally able to download all of his mail. All 736, 732 of which were duplicates of the same e-mail from the realty company. My husband and I own a small dial-up internet company with a ZERO tolerance for spammers. That being said we called the realty company only to be informed that their e-mail server had been hacked and someone (hacker) was redirecting their mail, and that I should contact their main office. Their main office responded by telling me the computer in question had been unplugged and directed me to their IT Director. I had to give the director the full header of the e-mail in question to show where it was coming from and that it was still being received. The ITD told me it was a problem with the mail server (duh!) and said

he needed to get in touch with their ISP. This was 2 days ago. I have contacted the ISP in question and still have not received any response. Through my search over the internet I have found nothing in reference to how to deal with an ISP that is allowing Spamming on their network. Or how to get their attention so they will see this as a serious situation. If anyone has any advice I would immensely appreciate it.

Moderator Edit: Please refraim from using the term "spam" in all caps. This is a registered trade mark belonging to Hormel Foods identifying their canned meat product. Internet spam should never be spelled in all caps (usage has been edited in this post and title).

[Wazoo]

No mention at all of a SpamCop.net reporting issue or involvement .. Moving this to the Lounge.

[Jeff G.]

If you have control over your router's routing tables, please blackhole the connecting IP Address and wait for the ISP to get back to you via alternate means. If you don't have such control, please ask your ISP to do it for you. Thanks!

[Wazoo]

Through my search over the internet I have found nothing in reference to how to deal with an ISP that is allowing Spamming on their network.  Or how to get their attention so they will see this as a serious situation.

Can't guess at where you searched and missed things like Black/Blocklists ..... Pro and anti conversations all over the world ...

My husband and I own a small dial-up internet company with a ZERO tolerance for spammers.

That would make it sound like you probably run your own e-mail servers also, which would also suggest that you could block this kind of garbage for your customers .... this being said without knowing your setup, configuration, or system & tool set ....

If anyone has any advice  I would immensely appreciate it.

36871[/snapback]

The description offered of "a reality company" doesn't help anyone here to offer anything specify to help you out. An IP address of the server in question would have allowed research to have happened, possibly even pointing out that an infected computer was in the mix, the server had been "owned" by a spammer, or possibly something else .... "we" could have looked to see if in fact that IP address was already listed in one or more of the hundreds of BLs in use around the world ... on and on ... One could suggest you take a look at the "Why am I blocked? FAQ entry here and apply that knowledge in reverse. Do you or your customers use the SpamCop.net reporting system, noting that reporting feeds the SpamCopDNSBL, which is then in turn available for your use on your e-mail server (again, said without knowing what tools you have in place)

[littleblubunnie]

If you have control over your router's routing tables, please blackhole the connecting IP Address and wait for the ISP to get back to you via alternate means.  If you don't have such control, please ask your ISP to do it for you.  Thanks!

36875[/snapback]

Have blackholed the IP address. Now I can't get them to contact me at all!

[littleblubunnie]

Can't guess at where you searched and missed things like Black/Blocklists ..... Pro and anti conversations all over the world ...

That would make it sound like you probably run your own e-mail servers also, which would also suggest that you could block this kind of garbage for your customers .... this being said without knowing your setup, configuration, or system & tool set ....

The description offered of "a reality company" doesn't help anyone here to offer anything specify to help you out.  An IP address of the server in question would have allowed research to have happened, possibly even pointing out that an infected computer was in the mix, the server had been "owned" by a spammer, or possibly something else .... "we" could have looked to see if in fact that IP address was already listed in one or more of the hundreds of BLs in use around the world ... on and on ... One could suggest you take a look at the "Why am I blocked? FAQ entry here and apply that knowledge in reverse.  Do you or your customers use the SpamCop.net reporting system, noting that reporting feeds the SpamCopDNSBL, which is then in turn available for your use on your e-mail server (again, said without knowing what tools you have in place)

36876[/snapback]

We resell dial-up. We're moving all of our e-mail onto our web server. We had tried to get some assistance from the company that resells to us as far as spam filtering. It is costing our customer an extra dollar a month for it when we signed him up for it, we were told that it has a bounce back option. So far he's still getting the messages they're just marked spam. Needless to say he comes close to his quota everyday. I believe we're going to try to use spamhause. The other ISP that has the problem did contact me today they have been working on the situation for 2 days now and their technicians have had no success.

[Jeff G.]

Would you care to share any Tracking URLs? Also, please be aware that the full-uppercase Registered Trademark "spam" should not be used to refer to email or newsgroup postings, per the Trademark holder, Hormel, Inc. Thanks!

[Miss Betsy]

Have blackholed the IP address. Now I can't get them to contact me at all!

I am not a server admin, but from what I understand, if you blackholed that IP address, then you are no longer receiving any email from that IP address which means that your customer is no longer receiving spam. And that means that your problem is solved.

As long as no one receives legitimate email from that IP address, there is no more problem. If someone does receive email, then unless you are returning a message (550, I think), the sender won't know that it hasn't arrived. That is why SpamCop uses its blocklist to 'tag' spam.

If the email is being filtered and there is a 'bounce' option, you need to inquire closely into how the 'bounces' happen. If it is after the email has been accepted, then it is also considered unsolicitied email (because the program sends an email to the return path which is almost always a forged name.)

I don't understand what happens when a trojan uses the machine of an unsuspecting person to generate spam or viruses. The trojan doesn't use the ordinary ports for email. I think that a proper rejection message cannot be made, but it doesn't matter since the sender doesn't know he sent the message anyway.

To get back to the original concern: As long as you have stopped the spam from coming into your system, there is no need to have communication with the ISP that is allowing it. Any senders on his system that cannot contact you should be getting a rejection notice from your server and can complain to him about not getting reliable email service. If the ISP with the problem has contacted you and are working on the problem, then just tell them that when they get it fixed to contact you again, you will unblackhole them.

Miss Betsy