All my mailservers are blocked

[Lisa]

Well, my mailservers for all my domains seemed to be blocked by this service (I use 1And1 for all of my hosting, as they are cheap and reliable). It is the customers of the company using the service that is suffering. I'm simply unable to reply to their requests for customer support (we are a games developer). I can only assume that some of 1And1's customers spam or someone uses their servers for relay, or most likely, someone reported them maliciously (as people tend to do). We, of course, never send out unsolicited emails and this is the first time my email has been blocked.

Anyway, if anyone is interested, this is one of the blocked headers (the rest are similar):

SMTP error from remote server after transfer of mail text:

host mail3.wapda.com[209.71.203.7]:

552-MessageWall: Message score (10) has reached or exceeded maximum (10):

552- 10 DNSBL/REJECT: bl.spamcop.net/212.227.126.188: Your mail server is listed by a DNS-based blacklist. Please see http://openrbl.org/

552 MessageWall: This message is being rejected

--- The header of the original message is following. ---

Received: from [80.4.4.207] (helo=maisey)

by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis),

id 0MKwtQ-1ErCA10qat-0000nz; Tue, 27 Dec 2005 11:34:29 +0100

From: "Lisa de Araujo" <lisa.dearaujo[at]gamewaredevelopment.co.uk>

To: "email[at]wapda.com" <email[at]wapda.com>

Date: Tue, 27 Dec 2005 10:36:42 +0000

Reply-To: "Lisa de Araujo" <lisa.dearaujo[at]gamewaredevelopment.com>

Priority: Normal

X-Mailer: PMMail 2000 Standard (2.20.2717) For Windows 2000 (5.1.2600;1)

MIME-Version: 1.0

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: 7bit

Subject: You block our mailserver

Message-ID: <0MKwtQ-1ErCA10qat-0000nz[at]mrelayeu.kundenserver.de>

X-Provags-ID: kundenserver.de abuse[at]kundenserver.de login:144988299257c57cff4aa5e9a631352b

I'm pretty sure there's nothing I can do about this. Kind of an FYI, really.

[agsteele]

212.227.126.188 IS listed in the SCBL.

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 22 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

* SpamCop users have reported system as a source of spam less than 10 times in the past week

* It appears this listing is caused by misdirected bounces. We have a FAQ which covers this topic: Why auto-responses are bad (Misdirected bounces). Please read this FAQ and heed the advice contained in it.

Additional potential problems

(these factors do not directly result in spamcop listing)

* System administrator has already delisted this system once

It also appears that this IP address has been listed previously: In the past 17.9 days, it has been listed 9 times for a total of 5.7 days

I'd say that your diagnosis that the ISP has a spam abuse problem may be correct. Somebody has already tried the quick de-list option and since the problem was not first resolved this option isn't available any longer.

Some of the messages have subjects such as:

Simplyspice would like to link to you

Find a store near you, Learn how to save 10% in store, Ringtones now a..

=?ISO-8859-1?Q?- Gebrauchtfahrzeugkauf Nutzfahrzeuge, LKW, Anh=E4nger und Aul...

However, the bulk of the reports appear to relate to message failure bounces so I'd suggest that your mailserver is bouncing failed messages back to the sender. Since there appear to be forged Email addresses in the sender field and some of these are spam traps this icausing the mail server's IP to get listed.

The ISP/managers of the mail server need to stop bouncing and start rejecting. There is more information on this here: http://www.spamcop.net/fom-serve/cache/329.html

Your ISP or mail server managers need to take action.

Andrew

[Farelf]

Your ISP or mail server managers need to take action.

38462[/snapback]

I will second that. Reports have been going to abuse[at]schlund.de. The SCBL records other recent servers from the kundenserver.de domain, owned by Schlund + Partner AG - 212.227.126.170 212.227.126.171 212.227.126.177 212.227.126.183 212.227.126.186 212.227.126.187 212.227.126.200 212.227.126.202 212.227.126.203 212.227.127.10 212.227.127.180

- looks like the only detectable action from the network has been to rotate their IP addresses. They should be encouraged to elimate the spam source(s), particularly the bounces, as Andrew says - and Lisa, as a client, you may have some influence there. Which is considerably more than doing "nothing".