Jump to content

SpamCop is killing us!


phillyd2

Recommended Posts

SpamCop is killing us!

We are a international business that rely most on emails for communications. Almost every day we get emails bounced back as blocked by SpamCop. First to be clear, we do not and never had sent spam in any shape or form. We do not even do mass emails. Many times our blocked emails are ones we are replying to! We have already contacted our ISP (verio.com) who informed us that nothing can be done.

We always get the following:

131.103.218.142 not listed in bl.spamcop.net

So we are never listed, how come our messages are blocked so often? We are up to sometimes 5 a day! I do not want to insult and we hate spam too but this is getting crazy!

Here is the last one, as of today:

-----Original Message-----

From: MAILER-DAEMON[at]mail15c.boca15-verio.com [mailto:MAILER-DAEMON[at]mail15c.boca15-verio.com]

Sent: Thursday, January 19, 2006 5:02 PM

To: dbaranyai[at]tufftemp.com

Subject: failure notice

Hi. This is the qmail-send program at mail15c.boca15-verio.com. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out.

<armando[at]tecnoglass.com>:

200.110.128.4 does not like recipient.

Remote host said: 553 Blocked - see http://www.spamcop.net/bl.shtml?131.103.218.142

Giving up on 200.110.128.4.

--- Below this line is a copy of the message.

Return-Path: <dbaranyai[at]tufftemp.com>

Received: from mx29.bcrtfl01.us.mxservers.net (131.103.218.137)

by mail15c.boca15-verio.com (RS ver 1.0.95vs) with SMTP id 2-0421248077;

Thu, 19 Jan 2006 17:01:29 -0500 (EST)

Received: from www.tufftemp.com [209.238.190.188] (HELO DaveBaranyai)

by mx29.bcrtfl01.us.mxservers.net (mxl_mta-1.3.8-10p4) with SMTP id 19a00d34.27880.082.mx29.bcrtfl01.us.mxservers.net;

Thu, 19 Jan 2006 16:54:25 -0500 (EST)

From: "David Baranyai" <dbaranyai[at]tufftemp.com>

To: "Armando" <armando[at]tecnoglass.com>

Subject: PO for Kevlar

Date: Thu, 19 Jan 2006 17:03:19 -0500

Message-ID: <OHEEKOIGKJFNLGAGFAGPAEDDCJAA.dbaranyai[at]tufftemp.com>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0016_01C61D1A.3F08E2E0"

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670

Importance: Normal

In-Reply-To: <20060118145118.GA54763[at]mail15c.boca15-verio.com>

X-spam: [F=0.0121951220; heur=0.500(-7800); stat=0.010; spamtraq-heur=0.550(2006011907)]

X-MAIL-FROM: <dbaranyai[at]tufftemp.com>

X-SOURCE-IP: [209.238.190.188]

X-Loop-Detect:1

X-DistLoop-Detect:1

This is a multi-part message in MIME format.

------=_NextPart_000_0016_01C61D1A.3F08E2E0

Content-Type: multipart/alternative;

boundary="----=_NextPart_001_0017_01C61D1A.3F08E2E0"

------=_NextPart_001_0017_01C61D1A.3F08E2E0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

XXXX Our Reply Message Text XXXX

-----Original Message-----

From: Armando [mailto:armando[at]tecnoglass.com]

Sent: Wednesday, January 18, 2006 2:58 PM

To: 'David Baranyai'

Subject: PO for Kevlar

Importance: High

XXXX Original Message Text XXXX

Link to comment
Share on other sites

We always get the following:

131.103.218.142 not listed in bl.spamcop.net

39468[/snapback]

While the link shows currently not listed, SenderBase is showing a listing (their cache seems to lag often) so you were recently listed. There are no publically available reports, unlike the other IP of Verio shown recently, so it was probably hitting spamtraps.

I am NOT saying you are sending spam (and neither is spamcop). Only that messages coming from your mail servers IP address have hit a sufficient percentage to list and subsequently have timed off that list.

An administrator at Verio should contact deputies[at]spamcop.net to confirm the reason for listing. Most recently, lots of IP's have been listed because they are sending "delayed bounces" to forged return addresses which happen to be spamtrap (or innocent third party) addresses. Delayed bounces, while still "legal" per the outdated RFC's, are no longer considered "best practice" for email servers on the internet.

Link to comment
Share on other sites

Moderators, please merge this with the previous verio's customer rant (the one that claims false positives).

39469[/snapback]

sorry but I'm new here. What rant are you talking about? If another has ranted than I do NOT want to be merged with them

Link to comment
Share on other sites

Verio's outgoing mail server are notorious for sending delayed bounces and blowback. If email is really so critical to your customer, I would highly recommend that they invest in a static IP address, and a copy of Microsoft Exchange 2003 or the mail server software of their choice and run their own mail server. That way they aren't at the mercy of an irresponsible ISP, and do not have to share their mail server with other customers whose email practices they can't control.

Many will probably gripe at my support of a Microsoft product, however, exchange is easy to setup, easy to manage and configure correctly, supports DNSBLs for filtering spam from your incoming email, and support for it is readily available from literally thousands of sources.

Link to comment
Share on other sites

While the link shows currently not listed, SenderBase is showing a listing (their cache seems to lag often) so you were recently listed.  There are no publically available reports, unlike the other IP of Verio shown recently, so it was probably hitting spamtraps.

I am NOT saying you are sending spam (and neither is spamcop).  Only that messages coming from your mail servers IP address have hit a sufficient percentage to list and subsequently have timed off that list.

An administrator at Verio should contact deputies[at]spamcop.net to confirm the reason for listing.  Most recently, lots of IP's have been listed because they are sending "delayed bounces" to forged return addresses which happen to be spamtrap (or innocent third party) addresses.  Delayed bounces, while still "legal" per the outdated RFC's, are no longer considered "best practice" for email servers on the internet.

39470[/snapback]

Not quite sure what all this means. Are you saying that we were listed because we are sending too many emails that there is no proof are spam? Please also tell me how our ISP can contact the deputies at spamcop.net Also what are deputies?

Link to comment
Share on other sites

No you are being listed because you are sending emails to spamtraps. These are hidden email addresses that are unused, and so by definition could never solicit email, therefore any email received by them is unsolicited.

The most common reason for this is a mail server that is misconfigured to blindly send NDRs to whoever an email says it is "From:". Almost 100% of spam uses forged from addresses, so these NDRs go to innocent 3rd parties and spamtraps, and are considered by most to be no better than spam.

The worst hit I had on NDRs was almost 1000 in one day from various misconfigured mail servers when a spammer decided to use my email address as the "From:" address of the day.

I and many others report all these misdirected NDRs as spam.

Your mail server should not be configured to accept emails unless it is certain it can deliver them. If someone sends an email to a bad email address, your mail server should reject it during the SMTP transaction with a 500 series error message, rather than accepting it for delivery and later bouncing it to the (usually forged) "From:" address.

Link to comment
Share on other sites

Not quite sure what all this means. Are you saying that we were listed because we are sending too many emails that there is no proof are spam? Please also tell me how our ISP can contact the deputies at spamcop.net  Also what are deputies?

39488[/snapback]

No, the IP address of your mail server is listed probably because it is sending email (probably delayed bounces and back-scatter) to spamtrap addresses. Your email sending habits probably have little to nothing to do with it.

The ISP admin should send an email to deputies[at]spamcop.net asking about the types of messages hitting the spamtraps from that IP address. They will not give you the actual messages, but can gve some hints whether it is real spam, a virus infected on the network, or back-scatter.

The deputies are the people who work for SpamCop and have access to the background information about listings.

Link to comment
Share on other sites

SpamCop is killing us!

[snip]

We always get the following:

131.103.218.142 not listed in bl.spamcop.net

39468[/snapback]

Having looked at the report history, there seem to be very few reports of mail through this IP being reported although almost all look to be spam trap hits. Those that have a subject line look to be mis-directed bounces. However, significantly, the most recent report looks to be 5 January yet your complaint is for a message on the 19th.

Now, a number of ISPs that use block lists to reduce their unwanted spam traffic are known to blame SpamCop when it is actually any one of a number of blocklists that might have you listed.

Is this IP address your own mail server or are you, as seems to be suggested, sharing your mail server with other customers of Verio? If the latter, then you may well be suffering because of the misbehaviour of other Verio customers. In that case Telarin's suggestion of running your own mail server may be the way forward for you.

Andrew

Link to comment
Share on other sites

Here we go again :angry:

Hi. This is the qmail-send program at mail15c.boca15-verio.com.

I'm afraid I wasn't able to deliver your message to the following addresses.

This is a permanent error; I've given up. Sorry it didn't work out.

<steven[at]cems.com.sg>:

210.193.7.31 does not like recipient.

Remote host said: 550 Spamcop, http://spamcop.net/w3m?action=checkblock&ip=131.103.218.142

Giving up on 210.193.7.31.

--- Below this line is a copy of the message.

Return-Path: <dbaranyai[at]tufftemp.com>

Received: from mx02.bcrtfl01.us.mxservers.net (131.103.218.98)

by mail15c.boca15-verio.com (RS ver 1.0.95vs) with SMTP id 1-0656264226;

Mon, 23 Jan 2006 11:37:09 -0500 (EST)

Received: from www.tufftemp.com [209.238.190.188] (HELO DaveBaranyai)

by mx02.bcrtfl01.us.mxservers.net (mxl_mta-1.3.8-10p4) with SMTP id 33605d34.11240.234.mx02.bcrtfl01.us.mxservers.net;

Mon, 23 Jan 2006 11:37:07 -0500 (EST)

From: "David Baranyai" <dbaranyai[at]tufftemp.com>

To: "Steven Tan \(CEMS Pte Ltd\)" <steven[at]cems.com.sg>

Cc: "K. K. Kanoria" <prolific[at]cal.vsnl.net.in>

Subject: GLASSTECH INDIA 2006

Date: Mon, 23 Jan 2006 11:39:06 -0500

Message-ID: <OHEEKOIGKJFNLGAGFAGPKEGJCJAA.dbaranyai[at]tufftemp.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_0061_01C62011.9E32A590"

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0)

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670

Importance: Normal

In-Reply-To: <002b01c61fcb$87191d30$2300a8c0[at]LAPPY>

X-spam: [F=0.0052631579; heur=0.500(-6100); stat=0.010; spamtraq-heur=0.343(2006012201)]

X-MAIL-FROM: <dbaranyai[at]tufftemp.com>

X-SOURCE-IP: [209.238.190.188]

X-Loop-Detect:1

X-DistLoop-Detect:1

This is a multi-part message in MIME format.

131.103.218.142 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 23 hours.

We contacted Verio again and they said that there is nothing they can do as SpamCop is doing the blocking, not them.

We just want to reply to emails! We do not send spam nor does anybody else here. Can you guys post answeres that a normal person can understand?

Link to comment
Share on other sites

Ok, I'll try my best at "Answers a normal person can understand"

Spamcop does not block email.

Spamcop provides a list of known VERIFIED spam sources to any person that wants it.

You verio mail server, 131.103.218.142 is on that list. It is on the list, because messages originating at that server meet Spamcops criteria for spam. You share this server with many other verio customers, any one of which can spoil it for everyone else.

Spamcop recommends using their list to tag mail as potential spam rather than delete it, however, many ISPs, including cems.com.sg use the list to block email rather than tag it as possible spam, which is certainly their right to do.

It is Verio's responsibility to make sure their customers are not abusing their services, and that they keep their servers off of blocklists, however, they don't feel like taking the time to ensure that the services that you pay for are reliable.

Since your ISP is unresponsive to stopping the spam that other customers are sending through their servers, and thus allowing your mail service to be interrupted, I would recommend either finding a new email provider, or installing your own mail server that only your company will use.

Link to comment
Share on other sites

Thanks for posting your follow up in the same thread as previously.

As noted by Telarin, the listing is due to messages through the server being sent to spam traps.

Despite Verio's insistence that SpamCop is blocking your messages I hope you'll see that this isn't possible - unless the message is being sent to a SpamCop Email address.

But, many ISPs choose to use SpamCop's list of sources of spam to implement their own block because they find the list so accurate and responsive to spam. This is the situation you face. Your contacts ISP has cosen to use the SCBL in this way. So you are actually being blocked by the recipient's ISP.

I just looked and the mail server you mention is due to come off the list in 22 hours unless further unsolicited Email is sent through it.

Despite their protests Verio can tackle the flow of junk through their servers - in fact a further 18 IP addresses on their system are currently sending unsolicited mail so it is clearly isn't an isolated issue. Passing the blame to SpamCop is an easy option for them - easier than fixing the problem themselves.

I checked in Google and see that messages through the mail server that you are using have included subjects such as:

Winning Notification

An Open Letter In Support of The HERO ACT S-2261

CONGRATULATIONS!!!

i just received this message

So although you may not be sending spam, somebody else clearly is. Verio should tackle this issue with the customers concerned.

Failing this you have two options bearing in mind that the actual ISP blocking your Email is the ISP of the person/people you are writing to...

1. Change your outgoing mail server to a company that is more understanding or responsive to the issue than Verio appears to be

2. Ask your recipient to get their ISP to stop blocking against the SCBL.

The first option is easier and quicker. If the receiving ISP has successfully reduced its spam load by using the SCBL they are unlikely to stop using it for one customer - but they may have white listing capacity for a customer in which case it should be simple.

Sadly, spammers have spoilt Email for all users.

Andrew

Link to comment
Share on other sites

We just want to reply to emails! We do not send spam nor does anybody else here. Can you guys post answeres that a normal person can understand?

39590[/snapback]

Your email is sent through a verio server. Many other people use the same server to send email. One of them is sending spam. The person sending spam may not know it. The computer may have a virus that sends the spam.

The verio server has an IP address 131.103.218.142. SpamCop reporters have reported spam receiving spam from that server. Verio gets a report. The IP address also goes on a blocklist. Other ISPs can use the blocklist to identify that IP address and choose to not accept email from it so that their customers do not receive spam.

Verio does not do its job as a good internet service provider for you. Verio does nothing to stop the spam so that you can send your email without it being blocked. You should be able to send email without it being blocked. You can send email without it being blocked if you use another email service. You can use Hotmail to send email to your friends who do not want to receive spam as well as your email.

Sometimes internet service providers who have many servers do have servers that do not send spam. Sometimes, if you ask them, your provider will send your email from a server that does not send spam. You can ask verio if they will do this for you.

SpamCop does not block your email. SpamCop has a list of IP addresses that are sending spam. Other internet service providers use the spamcop blocklist, and other blocklists also, to keep spam away from their customers. Your friends are using an internet service provider who uses spamcop blocklist to send email back. You can ask your friends to get another internet service provider who lets them get all the email sent to them including the spam. Then they will have to look at the spam as well as your email. Is that what you want?

Hope that this is clearer. Please ask any questions.

Miss Betsy

Link to comment
Share on other sites

mail15c.boca15-verio.com [131.103.218.142] has lots of SpamCop Spamtrap hits. In addition, it has the following Report History:

Submitted: Wednesday 2006/01/04 21:36:23 -0500: 

1611166051 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Tuesday 2006/01/03 03:08:06 -0500:

1609079480 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Monday 2006/01/02 21:02:33 -0500:

1608264621 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Monday 2005/12/19 12:39:36 -0500:
Mail Delivery Failure
1591934659 ( 216.40.35.68 ) To: abuse[at]tucows.com
1591934645 ( 131.103.218.142 ) To: spamcop[at]imaphost.com
1591934624 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Friday 2005/11/25 11:40:33 -0500:
failure notice
1565503604 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Friday 2005/11/25 11:40:33 -0500:
failure notice
1565503606 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Friday 2005/11/25 11:40:33 -0500:
failure notice
1565503607 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Friday 2005/11/25 11:40:33 -0500:
failure notice
1565503610 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Sunday 2005/11/20 02:21:12 -0500:
failure notice
1561794811 ( 131.103.218.142 ) To: spamcop[at]imaphost.com
1561794805 ( 131.103.218.142 ) To: [concealed user-defined recipient]
1561794795 ( 131.103.218.142 ) To: abuse[at]verio.net
1561794791 ( 131.103.218.142 ) To: abuse[at]verio-hosting.com

--------------------------------------------------------------------------------

Submitted: Sunday 2005/11/20 02:21:05 -0500:
failure notice
1561794703 ( 131.103.218.142 ) To: spamcop[at]imaphost.com
1561794702 ( 131.103.218.142 ) To: [concealed user-defined recipient]
1561794699 ( 131.103.218.142 ) To: abuse[at]verio.net
1561794693 ( 131.103.218.142 ) To: abuse[at]verio-hosting.com

--------------------------------------------------------------------------------

Submitted: Sunday 2005/11/20 02:21:04 -0500:
failure notice
1561794555 ( 131.103.218.142 ) To: spamcop[at]imaphost.com
1561794551 ( 131.103.218.142 ) To: [concealed user-defined recipient]
1561794543 ( 131.103.218.142 ) To: abuse[at]verio.net
1561794538 ( 131.103.218.142 ) To: abuse[at]verio-hosting.com

--------------------------------------------------------------------------------

Submitted: Monday 2005/11/14 04:54:54 -0500:
failure notice
1555476767 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Friday 2005/11/11 12:58:42 -0500:
failure notice
1553214506 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Thursday 2005/11/10 11:26:26 -0500:
Mail Delivery Failure
1552318388 ( 131.103.218.142 ) To: abuse[at]verio.net

--------------------------------------------------------------------------------

Submitted: Wednesday 2005/11/09 13:01:47 -0500:
Mail Delivery Failure
1551506723 ( 131.103.218.142 ) To: abuse[at]verio.net[/CODEBOX]

The above data indicate that the vast majority of the problem is misdirected bounces, which should be avoided by using 500-series errors during the SMTP transaction. Such misdirected bounces are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of On what type of email should I (not) use SpamCop? and the Misdirected bounces section of Why are auto-responders (and delayed bounces) bad?.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...