leeasteadman Posted March 1, 2006 Posted March 1, 2006 Dear spam gurus, I am at my tethers end because my business is heavily suffering from two aspects of spam. The incoming spam I suffer is a problem for another forum, it is the blacklisting of my outgoing email that is running my business into the ground as none of my suppliers (email and web hosting provider, ISP and domain host) seem to be doing enough to get this problem resolved and I rely heavily on email to communicate and collaborate with my partners and customers on projects my company carries out. When sending email to my biggest supplier, Dell, I get the following message/error (receive very similar bounces from other large companies that I send email to that use SPAMCOP or SENDERBASE for spam blocking) --PLEASE NOTE SENSITIVE INFORMATION IS REPLACED WITH "REMOVED": This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: REMOVED[at]Dell.com SMTP error from remote mail server after initial connection: host smtp.ins.dell.com [143.166.83.183]: 554-ausc60pc103.us.dell.com 554 Connections from this sending hostname platinum.webfusion.co.uk, IP address of: 212.67.202.156 are being rejected due to low SenderBase Reputation score (below -2). Your SenderBase organization: 2213792. See http://www.senderbase.org/ for more information. ------ This is a copy of the message, including all the headers. ------ Return-path: <REMOVED[at]clearskycomputing.com> Received: from spc2-hers2-5-0-cust227.asfd.broadband.ntl.com ([82.0.46.228] helo=leedell) by platinum.webfusion.co.uk with esmtpa (Exim 4.54) id 1FERPh-0007Yo-O4 for REMOVED[at]Dell.com; Wed, 01 Mar 2006 13:30:45 +0000 From: "REMOVED" <REMOVED[at]clearskycomputing.com> To: <REMOVED[at]Dell.com> Subject: if you get this, just ignore Date: Wed, 1 Mar 2006 13:30:44 -0000 Message-ID: <001b01c63d34$58fa4bf0$6600a8c0[at]leedell> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_001C_01C63D34.58FA4BF0" X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcY9NFezJPGN+Q1OTcahezj8yMPyJQ== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_001C_01C63D34.58FA4BF0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit BODY OF EMAIL WAS HERE BUT HAS BEEN REMOVED ------=_NextPart_000_001C_01C63D34.58FA4BF0 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2722" name=3DGENERATOR></HEAD> <BODY> <DIV><SPAN class=3D031452813-01032006><FONT face=3D"Lucida Console" = color=3D#000080=20 size=3D2>Hi Ross,</FONT></SPAN></DIV> <DIV><SPAN class=3D031452813-01032006><FONT face=3D"Lucida Console" = color=3D#000080=20 size=3D2>if you do get this email please just ignore. Just = seeing if I'm=20 bouncing off Dell's email systems</FONT></SPAN></DIV> <DIV><FONT face=3D"Lucida Console" color=3D#000080 = size=3D2></FONT> </DIV> <DIV align=3Dleft><FONT face=3D"Lucida Console" color=3D#000080=20 size=3D2></FONT> </DIV> <DIV align=3Dleft><FONT face=3D"Lucida Console" color=3D#000080 = size=3D2>Best=20 regards,</FONT></DIV> <DIV align=3Dleft><FONT face=3D"Lucida Console" color=3D#000080=20 size=3D2></FONT> </DIV> <DIV align=3Dleft><FONT face=3D"Lucida Console" color=3D#000080 = size=3D2>Lee=20 Steadman</FONT></DIV> <DIV align=3Dleft><FONT face=3D"Lucida Console" color=3D#000080 = size=3D2>Clear Sky=20 Computing Ltd</FONT></DIV> <DIV align=3Dleft><FONT face=3D"Lucida Console" color=3D#000080 = size=3D2><SPAN=20 class=3D375385514-23012006><STRONG>NEW WEB SITE WITH NEW SERVICES=20 AND PRICING, TO FIND OUT MORE VISIT:</STRONG></SPAN></FONT></DIV> <DIV align=3Dleft><FONT size=3D2><FONT face=3D"Lucida Console"><FONT=20 color=3D#000080><SPAN class=3D375385514-23012006><A=20 href=3D"http://www.clearskycomputing.com/"><STRONG>http://www.clearskycom= puting.com</STRONG></A></SPAN></FONT></FONT></FONT></DIV> <DIV align=3Dleft><FONT size=3D2><FONT face=3D"Lucida Console"><FONT=20 color=3D#000080><SPAN=20 class=3D375385514-23012006></SPAN></FONT></FONT></FONT> </DIV> <DIV> </DIV></BODY></HTML> ------=_NextPart_000_001C_01C63D34.58FA4BF0-- and here's another bounce from an associate: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: REMOVED[at]xko.co.uk SMTP error from remote mail server after MAIL FROM:<REMOVED[at]clearskycomputing.com>: host mx0.xko.net.uk [194.128.197.132]: 553 5.3.0 Rejected - see http://www.spamcop.net/bl.shtml ------ This is a copy of the message, including all the headers. ------ Return-path: <REMOVED[at]clearskycomputing.com> Received: from spc2-hers2-5-0-cust227.asfd.broadband.ntl.com ([82.0.46.228] helo=leedell) by platinum.webfusion.co.uk with esmtpa (Exim 4.54) id 1FERXH-0001PO-EI for REMOVED[at]xko.co.uk; Wed, 01 Mar 2006 13:38:35 +0000 From: "REMOVED" <REMOVED[at]clearskycomputing.com> To: "REMOVED" <REMOVED[at]xko.co.uk> Subject: ignore - bounce test Date: Wed, 1 Mar 2006 13:38:31 -0000 Message-ID: <002001c63d35$70f14960$6600a8c0[at]leedell> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0021_01C63D35.70F14960" X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcY9NW4j14NrTzTDQoOv4wC6KlBqAw== X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 This is a multi-part message in MIME format. ------=_NextPart_000_0021_01C63D35.70F14960 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit ignore - bounce test ------=_NextPart_000_0021_01C63D35.70F14960 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dus-ascii"> <META content=3D"MSHTML 6.00.2900.2722" name=3DGENERATOR></HEAD> <BODY> <DIV><SPAN class=3D843063813-01032006><FONT face=3D"Lucida Console" = color=3D#000080=20 size=3D2>ignore - bounce test</FONT></SPAN></DIV></BODY></HTML> ------=_NextPart_000_0021_01C63D35.70F14960-- I've gone through thoroughly SPAMCOP and senderbase Web site FAQ's and followed procedure for blacklist dispute. I have got nothing back from anyone yet. Meanwhile my business projects are grinding to a hault causing serious loss of income. This is so detrimental to my business if I don't get sorted within the next few days I will be forced to take some kind of action like transfer my email and business collaboration and CRM systems over to new email/domain/IP which could cost so much and cause such disruption it could likely sink my business. If any can help with this potentially 'business destroying' situation you could be our sole saviour and we would be for ever greatful
Telarin Posted March 1, 2006 Posted March 1, 2006 212.67.202.156 is spammy. It has sent spam to spamtraps, and has had messages reported by receivers. It looks like those reports would have gone to abuse[at]webfusion.co.uk. I would start by talking to them and finding out why you never saw these reports. http://www.spamcop.net/w3m?action=checkblo...=212.67.202.156 The entire 212.67.202.* block looks pretty bad, I see at least 20 different hosts listed on the SCBL. I would suggest that if email is that important to your company, you either find an email provider that takes care of their spam problems and can provide you reliable email service, or get a non-shared mail server. 194.128.197.132 does not appear to be currently listed on the SCBL http://www.spamcop.net/w3m?action=checkblo...194.128.197.132 and I don't see any abuse reports on the google groups http://groups.google.com/groups?scoring=d&...2+group:*abuse* Perhaps a paid member could pull a listing history on that IP and see if there are any reports recently. It could be that xko.co.uk is misreporting their rejection reason, which is a lot more common than one might expect.
Derek T Posted March 1, 2006 Posted March 1, 2006 I would suggest that if email is that important to your company, you either find an email provider that takes care of their spam problems and can provide you reliable email service, or get a non-shared mail server. I heartily concur. Take your business elsewhere. PlusNet is a very good UK host. Perhaps a paid member could pull a listing history on that IP and see if there are any reports recently. It could be that xko.co.uk is misreporting their rejection reason, which is a lot more common than one might expect. 40825[/snapback] I have done, and there is none, Senderbase shows no activity at all.
Merlyn Posted March 1, 2006 Posted March 1, 2006 ------ This is a copy of the message, including all the headers. ------ Received: from spc2-hers2-5-0-cust227.asfd.broadband.ntl.com ([82.0.46.228] helo=leedell) by platinum.webfusion.co.uk with esmtpa (Exim 4.54) id 1FERXH-0001PO-EI for REMOVED[at]xko.co.uk; Wed, 01 Mar 2006 13:38:35 +0000 40824[/snapback] This is strange to me. Are you sure this is the only received line? If it is the mail was sent from spc2-hers2-5-0-cust227.asfd.broadband.ntl.com ([82.0.46.228] helo=leedell) this is a dynamic IP that should not be running a mail server if they want their mail delivered. Most admins will not accept mail from a dynamic IP and it is listed in a few dynamic lists. next the Helo is bogus as it should be s FQDN. Also if we check sightings for the same 'helo' in other spam runs we find http://groups.google.com/group/news.admin....rt=0&scoring=d& What software was used to send this test? I might be wrong but I don't think we have enough information here.
Jeff G. Posted March 1, 2006 Posted March 1, 2006 Report History for 212.67.202.156 follows: Submitted: Thursday 2006/02/23 11:40:58 -0500: x 1669047315 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Sunday 2006/02/12 10:09:18 -0500: Mail delivery failed: returning message to sender 1655954980 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Saturday 2006/02/11 12:58:10 -0500: Mail delivery failed: returning message to sender 1655293907 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Wednesday 2006/02/08 06:47:48 -0500: Mail delivery failed: returning message to sender 1652087031 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2006/02/07 22:20:50 -0500: Mail delivery failed: returning message to sender 1651239151 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2006/02/07 18:36:32 -0500: Mail delivery failed: returning message to sender 1651082673 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2006/02/07 10:59:07 -0500: Mail delivery failed: returning message to sender 1650703232 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Thursday 2006/01/26 12:19:43 -0500: February Offers 1636485468 ( 212.67.202.156 ) To: spamcop[at]imaphost.com 1636485442 ( http:// www.yuzumedia.com/blast/box.php?funcml=u... ) To: abuse[at]gxn.net 1636485429 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Thursday 2006/01/05 14:53:11 -0500: Mail delivery failed: returning message to sender 1610835581 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Thursday 2006/01/05 12:50:42 -0500: **VL-JUNK** Web Site - 'Contact Enquiry' Form 1610695448 ( http:// www.pharm-all.com ) To: mole[at]devnull.spamcop.net 1610695440 ( 212.67.202.156 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Thursday 2006/01/05 12:50:08 -0500: **VL-JUNK** Web Site - 'Contact Enquiry' Form 1610694874 ( http:// www.pharm-all.com ) To: mole[at]devnull.spamcop.net 1610694866 ( 212.67.202.156 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Tuesday 2006/01/03 02:51:44 -0500: Mail delivery failed: returning message to sender 1607527603 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Monday 2005/12/26 05:31:18 -0500: Mail delivery failed: returning message to sender 1598831115 ( 212.67.202.156 ) To: spamcop[at]imaphost.com 1598831094 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Monday 2005/12/26 03:31:05 -0500: Mail delivery failed: returning message to sender 1598643007 ( 212.67.202.156 ) To: spamcop[at]imaphost.com 1598643001 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Sunday 2005/12/25 11:54:22 -0500: Mail delivery failed: returning message to sender 1598027261 ( 212.67.202.156 ) To: spamcop[at]imaphost.com 1598027260 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2005/12/20 08:01:30 -0500: Request: from Company: OEMSoftwareBlowout8329[at]thamesair.com 1592821309 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2005/12/20 06:04:19 -0500: Request: from Company: NewSoftwareCheap8951[at]natolamps.com 1592720606 ( http:// microsoftwvworksf4lp2938k4l6txxa2ffskxff... ) To: cnc-abuse[at]abuse.sprint.net 1592720605 ( http:// extremediscountcomodcyt0chbduxk661boo1bo... ) To: cnc-abuse[at]abuse.sprint.net 1592720601 ( http:// microsoftwvworksf4lp2938k4l6txxa2ffskxff... ) To: postmaster[at]china-netcom.com 1592720600 ( http:// extremediscountcomodcyt0chbduxk661boo1bo... ) To: postmaster[at]china-netcom.com 1592720596 ( 212.67.202.156 ) To: spamcop[at]imaphost.com 1592720595 ( http:// www.ronfell.com ) To: abuse[at]gxn.net 1592720594 ( http:// www.natolamps.com/contact ) To: abuse[at]gxn.net 1592720592 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Sunday 2005/12/18 08:28:27 -0500: Mail delivery failed: returning message to sender 1590594674 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Wednesday 2005/12/14 04:14:12 -0500: Mail delivery failed: returning message to sender 1585890240 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2005/12/13 15:01:36 -0500: Web Site Property Enquiry 1585297055 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2005/12/13 03:10:00 -0500: Web Site Property Enquiry 1584660424 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2005/12/13 01:35:12 -0500: Message from contact page of website 1584579657 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2005/12/13 01:33:32 -0500: Message from contact page of website 1584576208 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Monday 2005/12/12 18:15:09 -0500: Request: from Company: BreakingIssueNews366[at]thamesair.com 1584615088 ( 212.67.202.156 ) To: spamcop[at]imaphost.com 1584615077 ( http:// www.thamesair.com/contact ) To: abuse[at]gxn.net 1584615073 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Monday 2005/12/12 17:30:28 -0500: Web Site Property Enquiry 1584190506 ( 212.67.202.156 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Monday 2005/12/12 17:03:34 -0500: Alpha request from church web site 1584209775 ( 212.67.202.156 ) To: spamcop[at]imaphost.com 1584209743 ( 212.67.202.156 ) To: abuse[at]gxn.net -------------------------------------------------------------------------------- Submitted: Tuesday 2005/12/06 12:33:16 -0500: YUZU Chrismas card e-mail offer 1577318598 ( http:// www.yuzumedia.com/blast/box.php?funcml=u... ) To: mole[at]devnull.spamcop.net 1577318597 ( 212.67.202.156 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Saturday 2005/12/03 12:29:13 -0500: Mail delivery failed: returning message to sender 1574015001 ( 212.67.202.156 ) To: abuse[at]gxn.net[/CODEBOX]
leeasteadman Posted March 1, 2006 Author Posted March 1, 2006 I am stunned by the rapid professional repsonse from you all. I'm not even a customer. Well I feel like I have enough information to make some serious decisions to get out of this frustrating situation. Many many thanks for this useful help
leeasteadman Posted March 1, 2006 Author Posted March 1, 2006 Turns out that there are several other people that have complained about being black listed to WebFusion (my web and email host) and they say they can't do anything about it. I have already started to plan migrating off of their (black listed) systems to someone who I considered before, www.zen.co.uk Thanks again to everyone for all the help
Telarin Posted March 1, 2006 Posted March 1, 2006 Yeah, unfortunately the blacklisted ISP who "can't" (translation: Its too much trouble to actually provide the services that our customers pay for) do anything about being blacklisted is becoming more and more common. Fortunately, there are still a lot of hosts out there that do maintain their systems as they should, and if they encounter a blacklist or other problem, they take the necessary actions to fix it. A google search of the abuse groups for any ISP you are thinking about using is usually a good place to start, as is a senderbase lookup of their mail servers. That will tell you a lot about whether they just let their mail servers run and spew who knows what, or whether they actually hold their customers to the TOS.
turetzsr Posted March 1, 2006 Posted March 1, 2006 I am stunned by the rapid professional repsonse from you all. I'm not even a customer.40852[/snapback] ...Thank you for the kind words. The fact that you are not a customer and found help here is one of the advantages of a "peer" forum like this one -- we don't care that you're not a customer of SpamCop (many of us are not, either, although we do make use of some of its services ... for free!) but we do care that you had a question about how the SpamCop blacklist is used.Well I feel like I have enough information to make some serious decisions to get out of this frustrating situation. Many many thanks for this useful help 40852[/snapback] ...Good luck!
Jeff G. Posted March 2, 2006 Posted March 2, 2006 I have already started to plan migrating off of their (black listed) systems to someone who I considered before, www.zen.co.uk Thanks again to everyone for all the help 40853[/snapback] You're welcome. However, please be sure to question their competence regarding http://groups.google.com/group/uk.telecom....67658772b2a741a and possibly other incidents before you sign on the dotted line.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.