Jump to content

Concerned about potential false blacklist


Recommended Posts

I just received 198 bounced/failed/blocked email messages for one of my email addresses. While I didn't read all of them, they all seem to be the same drug-for-male-enhancement-spam ad, and all seem to have come from the same place if I read the headers right, and all have my address as the reply-to. If 198 failed, how many were successfully sent?

I'm worried that people reporting these as spam could get my domain blacklisted, and even if it didn't, I don't want to be associated with this junk. Should I report this to anyone, and if so, how? Should I save the emails, since they have the header info, in case I do get blacklisted?

Here is one of the headers:

Return-Path: <info[at]mainshipsystems.com>

Received: (qmail 9574 invoked by uid 1013); 5 Apr 2006 21:33:21 -0300

Received: from info[at]mainshipsystems.com by mail by uid 1005 with qmail-scanner-1.21

(clamdscan: 0.68. spamassassin: 2.63. Clear:RC:0(

Processed in 1.434332 secs); 06 Apr 2006 00:33:21 -0000

X-spam-Status: No, hits=0.7 required=5.0

Received: from unknown (HELO email.classroomu.com) (

by with SMTP; 5 Apr 2006 21:33:20 -0300

Received: from

(SquirrelMail authenticated user info[at]mainshipsystems.com);

by email.classroomu.com with HTTP id Ab44qw9z070269904;

Wed, 05 Apr 2006 23:36:05 +0000

Message-Id: <YxaUQL.squirrel[at]>

Date: Wed, 05 Apr 2006 23:36:05 +0000

Subject: Better than Viagra

From: "Leland" <info[at]mainshipsystems.com>

To: elvis[at]netwise.com.br

User-Agent: SquirrelMail/1.4.3a

X-Mailer: SquirrelMail/1.4.3a

MIME-Version: 1.0

Content-Type: text/html; charset=iso-8859-1

Content-Transfer-Encoding: 8bit

X-Priority: 3 (Normal)

Importance: Normal

HELO email.classroomu.com has been common to every set of headers I've looked at so far.

Link to comment
Share on other sites

Spamcop only blacklists the source IP address listed in the header, they ignore all forgable information, including the from address and domain, so you don't have to worry about getting blacklisted here unless the email originated from your outgoing mailserver (which is extremely unlikely).

Unfortunately, this seems to happen to all of us. I myself got nearly 1000 emails of this type in one day a while back. They are caused by mail server admins that don't know how to properly configure their mail servers to reject email.

On another note, YOU can report all the misdirected bounces to spamcop, as they are considered spam per http://www.spamcop.net/fom-serve/cache/14.html

There is no excuse in this day and age for a mail server to send these kind of bounces to innocent third parties (such as yourself).

Link to comment
Share on other sites

I get hundreds of misdirected bounces, challenges, and auto-responses a day, and use the SpamCop Parsing and Reporting System to Report them. If you have time, you can use the SpamCop Parsing and Reporting System's Parser to help you compose a Manual Report to the ISP of the system that sent the original spam email messages.

Link to comment
Share on other sites

Thank you!  I'll try the SpamCop Parsing and Reporting System.


SpamCop will only try to list/target the IP source of the computer that sent the spam in any properly configured/compliant email server

A Properly configured email server will show where the email was sourced from. In this link shown it shows SpamCop tracing back to my personal computer [iP] which is all that SpamCop ideally wants to "block".

You can after configured your "Mail Host" test drive SpamCop to see what it is going to report

This allows SpamCop to list an IP as it is sending spam not after. Releasing that IP when spam is stop being sent

If your computer becomes listed by SpamCop it is urgent that you Security Check[ your Personal Computer (PC).

(pop-up required to install Symantec/Norton java/activex)

An unsecured computer gives access to all thugs! Not only spammer control.

Thugs will learn where you live when you are home or when you are not as well as every detail available on that PC Important for windows users to go through my "signature"

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...