Domain Blacklisted

[joshrodgers]

I am a webmaster for the following domain: www.heturnedshe.com. The client tells me they are blacklisted and want to know why. No spam is being sent (I have verified that) and I would like to know how to get them unblacklisted. They have sent me the following e-mail bounce error:

Could not deliver message to the following recipient(s):

Failed Recipient: me[at]briannaaustin.com

Reason: Remote host said: 454 Service unavailable; Client host [70.86.204.186] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?70.86.204.186

another instance occured with this message:

Could not deliver message to the following recipient(s):

Failed Recipient: sarah[at]miss-sarah.cjb.net

Reason: Remote host said: 550 5.7.1 ... Rejected: 70.86.204.186 listed at bl.spamcop.net

The client has told me they have e-mailed these individuals and are in constant conversation through other e-mail addresses. Please let me know how I can un-block this domain. Thanks for your help,

Josh Rodgers

webmaster[at]joshrodgers.com

[StevenUnderwood]

I am a webmaster for the following domain: www.heturnedshe.com. The client tells me they are blacklisted and want to know why. No spam is being sent (I have verified that) and I would like to know how to get them unblacklisted. They have sent me the following e-mail bounce error:

Could not deliver message to the following recipient(s):

Failed Recipient: me[at]briannaaustin.com

Reason: Remote host said: 454 Service unavailable; Client host [70.86.204.186] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?70.86.204.186

Please follow the link provided to see why the MAIL SERVER they are using is listed. As stated in the Spamcop FAQ linked in several places on the very page you posted from, Spamcop does not deal with domain names but the actual IP address sending spam messages.

host 70.86.204.186 = 4-Steven.m6.net is the machine with the problem.

Report History:

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 10:38:34 PM -0400:

Kentwood Associates.

1747512446 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 6:42:43 PM -0400:

WINNING .............................NOTIFICATION

1747330164 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 6:04:19 PM -0400:

WINNING NOTIFICATION

1747303743 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 5:26:27 PM -0400:

WINNING NOTIFICATION

1747269359 ( http://www.national-lottery.co.uk/player/p/resu... ) To: abuse[at]gblx.net

1747269353 ( 70.86.204.186 ) To: spamcop[at]imaphost.com

1747269351 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 5:17:55 PM -0400:

WINNING .............................NOTIFICATION

1747280200 ( 70.86.204.186 ) To: spamcop[at]imaphost.com

1747280164 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 11:02:52 AM -0400:

UNITED NATIONS LOTTERY WINNER(CONTACT CLAIMS AGENT)!!!

1746918015 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 10:09:47 AM -0400:

WINNING .............................NOTIFICATION

1746866748 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 9:40:53 AM -0400:

YOUR EMAIL ADDRESS WON THE LOTTERY DRAW

1746827433 ( 70.86.204.186 ) To: abuse[at]theplanet.com

--------------------------------------------------------------------------------

Submitted: Thursday, May 11, 2006 9:04:16 AM -0400:

WINNING .............................NOTIFICATION

1746790535 ( 70.86.204.186 ) To: abuse[at]theplanet.com

[Merlyn]

Just to let you know you are also listed in the following:

Resolved 70.86.204.186 to 4-Steven.m6.net

-------------------------------------------------------------------------------

+ SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2

Blocked - see http://www.spamcop.net/bl.shtml?70.86.204.186

--------------------------------------------------------------------------------

+ DSBLLIST Distributed Sender Boycott List: single-stage relays tested by trusted users: list.dsbl.org -> 127.0.0.2

http://dsbl.org/listing?70.86.204.186

--------------------------------------------------------------------------------

+ DSBLUNCONFIRMED Distributed Sender Boycott List: single-stage relays, multihop relays and listings by anonymous users: unconfirmed.dsbl.org -> 127.0.0.2

http://dsbl.org/listing?70.86.204.186

--------------------------------------------------------------------------------

+ EMAILBASURA EmailBasura spam received in Spain: bl.emailbasura.org -> 127.0.0.2

--------------------------------------------------------------------------------

+ SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.6

spam Received See: http://www.sorbs.net/lookup.shtml?70.86.204.186

--------------------------------------------------------------------------------

+ SORBSSPAM List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. : spam.dnsbl.sorbs.net -> 127.0.0.6

spam Received See: http://www.sorbs.net/lookup.shtml?70.86.204.186

--------------------------------------------------------------------------------

+ DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2

http://dsbl.org/listing?70.86.204.186

--------------------------------------------------------------------------------

+ DNSBLAUDSBL Distributed Server Boycott List: dsbl.dnsbl.net.au -> 127.0.0.2

http://dsbl.org/listing?70.86.204.186

--------------------------------------------------------------------------------

+ DNSBLAUPROBES Servers currently probing other networks: probes.dnsbl.net.au -> 127.0.0.2

70.86.204.186 see http://www.dnsbl.net.au/probes/

--------------------------------------------------------------------------------

And the list is growing.

Hope this helps

[joshrodgers]

Thanks for the quick replies. I spoke with the domain owner (client with the problem), as well as checked the rest of the domain e-mail addresses and non such e-mails were sent. How do you stop someone from using a e-mail address from your domain if they don't have an address? Is there a way? Or how could I protect my clients in the future from such? Thanks,

Josh

[Merlyn]

Yes, those emails were sent from/through that machine. That machine has been compromised and the spammers have more control of it than the owner does.

If your administrator does not know where or how to find his problem then I suggest you go somewhere that knows how to administer a server properly.

Other hosts in this "neighborhood" with spam reports

70.86.204.42 70.86.205.10 70.86.205.130

It is also listed in the Lashback UBL

70.86.204.186 IS listed in UBL

[Wazoo]

I spoke with the domain owner (client with the problem), as well as checked the rest of the domain e-mail addresses and non such e-mails were sent. How do you stop someone from using a e-mail address from your domain if they don't have an address? Is there a way? Or how could I protect my clients in the future from such?

Checked with the "Domain owner" ...???? Does the "Domain owner" actually run/contol the e-mail server running at the IP address offered up? (Just tried to Telnet in there to see what software was used, but .. no connection)

http://www.spamcop.net/w3m?action=checkblo...p=70.86.204.186 says that both spamtrap hits and user reports were involved in getting this IP address listed. (and that someone tried the quick/easy delisting without solving the problem first ..oooops!)

http://www.senderbase.org/?searchBy=ipaddr...g=70.86.204.186 shows probable signs of viral activity;

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.8 .. 308%

Last 30 days .. 4.4 .... 47%

Average ........ 4.2

SpamCop reports (for the users complaining) would be going to abuse[at]theplanet.com , which as you notice has nothing to do with the "Domain owners" you've talked about thus far. More typically, your "Domain owners" are using a "shared" e-mail server ... you need to talk to the person actually running that e-mail server ..

As stated in many, many places, it's the IP address that's critical if the SpamCop DNSBL is involved.

"From:" line forgery is an ancient spammer ploy .. to stop it, one would have to stop the spammer's fingers from touching the keyboard .... take away the microphone if he/she is working via voice control ... secure the ankles to prevent the use of toes from reaching the keyboard ... on and on ....

[joshrodgers]

Thanks for all your replies. The people contacted are not the actual server administrators. I will contact them to resolve this issue. I apologize as I may sound like a newbie, but I am one. I am a webmaster and I have worked with servers, but never administered them. Take care,

Josh