joshrodgers Posted May 13, 2006 Share Posted May 13, 2006 I am a webmaster for the following domain: www.heturnedshe.com. The client tells me they are blacklisted and want to know why. No spam is being sent (I have verified that) and I would like to know how to get them unblacklisted. They have sent me the following e-mail bounce error: Could not deliver message to the following recipient(s): Failed Recipient: me[at]briannaaustin.com Reason: Remote host said: 454 Service unavailable; Client host [70.86.204.186] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?70.86.204.186 another instance occured with this message: Could not deliver message to the following recipient(s): Failed Recipient: sarah[at]miss-sarah.cjb.net Reason: Remote host said: 550 5.7.1 ... Rejected: 70.86.204.186 listed at bl.spamcop.net The client has told me they have e-mailed these individuals and are in constant conversation through other e-mail addresses. Please let me know how I can un-block this domain. Thanks for your help, Josh Rodgers webmaster[at]joshrodgers.com Link to comment Share on other sites More sharing options...
StevenUnderwood Posted May 13, 2006 Share Posted May 13, 2006 I am a webmaster for the following domain: www.heturnedshe.com. The client tells me they are blacklisted and want to know why. No spam is being sent (I have verified that) and I would like to know how to get them unblacklisted. They have sent me the following e-mail bounce error: Could not deliver message to the following recipient(s): Failed Recipient: me[at]briannaaustin.com Reason: Remote host said: 454 Service unavailable; Client host [70.86.204.186] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?70.86.204.186 Please follow the link provided to see why the MAIL SERVER they are using is listed. As stated in the Spamcop FAQ linked in several places on the very page you posted from, Spamcop does not deal with domain names but the actual IP address sending spam messages. host 70.86.204.186 = 4-Steven.m6.net is the machine with the problem. Report History: -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 10:38:34 PM -0400: Kentwood Associates. 1747512446 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 6:42:43 PM -0400: WINNING .............................NOTIFICATION 1747330164 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 6:04:19 PM -0400: WINNING NOTIFICATION 1747303743 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 5:26:27 PM -0400: WINNING NOTIFICATION 1747269359 ( http://www.national-lottery.co.uk/player/p/resu... ) To: abuse[at]gblx.net 1747269353 ( 70.86.204.186 ) To: spamcop[at]imaphost.com 1747269351 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 5:17:55 PM -0400: WINNING .............................NOTIFICATION 1747280200 ( 70.86.204.186 ) To: spamcop[at]imaphost.com 1747280164 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 11:02:52 AM -0400: UNITED NATIONS LOTTERY WINNER(CONTACT CLAIMS AGENT)!!! 1746918015 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 10:09:47 AM -0400: WINNING .............................NOTIFICATION 1746866748 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 9:40:53 AM -0400: YOUR EMAIL ADDRESS WON THE LOTTERY DRAW 1746827433 ( 70.86.204.186 ) To: abuse[at]theplanet.com -------------------------------------------------------------------------------- Submitted: Thursday, May 11, 2006 9:04:16 AM -0400: WINNING .............................NOTIFICATION 1746790535 ( 70.86.204.186 ) To: abuse[at]theplanet.com Link to comment Share on other sites More sharing options...
Merlyn Posted May 13, 2006 Share Posted May 13, 2006 Just to let you know you are also listed in the following: Resolved 70.86.204.186 to 4-Steven.m6.net ------------------------------------------------------------------------------- + SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?70.86.204.186 -------------------------------------------------------------------------------- + DSBLLIST Distributed Sender Boycott List: single-stage relays tested by trusted users: list.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?70.86.204.186 -------------------------------------------------------------------------------- + DSBLUNCONFIRMED Distributed Sender Boycott List: single-stage relays, multihop relays and listings by anonymous users: unconfirmed.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?70.86.204.186 -------------------------------------------------------------------------------- + EMAILBASURA EmailBasura spam received in Spain: bl.emailbasura.org -> 127.0.0.2 -------------------------------------------------------------------------------- + SORBS spam and Open Relay Blocking System: Aggregate zone: dnsbl.sorbs.net -> 127.0.0.6 spam Received See: http://www.sorbs.net/lookup.shtml?70.86.204.186 -------------------------------------------------------------------------------- + SORBSSPAM List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. : spam.dnsbl.sorbs.net -> 127.0.0.6 spam Received See: http://www.sorbs.net/lookup.shtml?70.86.204.186 -------------------------------------------------------------------------------- + DNSBLAUT1 Reynolds Technology Type 1: t1.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?70.86.204.186 -------------------------------------------------------------------------------- + DNSBLAUDSBL Distributed Server Boycott List: dsbl.dnsbl.net.au -> 127.0.0.2 http://dsbl.org/listing?70.86.204.186 -------------------------------------------------------------------------------- + DNSBLAUPROBES Servers currently probing other networks: probes.dnsbl.net.au -> 127.0.0.2 70.86.204.186 see http://www.dnsbl.net.au/probes/ -------------------------------------------------------------------------------- And the list is growing. Hope this helps Link to comment Share on other sites More sharing options...
joshrodgers Posted May 14, 2006 Author Share Posted May 14, 2006 Thanks for the quick replies. I spoke with the domain owner (client with the problem), as well as checked the rest of the domain e-mail addresses and non such e-mails were sent. How do you stop someone from using a e-mail address from your domain if they don't have an address? Is there a way? Or how could I protect my clients in the future from such? Thanks, Josh Link to comment Share on other sites More sharing options...
Merlyn Posted May 14, 2006 Share Posted May 14, 2006 Yes, those emails were sent from/through that machine. That machine has been compromised and the spammers have more control of it than the owner does. If your administrator does not know where or how to find his problem then I suggest you go somewhere that knows how to administer a server properly. Other hosts in this "neighborhood" with spam reports 70.86.204.42 70.86.205.10 70.86.205.130 It is also listed in the Lashback UBL 70.86.204.186 IS listed in UBL Link to comment Share on other sites More sharing options...
Wazoo Posted May 14, 2006 Share Posted May 14, 2006 I spoke with the domain owner (client with the problem), as well as checked the rest of the domain e-mail addresses and non such e-mails were sent. How do you stop someone from using a e-mail address from your domain if they don't have an address? Is there a way? Or how could I protect my clients in the future from such? Checked with the "Domain owner" ...???? Does the "Domain owner" actually run/contol the e-mail server running at the IP address offered up? (Just tried to Telnet in there to see what software was used, but .. no connection) http://www.spamcop.net/w3m?action=checkblo...p=70.86.204.186 says that both spamtrap hits and user reports were involved in getting this IP address listed. (and that someone tried the quick/easy delisting without solving the problem first ..oooops!) http://www.senderbase.org/?searchBy=ipaddr...g=70.86.204.186 shows probable signs of viral activity; Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.8 .. 308% Last 30 days .. 4.4 .... 47% Average ........ 4.2 SpamCop reports (for the users complaining) would be going to abuse[at]theplanet.com , which as you notice has nothing to do with the "Domain owners" you've talked about thus far. More typically, your "Domain owners" are using a "shared" e-mail server ... you need to talk to the person actually running that e-mail server .. As stated in many, many places, it's the IP address that's critical if the SpamCop DNSBL is involved. "From:" line forgery is an ancient spammer ploy .. to stop it, one would have to stop the spammer's fingers from touching the keyboard .... take away the microphone if he/she is working via voice control ... secure the ankles to prevent the use of toes from reaching the keyboard ... on and on .... Link to comment Share on other sites More sharing options...
joshrodgers Posted May 14, 2006 Author Share Posted May 14, 2006 Thanks for all your replies. The people contacted are not the actual server administrators. I will contact them to resolve this issue. I apologize as I may sound like a newbie, but I am one. I am a webmaster and I have worked with servers, but never administered them. Take care, Josh Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.