odysseus183 Posted August 29, 2006 Share Posted August 29, 2006 Hello, My company email was being blocked last week by spamcop. The block has already expired, but since this happens on occasion I thought I would look into it. Apparently, the block was put in place because some spam was sent from one our ISPs (Verio) email servers, 128.121.64.66. This is not our email server (204.3.196.116) and the spam did not come from our domain (bosssystems.com). The spam was reported to the usenet group news.net-abuse.sighting: http://groups.google.com/group/news.admin....bea49bb805c52f2 Am I missing something here, or is our company being penalized by something that does not have anything to do with us? Is there a way I can avoid this in the future? Aaron Link to comment Share on other sites More sharing options...
Wazoo Posted August 29, 2006 Share Posted August 29, 2006 On the surface, based on a quick read, this appears to be better served by being placed in the Blocking List Help Forum .. moving it to that Forum section with this post ... Link to comment Share on other sites More sharing options...
Telarin Posted August 29, 2006 Share Posted August 29, 2006 It is unlikely that the email you posted a link to is involved in your spamcop listing. First, if your email server is indeed 204.3.196.116, then that email does not appear to have passed through that IP at all. Second, it takes much more than a single report to get an IP address listed. I'm sure one of the paid reporters will be along shortly and can post the report summary for your IP address so we can get a better idea. Is your mailserver run by Verio, or is it your own server? Verio typically configures their mailserver incorrectly so that they send bounces to forged from addresses by the thousands, which causes them to be listed on a regular basis. My internet connection is through Verio, however, we run our own internal mailserver, which is configured in accordance with best practices, and have never had a problem. Link to comment Share on other sites More sharing options...
odysseus183 Posted August 29, 2006 Author Share Posted August 29, 2006 Verio provides both our webhosting and email. Link to comment Share on other sites More sharing options...
Miss Betsy Posted August 29, 2006 Share Posted August 29, 2006 Whether or not, your email server's IP address is listed on spamcop may, or may not, have anything to do with a posting on news.net-abuse.sighting. Some posters have access to past reports and may be able to help you further with why your email server has been listed. If you administer your own server, you might read the server admin section of the Why Am Blocked? FAQ for possibilities. Automatic replies which reply to forged return paths are often the culprit. Does the blocking coincide with someone in your office on vacation and using Out of Office replies indiscriminately? Miss Betsy Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 29, 2006 Share Posted August 29, 2006 It is unlikely that the email you posted a link to is involved in your spamcop listing. First, if your email server is indeed 204.3.196.116, then that email does not appear to have passed through that IP at all. Second, it takes much more than a single report to get an IP address listed. I'm sure one of the paid reporters will be along shortly and can post the report summary for your IP address so we can get a better idea. No better idea on that IP Address: Parsing input: 204.3.196.116 host 204.3.196.116 (getting name) = www.bosssystems.com. host 204.3.196.116 = www.bosssystems.com (cached) No recent reports, no history available Routing details for 204.3.196.116 [refresh/show] Cached whois for 204.3.196.116 : swip[at]sjcwh.verio.net abuse[at]verio.net redirects to abuse[at]ntt.net Using best contacts abuse[at]ntt.net The other IP address, however, is bouncing undeliverables all over the internet. Does your server use them as a smarthost, possibly? That would cause your mail to be affected by their listing. Report History: Don't Display UUBE -------------------------------------------------------------------------------- Submitted: Monday, August 28, 2006 9:01:11 PM -0400: failure notice 1896467229 ( 128.121.64.66 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Sunday, August 27, 2006 7:28:17 AM -0400: failure notice 1894095528 ( 128.121.64.66 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Saturday, August 26, 2006 8:30:41 AM -0400: failure notice 1892883988 ( 128.121.64.66 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Saturday, August 26, 2006 2:25:13 AM -0400: failure notice 1892589422 ( 128.121.64.66 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Friday, August 25, 2006 10:03:25 AM -0400: Mail Delivery Failure 1891684281 ( 128.121.64.66 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Thursday, August 24, 2006 4:16:18 PM -0400: failure notice 1890723671 ( 128.121.64.66 ) ( UUBE ) To: uube[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Thursday, August 24, 2006 8:52:40 AM -0400: failure notice 1890170422 ( 128.121.64.66 ) ( UUBE ) To: uube[at]devnull.spamcop.net Older Reports Link to comment Share on other sites More sharing options...
Telarin Posted August 29, 2006 Share Posted August 29, 2006 Are you certain that 128.121.64.66 is not your outgoing mail server? Look in your email programs account settings for your SMTP server. What do you have listed there? Link to comment Share on other sites More sharing options...
DavidT Posted August 29, 2006 Share Posted August 29, 2006 Here's a link to an archived newsgroup message that seems to describe a similar situation involving Verio hosting and the blocking of outgoing mail: http://news.spamcop.net/pipermail/spamcop-...ary/108030.html DT Link to comment Share on other sites More sharing options...
Merlyn Posted August 29, 2006 Share Posted August 29, 2006 Resolved bosssystems.com to 204.3.196.116 [bosssystems.com has 1 MX record mail-fwd.g14.rapidsite.net.(50)] Resolved mail-fwd.g14.rapidsite.net to 128.121.85.2 You might be right address 128.121.64.66 = mail14d.g14.rapidsite.net. he is using Rapidsite! so it could have gone through there. Link to comment Share on other sites More sharing options...
odysseus183 Posted August 30, 2006 Author Share Posted August 30, 2006 We do not have any autoresponders configured. I checked again this morning to confirm. Verio hosts our web and our email for us. I don't know the difference between hosting and "smart" hosting. In our email programs, the POP3 server is specified as bosssystems.com and the SMTP server is specified as smtp.bosssystems.com. These both map to the same IP address, 204.3.196.116. Rapidsite is part of Verio. From reading the link posted by DavidT, I gather that: 1. Verio is at fault. 2. There is nothing I can do about it except report the problem to Verio and/or get a new provider. Is this about right? Aaron Link to comment Share on other sites More sharing options...
odysseus183 Posted August 30, 2006 Author Share Posted August 30, 2006 It happened again, this time with mail14e.g14.rapidsite.net [128.121.64.102] http://www.spamcop.net/w3m?action=blcheck&...=128.121.64.102 Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 30, 2006 Share Posted August 30, 2006 It happened again, this time with mail14e.g14.rapidsite.net [128.121.64.102] http://www.spamcop.net/w3m?action=blcheck&...=128.121.64.102 Please send an email to the address in my sig with the subject: SpamCop Forum Test I would like to see the path your message takes coming from your system to the internet. It is likely your list is correct, but this should confirm it. Link to comment Share on other sites More sharing options...
DavidT Posted August 30, 2006 Share Posted August 30, 2006 I'm guessing that this is a "shared hosting" situation, in which many domains share a single server. In most of those cases, the email source IP is rarely the IP affiliated with the domain itself, but usually a more "global" one belonging to either the server itself or some hop upstream from the server. This is one of the major problems of shared hosting, in that if anything bad is being transmitted by your "neighbors" on the server, it winds up interfering with your outbound mail also. In the case of the most recent IP you gave us, it looks like the server is sending "misdirected bounces" that are hitting spamtrap addresses. This is something that only the server admin would be able to deal with, in that they'd need to change the server's behavior so that it rejects incoming mail during the initial SMTP session instead of sending out separate bounce notices after the fact. DT Link to comment Share on other sites More sharing options...
odysseus183 Posted August 30, 2006 Author Share Posted August 30, 2006 In the case of the most recent IP you gave us, it looks like the server is sending "misdirected bounces" that are hitting spamtrap addresses. This is something that only the server admin would be able to deal with, in that they'd need to change the server's behavior so that it rejects incoming mail during the initial SMTP session instead of sending out separate bounce notices after the fact. What are "misdirected bounces"? Do they have something to do with autoresponders? Link to comment Share on other sites More sharing options...
GraemeL Posted August 30, 2006 Share Posted August 30, 2006 What are "misdirected bounces"? Do they have something to do with autoresponders? Autoresponders generate some, but not all misdirected bounces. You can read some details in one of the Spamcop FAQs here. Link to comment Share on other sites More sharing options...
Wazoo Posted August 30, 2006 Share Posted August 30, 2006 Autoresponders generate some, but not all misdirected bounces. You can read some details in one of the Spamcop FAQs here. Of course, mentioning that this referenced SpamCop FAQ is incorported into the single-page-access and expanded form of it here, linked to at the top of the page. There is also a Dictionary, Glossary, and the recently opened SpamCopWiki that includes "words you may not know the meaning of" available 'here' .... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.