Jump to content

Blacklisting


iconsee_99

Recommended Posts

Hello,

I have recently become responsible for the mail servers at a large company and am needing to understand Spamcop thoroughly for the first time - we have been blocked a few times since I've been administrator over the last couple of months and I am trying to understand why so that we can prevent it in the future. I'm currently trying to clean up misdirected bounces, in case that is the problem. And, I know the entire company uses auto-responders for Out-of-Office with Exchange, and have read this can cause blacklisting. However, I've not been able to convince those responsible for Exchange that this could cause the problem. If anyone could help me understand the Spamcop reports, I would be very much appreciative.

"Service unavailable; Client host [194.138.160.6] blocked using bl.spamcop.net; Blocked - see http://www.spamcop.net/bl.shtml?194.138.160.6"

We're not currently blocked, but the last summary report I got looked like this:

[ SpamCop V1.596 Summary Report ]

-- See footer for key to columns and notes about this report --

IP_Address Start/Length Trap User Mole Simp Comments

RDNS

194.138.160.6 Sep 1 03h/6 1 0 0 0

goliath.siemens.com

Thanks in advance,

JoAnn

Link to comment
Share on other sites

Welcome to the forums Iconsee_99,

Auto-responders certainly can be a cause of problems so are best avoided. If users are that much attached to them, asking them how they would feel having some of their emails blocked or having to deal with dozens of bounces from others' autoresponders is one approach, while calculating how much upstream bandwidth (and money) is wasted due to misdirected bounces would be a better argument for managers.

If you can't get rid of them though, the following steps can help reduce the problem:

  • use rigorous filtering (blocklists, content, Bayesian) on incoming mail to remove as much spam as possible;
  • employ extensions like Sender Policy Framework and DomainKeys to detect forged sender addresses (these only work for compliant domains so are not a 100% solution by a long shot, but that should improve over time);
  • have bounces sent from a separate server - this will get blocklisted leaving your main SMTP server unaffected;
  • stop sending bounces altogether - this will mean posters not receiving error messages if they specify an incorrect address but may be the lesser evil if you are currently sending thousands of misdirected bounces.

Link to comment
Share on other sites

Misdirected bounces seem to be indeed your major problem:

Report History:

Don't Display UUBE

Submitted: Friday, September 08, 2006 4:10:34 PM -0400: 
Returned mail: see transcript for details 
1913375767 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net
-------------------------
Submitted: Friday, September 08, 2006 11:06:09 AM -0400: 
Returned mail: see transcript for details 
1912988817 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net
-------------------------
Submitted: Friday, September 08, 2006 2:28:41 AM -0400: 
Returned mail: see transcript for details 
1912370258 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Wednesday, September 06, 2006 7:05:37 PM -0400: 
Out of Office AutoReply: [Possible spam] Good news for traders 
1910322924 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Wednesday, September 06, 2006 7:41:55 AM -0400: 
Undeliverable: ALVN news 
1909470988 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Tuesday, September 05, 2006 10:25:00 PM -0400: 
Out of Office AutoReply: this going to expolad 
1908896523 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Tuesday, September 05, 2006 10:22:11 PM -0400: 
Returned mail: see transcript for details 
1908893313 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Monday, September 04, 2006 8:22:58 PM -0400: 
Returned mail: see transcript for details 
1907088256 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Monday, September 04, 2006 7:27:21 AM -0400: 
Returned mail: see transcript for details 
1906073037 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Sunday, September 03, 2006 11:02:28 PM -0400: 
Returned mail: see transcript for details 
1905560741 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Sunday, September 03, 2006 11:02:01 PM -0400: 
Returned mail: see transcript for details 
1905560172 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Sunday, September 03, 2006 5:32:10 PM -0400: 
Out of Office AutoReply: High-quality custom logos and business i dentities (... 
1905249257 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Saturday, September 02, 2006 3:59:12 PM -0400: 
Returned mail: see transcript for details 
1903824426 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Saturday, September 02, 2006 8:08:30 AM -0400: 
Returned mail: see transcript for details 
1903322686 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Saturday, September 02, 2006 8:07:02 AM -0400: 
Returned mail: see transcript for details 
1903321216 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Friday, September 01, 2006 12:55:07 PM -0400: 
Returned mail: see transcript for details 
1902263166 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Friday, September 01, 2006 12:23:10 PM -0400: 
Returned mail: see transcript for details 
1902226757 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 
-------------------------
Submitted: Friday, September 01, 2006 12:06:26 PM -0400: 
Returned mail: see transcript for details 
1902210440 ( 194.138.160.6 ) ( UUBE ) To: uube[at]devnull.spamcop.net 

Link to comment
Share on other sites

Misdirected bounces seem to be indeed your major problem:

Thanks for your help, dra007. The report you posted should prove very helpful - is this a report that I can somehow get on a regular basis?

Thanks for everyone's help. This will give me some good solutions to look into and some ammunition to take to the executives who are complaining to me because Spamcop is blocking mail going out to our customers. I'm certainly glad I found this forum! :)

Link to comment
Share on other sites

Thanks for your help, dra007. The report you posted should prove very helpful - is this a report that I can somehow get on a regular basis?

That informaton is available to paid reporters by clicking the [report history] link in the parser output for your IP address.

SpamCop v 1.596 Copyright © 1998-2006, IronPort Systems, Inc. All rights reserved.

Parsing input: 194.138.160.6

host 194.138.160.6 = goliath.siemens.com (cached)

host 194.138.160.6 = goliath.siemens.com (cached)

[report history]...

You also have at least one regular report. Do you have access to the following email account? Any reports will be sent to that address.

Report History:

Display UUBE

-------------------------------------------------------------

Submitted: Saturday, July 29, 2006 1:09:19 PM -0400:

Returned mail: see transcript for details

1856671612 ( 194.138.160.6 ) To: klaus.bork[at]siemens.com

1856671611 ( 194.138.160.6 ) To: klaus.bork[at]mch11.siemens.de

The reason it picks that address:

Tracking details

Display data:

"whois 194.138.160.6[at]whois.ripe.net" (Getting contact from whois.ripe.net)

kb1678-ripe = klaus.bork[at]siemens.com

whois.ripe.net 194.138.160.6 = klaus.bork[at]siemens.com

whois: 194.138.0.0 - 194.138.255.255 = klaus.bork[at]siemens.com

Routing details for 194.138.160.6

Using last resort contacts klaus.bork[at]siemens.com

Changing whois data or adding an abuse address to abuse.net should get reports redirected.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...