prosmart Posted October 14, 2023 Share Posted October 14, 2023 Greetings Long time (daily) user - first time poster. Our ISP, siteground has been using mailspamprotection.com for years and everything has been rosy. About a week or so ago (maybe two) we have been seeing more and more our ISP's machine being misdiagnosed by Spamcop as the source of spam, rather than the machine that is the "real" sender. Trying to work out what has changed and how we can fix the issue. https://www.spamcop.net/sc?id=z6865722595z78a087c1c0ace4cab227a12158185d3cz Can anyone shed any light on this for us please? Not sure what other info I can supply. Thanks Nigel. Quote Link to comment Share on other sites More sharing options...
gnarlymarley Posted October 14, 2023 Share Posted October 14, 2023 It looks like the Chain test failed for the name between the first Received line and the second. 185.56.86.0 is not 34.28.10.218. Somewhere a header got lost or else the server has two IPs. Chain test:instance-us-central1-g787.prod.antispam.mailspamprotection.com =? delivery.antispam.mailspamprotection.com Host delivery.antispam.mailspamprotection.com (checking ip) = 185.56.86.0 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com Host instance-us-central1-g787.prod.antispam.mailspamprotection.com (checking ip) = 34.28.10.218 185.56.86.0 is not an MX for instance-us-central1-g787.prod.antispam.mailspamprotection.com Quote Link to comment Share on other sites More sharing options...
ninth Posted October 14, 2023 Share Posted October 14, 2023 (edited) 60.251.163.7 discarded as a forgery, using 185.56.86.136 IP forgery by spammer. The links in the email are registered by nic.br mail-abuse@cert.br host hostinger US Edited October 14, 2023 by ninth add Quote Link to comment Share on other sites More sharing options...
petzl Posted October 14, 2023 Share Posted October 14, 2023 3 hours ago, ninth said: 60.251.163.7 discarded as a forgery, using 185.56.86.136 IP forgery by spammer. The links in the email are registered by nic.br mail-abuse@cert.br host hostinger US 60.251.163.7 has been hard coded by SpamCop to go to 185.56.86.136? Could be a legacy issue? 60.251.163.7 Abuse address is hostmaster[AT]twnic[DOT]net[DOT]tw Quote Link to comment Share on other sites More sharing options...
ninth Posted October 17, 2023 Share Posted October 17, 2023 On 10/14/2023 at 3:44 PM, ninth said: The links in the email are registered by nic.br mail-abuse@cert.br host hostinger US To clarify I am talking about this link as an alternative report considering it was previously black listed: marabaatacadista.com.br dnsbl.spfbl.net 213.190.6.248 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.