Source of BlackListing

[HostAdore]

Hi SpamCop,

A client of mine recently said "What's wrong with the mail? My clients say that they have not received my latest business proposal!"

With just that to go on, I started to determine why mail was not going through. I asked them what mail they were sending to and sent a test mail from their server. Lo and Behold their server is listed on a SpamCop BlackList!

The client is on a shared server with a lot of other sites. (they are changing the server in 2 weeks - but again to another shared server). There were 10 spam reports in the last 144 days. The server will be delisted in 20 hours.

But, I think it is likely that there is a spammer on this server sending spam to a SpamCop client, so more than likely that the server will be black listed as soon as it is delisted.

Is there a way of determining who is sending the spam that is causing problems for this server? I could then lobby for this client to be thrown off the server if is really is spam they are sending.

(The server IP is 69.93.250.250).

Thanks for helpin!

[dra007]

The planet is often reported for spamming abuse, in addition it doesn't wish to see the reports:

Parsing input: 69.93.250.250

host 69.93.250.250 = milan.dnstraffic.net (cached)

host 69.93.250.250 = milan.dnstraffic.net (cached)

[report history]

ISP does not wish to receive report regarding 69.93.250.250

ISP does not wish to receive reports regarding http://69.93.250.250/ - no date available

Routing details for 69.93.250.250

[refresh/show] Cached whois for 69.93.250.250 : abuse[at]theplanet.com

Using abuse net on abuse[at]theplanet.com

abuse net theplanet.com = abuse[at]theplanet.com

Using best contacts abuse[at]theplanet.com

Statistics:

69.93.250.250 listed in bl.spamcop.net (127.0.0.2)

This is a history of recent reports, do the subject lines look familiar?

Report History:

Query short history (7 days)



--------------------------------------------------------------------------------

Submitted: Sunday, November 12, 2006 12:48:55 PM -0500: 
PAYMENT OFFICER REQUIRED (BUSINESS OFFER) 
2014304375 ( 69.93.250.250 ) To: abuse[at]theplanet.com 

--------------------------------------------------------------------------------

Submitted: Sunday, November 12, 2006 12:54:11 AM -0500: 
ALFA OIL AND GAS SEEKS PARTNERS AND REPRESENTATIVES 
2013444018 ( 69.93.250.250 ) To: abuse[at]theplanet.com 

--------------------------------------------------------------------------------

Submitted: Friday, November 10, 2006 12:51:44 PM -0500: 
You have received a postcard ! 
2011156735 ( http://forcards.us/postcards/postcards.gif.exe ) To: network-abuse[at]cc.yahoo-inc.com 
2011156710 ( 69.93.250.250 ) To: spamcop[at]imaphost.com 
2011156675 ( 69.93.250.250 ) To: [concealed user-defined recipient]
2011156661 ( 69.93.250.250 ) To: abuse[at]theplanet.com 

--------------------------------------------------------------------------------

Submitted: Friday, November 10, 2006 12:51:44 PM -0500: 
You have received a postcard ! 
2011156812 ( http://forcards.us/postcards/postcards.gif.exe ) To: network-abuse[at]cc.yahoo-inc.com 
2011156787 ( 69.93.250.250 ) To: spamcop[at]imaphost.com 
2011156768 ( 69.93.250.250 ) To: [concealed user-defined recipient]
2011156756 ( 69.93.250.250 ) To: abuse[at]theplanet.com 

--------------------------------------------------------------------------------

Submitted: Friday, November 10, 2006 12:51:44 PM -0500: 
You have received a postcard ! 
2011157629 ( http://forcards.us/postcards/postcards.gif.exe ) To: network-abuse[at]cc.yahoo-inc.com 
2011157622 ( 69.93.250.250 ) To: spamcop[at]imaphost.com 
2011157619 ( 69.93.250.250 ) To: [concealed user-defined recipient]
2011157616 ( 69.93.250.250 ) To: abuse[at]theplanet.com 

--------------------------------------------------------------------------------

Submitted: Friday, November 10, 2006 11:02:14 AM -0500: 
You have received a postcard ! 
2011116698 ( http://forcards.us/postcards/postcards.gif.exe ) To: network-abuse[at]cc.yahoo-inc.com 
2011116694 ( 69.93.250.250 ) To: spamcop[at]imaphost.com 
2011116689 ( 69.93.250.250 ) To: [concealed user-defined recipient]
2011116656 ( 69.93.250.250 ) To: abuse[at]theplanet.com 

Moderators: this sounds like it should be moved to the IP block section!

[HostAdore]

Thanks DRA007.

No, none of those look familiar. This is a shared server so it could easily have been sent from someone's else's account.

Is there not a way of telling which domain it was sent from? I don't know if the above are spam or not though, but if they are and I know which domain is sending them then I can lobby to have that domain terminated or something.

[Wazoo]

With ths post, Topic moved to the Blocking List Help Forum section.

First thought .. have you checked the FAQs here at all yet?

Second thought ... the report history offered in this Topic has enough data for you to talk to your host ... simply point out that you know of SpamCop.net Reports/Complaints sent in reference to "( 69.93.250.250 ) To: abuse[at]theplanet.com" ... simply ask them to get on the ball and take care of the problem .... assumedly, some of the money your clients are paying you is going upstream, ask that upstream to do something in return for that money besides allowing the spew to continue ...

[HostAdore]

Hey Wazoo,

I haven't checked the FAQ yet, but will do so.

I already contacted the server administrator on behalf of the client and they said they fixed the issue with the blacklist. (it was the first thing I did)

However, I am 99% sure that this does not mean that the offenders were removed from the server. It probably only means that they pressed that button that requested the server to be removed from the blacklist. I am pretty sure that the spammers are still there and will continue to, as you say, "spew".

I am having this account moved to a different server next week anyway. Once again I will have no way to control or monitor the actions of others as this is a shared server as well. Since this is a new server, i am hoping it will not be a problem.

I was hoping that there was some way for me to identify spammers so I can force the ultimate hosts to remove these accounts for the benefit of all. I can not see how to do this, so I guess the only thing I can do is to rely on the ultimate host to do their job properly. (However, I can see from above that The Planet don't really care about these reports)

[Wazoo]

http://spamcop.net/w3m?action=checkblock&a...p=69.93.250.250

69.93.250.250 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 18 hours.

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

http://www.senderbase.org/search?searchBy=...g=69.93.250.250

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 3.6 .. 24677%

Last 30 days .. 1.8 ...... 273%

Average ........ 1.2

Numbers like this would rather indicte that they have totally lost control of that server to some spammer(s)

It's already listed in other BLs also.

[HostAdore]

Lol - I don't know what half of that means, but I will take your word for it that there are some serious issues with this server and spamming.

Any advice on finding a better service provider where my clients will not encounter these issues? A good mail service is very important to my clients and having the server blacklisted is not a step in the right direction.

[GraemeL]

Any advice on finding a better service provider where my clients will not encounter these issues? A good mail service is very important to my clients and having the server blacklisted is not a step in the right direction.

If not getting blacklisted is important to them, they really need to pay more and get a box dedicated to them. If they're on a shared host, they are always at the mercy of the actions of other users on the same machine.

[Telarin]

Its pretty inexpensive now to run your own mail server. That is by far the best solution if you are depending on email. Just make sure to get someone that knows their mailservers to set it up.

[HostAdore]

If not getting blacklisted is important to them, they really need to pay more and get a box dedicated to them. If they're on a shared host, they are always at the mercy of the actions of other users on the same machine.

That's what I figured. I am working towards this with 4 of my clients (ie 1 dedicated server for the 4 clients and about 15 websites). But the most suitable box I can find is $249 a month + another $100 to have someone maintain it. I guess they will have to put up with these problems until they can afford that.

Its pretty inexpensive now to run your own mail server. That is by far the best solution if you are depending on email. Just make sure to get someone that knows their mailservers to set it up.

Thanks for the tip. I will look into this. It might be the best interim solution if I can find a good provider.

OK, after a bit of reading I realised that what you meant by running my own mail server was not what I thought. The problem with setting up a mail server here for the client is that it will require my client to have constant internet access and power supply. Unfortunately neither of those exist where the client is, so it would only make the problem worse.

However, if I can find a datacenter that will lease a cheap server purely for the purpose of mail, (which is what I thought you meant) then this would be the way to go.

Of course, if the hosting provider could control spam from the server that the client is on, then none of this would be a problem.

Looks like a cheap dedicated server is the way to go.

[HostAdore]

I was just reminded that VPS is a cheaper option of getting a dedicated IP rather getting a dedicated server. I guess if I only use the account for mail purposes - it should function quite well!!