gwadmin Posted November 28, 2006 Share Posted November 28, 2006 I am trying to find out what has caused a customer of mine to be placed on the blocklist. I have subscribed to the reporting but all I get is a summary saying I am blocked. How do I find the details of what has caused the block? Any help would be much appreciated. Phil This is an example email The attached file had the following undeliverable recipient(s): jmcrae[at]wrri.com Transcript of session follows: Command: Data... Response: 571 - MAIL REFUSED - IP (24.106.126.138) is in RBL black list bl.spamcop.net Link to comment Share on other sites More sharing options...
GraemeL Posted November 28, 2006 Share Posted November 28, 2006 I am trying to find out what has caused a customer of mine to be placed on the blocklist. I have subscribed to the reporting but all I get is a summary saying I am blocked. How do I find the details of what has caused the block? Any help would be much appreciated. Phil This is an example email The attached file had the following undeliverable recipient(s): jmcrae[at]wrri.com Transcript of session follows: Command: Data... Response: 571 - MAIL REFUSED - IP (24.106.126.138) is in RBL black list bl.spamcop.net Trying hard to restrain myself from commenting on why anybody would accept mail from any IP in Road Runer netspace. http://www.spamcop.net/w3m?action=blcheck&...=24.106.126.138 Causes of listing * System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) * SpamCop users have reported system as a source of spam less than 10 times in the past week Recent reports: Submitted: Mon, 27 Nov 2006 14:49:05 GMT: Check out my lists for walking women, walking men, and gadgets for everyone. * 2037509197 ( 24.106.126.138 ) To: spamcop[at]imaphost.com * 2037509152 ( 24.106.126.138 ) To: abuse[at]rr.com Submitted: Thu, 23 Nov 2006 08:49:06 GMT: earache * 2031189885 ( 24.106.126.138 ) To: abuse[at]rr.com Submitted: Wed, 22 Nov 2006 06:36:30 GMT: scathing truck * 2029659574 ( 24.106.126.138 ) To: abuse[at]rr.com Submitted: Fri, 17 Nov 2006 17:36:55 GMT: wonder anthill * 2022203399 ( 24.106.126.138 ) To: spamcop[at]imaphost.com * 2022203367 ( 24.106.126.138 ) To: abuse[at]rr.com Link to comment Share on other sites More sharing options...
turetzsr Posted November 28, 2006 Share Posted November 28, 2006 Hi! ...Did you visit the SpamCop home page? There's a section there labeled "REPORTED FOR SPAMMING?" that may help answer your question. ...Did you click the big red link near the top of each Forum page labeled "------>------> Latest and Current Announcements <------<------?" There are links on that page under a heading labeled "Why am I Blocked?" that may help answer your question. Also, there's a link labeled "How to find what you are looking for without pulling your hair out in the process" with helpful tips about posting to the SpamCop Forum that will help you post here with the minimum effort for maximum results (help from us SpamCop users). ...Did you peruse our SpamCop FAQ (link near top left of the SpamCop Forum pages). There are links there labeled "Why am I Blocked?," "Has your email been blocked? (ISP, Mailing List Admin, Advertiser)," "SpamCop Blocking List - Am I listed?" and "How can I check if an IP is on the list?" that may help answer your question. ...If after checking these resources you still have questions, please return here to post them. If you find they do answer your question, please also post back here to let us know you found what you needed. ...Thanks and good luck! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 28, 2006 Share Posted November 28, 2006 I am trying to find out what has caused a customer of mine to be placed on the blocklist. I have subscribed to the reporting but all I get is a summary saying I am blocked. How do I find the details of what has caused the block? Any help would be much appreciated. Phil This is an example email The attached file had the following undeliverable recipient(s): jmcrae[at]wrri.com Transcript of session follows: Command: Data... Response: 571 - MAIL REFUSED - IP (24.106.126.138) is in RBL black list bl.spamcop.net Did you start here: http://www.spamcop.net/bl.shtml?24.106.126.138 where you would see a number of reasons for being listed if you are not intentionally sending spam. Then proceed to: http://www.spamcop.net/w3m?action=blcheck&...=24.106.126.138 where you would see you are almost off the listing and: Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam less than 10 times in the past week If this IP address is shared, it is possible another party is sending the spam messages. Some information you can not see unless you are a paid reporter is the time and subject or some of the recent reports against that IP address. abuse[at]rr.com seems to have gotten the reports so your customer should check with them to get more information: Submitted: Monday, November 27, 2006 9:49:05 AM -0500: Check out my lists for walking women, walking men, and gadgets for everyone. 2037509197 ( 24.106.126.138 ) To: spamcop[at]imaphost.com 2037509152 ( 24.106.126.138 ) To: abuse[at]rr.com -------------------------------------------------------------------------------- Submitted: Thursday, November 23, 2006 3:49:06 AM -0500: earache 2031189885 ( 24.106.126.138 ) To: abuse[at]rr.com -------------------------------------------------------------------------------- Submitted: Wednesday, November 22, 2006 1:36:30 AM -0500: scathing truck 2029659574 ( 24.106.126.138 ) To: abuse[at]rr.com Link to comment Share on other sites More sharing options...
gwadmin Posted November 28, 2006 Author Share Posted November 28, 2006 Thanks, I will check with Road Runner. I assumed the abuse email would go to the abuse address for the domain the customer is using not the Road Runner abuse address. Thanks again Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 28, 2006 Share Posted November 28, 2006 Thanks, I will check with Road Runner. I assumed the abuse email would go to the abuse address for the domain the customer is using not the Road Runner abuse address. Thanks again The domain in an email is easily forged. SpamCop used the abuse desk of the IP address used to originate (as far back as the program can reliably trace it) the message. Link to comment Share on other sites More sharing options...
gwadmin Posted November 30, 2006 Author Share Posted November 30, 2006 How do I stop the forgery? We went back on the spamcop list a few hours after we were off. I still have not gotten any additional info from Road Runner. From what I saw in what you sent me was the account blocked over one spam email? Link to comment Share on other sites More sharing options...
Farelf Posted November 30, 2006 Share Posted November 30, 2006 How do I stop the forgery? We went back on the spamcop list a few hours after we were off. I still have not gotten any additional info from Road Runner. From what I saw in what you sent me was the account blocked over one spam email? The forged email address is not the problem (which is fortunate because there is NO WAY to stop it). The server is being used to send spam. And no, it was not 'one' spam email. Spamtraps have also been hit from the IP address 24.106.126.138 That *can* be fixed (by Road Runner, if they have sufficient incentive). Link to comment Share on other sites More sharing options...
turetzsr Posted November 30, 2006 Share Posted November 30, 2006 How do I stop the forgery?...Take away the spammers forging equipment. <g> IOW, you probably can't.<snip> From what I saw in what you sent me was the account blocked over one spam email? ...Nope, not according to the information SpamCop gives us: see SpamCop FAQ entry labeled "What is on the list?" For one thing, the information provided by StevenUnderwood in linear post #4 shows three, not one, user spam reports, each with a different subject: one Submitted: Monday, November 27, 2006 9:49:05 AM -0500, Check out my lists for walking women, walking men, and gadgets for everyone. one Submitted: Thursday, November 23, 2006 3:49:06 AM -0500, earache one Submitted: Wednesday, November 22, 2006 1:36:30 AM -0500, scathing truck For another, also in that same post: System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) Link to comment Share on other sites More sharing options...
gwadmin Posted December 2, 2006 Author Share Posted December 2, 2006 The issue I am trying to determine is the source. Would there not be an address from which the email was sent whatever[at]domain.com? If this was not a valid address on the system then I would know it was spoofed. If it was valid then I could look at the user's account. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted December 2, 2006 Share Posted December 2, 2006 The issue I am trying to determine is the source. Would there not be an address from which the email was sent whatever[at]domain.com? If this was not a valid address on the system then I would know it was spoofed. If it was valid then I could look at the user's account. You should be able to get that information from the people who received the reports: abuse[at]rr.com However, even if the email address is spoofed, it still came from this IP address. BTW, there was another report submitted yesterday and today: Report History: -------------------------------------------------------------------------------- Submitted: Saturday, December 02, 2006 11:45:05 AM -0500: 2045527869 ( 24.106.126.138 ) To: spamcop[at]imaphost.com 2045527824 ( 24.106.126.138 ) To: abuse[at]rr.com -------------------------------------------------------------------------------- Submitted: Friday, December 01, 2006 12:04:01 PM -0500: I'm working hard to produce decent traffic on all online galleries. 2044154140 ( 24.106.126.138 ) To: abuse[at]rr.com -------------------------------------------------------------------------------- Submitted: Monday, November 27, 2006 9:49:05 AM -0500: Check out my lists for walking women, walking men, and gadgets for everyone. 2037509197 ( 24.106.126.138 ) To: spamcop[at]imaphost.com 2037509152 ( 24.106.126.138 ) To: abuse[at]rr.com Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.