Jump to content

Need history for 64.38.46.42


starslab
 Share

Recommended Posts

Hello,

I'm currently evaluating a new MSP, and was quite concerned when an email we sent yesterday bounced.... At the time, http://www.spamcop.net/w3m?action=checkblo...;ip=64.38.46.42 stated the IP was blacklisted, and that

In the past 77.7 days, it has been listed 5 times for a total of 3.2 days

So I sent an email to the MSP, who says the page indicates there is no problem. This really should be fixed. The page should state that there is no problem right now, and should also include the blocking statistic so it can be seen that there was a problem, even if there isn't one now.

Can someone provide me a history of that address and why it has been blocked? I'd like to help my MSP understand why he's being blocked, and see if he fixes it. If not, i'm off to search for a new MSP.

- Andrew

Link to comment
Share on other sites

Can someone provide me a history of that address and why it has been blocked? I'd like to help my MSP understand why he's being blocked, and see if he fixes it. If not, i'm off to search for a new MSP.

Only a deputy can provide that kind of history, and likely only to an administrator of that IP address.

What likely happened is that the address came off the list by the time the support people looked at it. What should be fixed is that they keep getting listed. That is not a good start to your relationship.

Information I can pass along, which is available to paid reporters are some of the reports sent to that ISP about that IP address in the last 30 days. With this few reports, those listings are likely due to emails hitting spamtrap addresses. The reason stated on the page you saw is just as important as how many times being listed.

Report History:
--------------------------------------------------------------------------------

Submitted: Wednesday, November 29, 2006 2:58:28 AM -0500: 
Important Holiday Message 
2040275787 ( 64.38.46.42 ) To: spamcop[at]imaphost.com 
2040275786 ( [url="http://www.sensibleholidays.com/uns.php"]http://www.sensibleholidays.com/uns.php[/url] ) To: abuse[at]powersurge.net 
2040275785 ( 64.38.46.42 ) To: abuse[at]powersurge.net 

--------------------------------------------------------------------------------

Submitted: Monday, November 27, 2006 8:30:30 AM -0500: 
Holiday Schedule News 
2037418023 ( 64.38.46.42 ) To: spamcop[at]imaphost.com 
2037417994 ( 64.38.46.42 ) To: abuse[at]powersurge.net 

--------------------------------------------------------------------------------

Submitted: Monday, November 27, 2006 8:18:05 AM -0500: 
Holiday Schedule News 
2037415234 ( 64.38.46.42 ) To: spamcop[at]imaphost.com 
2037415207 ( 64.38.46.42 ) To: abuse[at]powersurge.net 

--------------------------------------------------------------------------------

Submitted: Sunday, November 26, 2006 3:32:13 PM -0500: 
Semester Scheduling 
2036332775 ( [url="http://www.wholesaleseason.com/uns.php"]http://www.wholesaleseason.com/uns.php[/url] ) To: abuse[at]powersurge.net 
2036332754 ( 64.38.46.42 ) To: abuse[at]powersurge.net 

--------------------------------------------------------------------------------

Submitted: Monday, November 06, 2006 6:24:46 AM -0500: 
Fall Semester Notice 
2003990630 ( 64.38.46.42 ) To: abuse[at]powersurge.net 

--------------------------------------------------------------------------------

Submitted: Saturday, November 04, 2006 9:24:31 PM -0500: 
Ipod VS Zune 
2001665081 ( 64.38.46.42 ) To: spamcop[at]imaphost.com 
2001665074 ( [url="http://www.aonservers.com/forum/viewtopic.php?t"]http://www.aonservers.com/forum/viewtopic.php?t[/url]... ) To: abuse[at]powersurge.net 
2001665060 ( 64.38.46.42 ) To: abuse[at]powersurge.net 

Another of their mail servers is currently on sorbs.net blocklist for an open proxy:

Address and Port: 64.38.45.210:1080

Record Created: Sun Nov 19 01:00:11 2006 GMT

Record Updated: Sun Nov 19 01:00:39 2006 GMT

Additional Information: [submitted via corpit.ru] Confirmed open SOCKS v5 proxy: Sun Nov 19 11:00:11 2006

Currently active and flagged to be published in DNS

And this server is currently pushing 3408% the volume of email than it normally does: http://www.senderbase.org/search?searchBy=...ring=64.38.56.2

None are currently listed on SpamCop however. If you are still getting a bounce, then it is likely the receiver's error message is incorrect.

Link to comment
Share on other sites

Where is this spamcop[at]imaphost.com and abuse[at]powersurge.net coming from?

WHOIS information for that IP reveals abuse[at]fastservers.net

dig -x 64.38.46.42 reveals "galaxy.myserverhosts.com"

whois myserverhosts.com returns admin[at]myserverhosts.com

Reverse DNS suggests the second machine you mention does indeed belong to the same service provider.

Between this and that open proxy (Why the hell is there an open SOCKS5 proxy on that machine?), I think I'm looking for a new hosting provider.

Thanks for the help.

Link to comment
Share on other sites

Hi, Andrew!

Where is this spamcop[at]imaphost.com and abuse[at]powersurge.net coming from?

<snip>

...For abuse[at]powersurge.net, navigate to the link you provided in your original post here, then click on the link labeled "Trace IP." spamcop[at]imaphost.com is a third-party interested in the reports (see http://forum.spamcop.net/forums/index.php?...tySourceReport).
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...