Jump to content

ISP Contacted Me and Asked for IP to be Delisted


jongrose
 Share

Recommended Posts

This is sort of a strange question, and I'm not sure this is the appropriate section of the forum, but it does have to do with the BL.

I received a reply from an ISP to a report I filed stating that they have removed a user's ability to send email through their server (which strangely enough appears to be a name server & no MX records exist for that IP). I checked the SCBL and the IP they mentioned is not listed. However, their sending IP is listed in SpamHaus's XBL (and hence, the CBL).

The email I report that generated their reply (which, incidentally, was not sent to my SC account) is this one:

http://www.spamcop.net/sc?id=z1205455016z1...7b51f0afb9aa03z

Here is a copy of their email with my details expunged:

Return-Path: <spamcop[at]devnull.spamcop.net>

Delivered-To: spamcop-net-_______[at]spamcop.net

Received: (qmail 30017 invoked from network); 30 Jan 2007 12:43:38 -0000

Received: from unknown (192.168.1.101)

by filter7.cesmail.net with QMQP; 30 Jan 2007 12:43:38 -0000

Received: from sc-smtp4-bulkmx.soma.ironport.com (204.15.82.126)

by mailgate.cesmail.net with SMTP; 30 Jan 2007 12:43:38 -0000

Received: from sc-app5.spamcop.net ([204.15.82.24])

by sc-smtp4-bulkmx.soma.ironport.com with SMTP; 30 Jan 2007 04:43:38 -0800

X-SpamCop-Reply-Ids: 2117213292

X-Spamcop-Return-Path: <hcenter[at]list.ru>

Received: from sc-smtp1-bulkmx.soma.ironport.com (sc-smtp1-bulkmx.soma.ironport.com [204.15.82.123])

by sc-app5.soma.ironport.com (Postfix) with ESMTP id 3425D2F8D7

for <2117213292[at]reports.spamcop.net>; Tue, 30 Jan 2007 04:42:19 -0800 (PST)

Received: from mx33.mail.ru ([194.67.23.194])

by sc-smtp1-bulkmx.soma.ironport.com with ESMTP; 30 Jan 2007 04:42:18 -0800

Received: from [87.228.52.120] (port=9188 helo=hc3rw7f3s7xstv)

by mx33.mail.ru with smtp

id 1HBsIj-000Ft9-00

for 2117213292[at]reports.spamcop.net; Tue, 30 Jan 2007 15:41:29 +0300

Message-ID: <002201c7446b$____________[at]hc3rw7f3s7___>

From: =?koi8-r?B?08zV1sLBINDPxMTF0tbLySBoY2VudGVyLmluZm8=?= <hcenter[at]list.ru>

To: <2117213292[at]reports.spamcop.net>

Subject: Spamcop report id:2117213292;body=Hello SpamCop user,

Date: Tue, 30 Jan 2007 15:40:45 +0300

MIME-Version: 1.0

Content-Type: text/plain;

format=flowed;

charset="koi8-r";

reply-type=original

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.2180

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

X-SpamCop-Checked: 192.168.1.101 204.15.82.126 204.15.82.24 204.15.82.123 194.67.23.194 87.228.52.120

X-SpamCop-Disposition: Blocked xbl.spamhaus.org

Good afternoon!

The User sending jv with server 85.249.136.194 is removed with server.

We Ask to release ip address.

-----------------------------------------------

ó Õ×ÃÖÅÎÉÅÃ, ÓÌÕÖÂà ÃÃÄÄÅÒÖËÉ

ÈÃÓÔÉÎÇ × íÃÓË×Å í10

info[at]hcenter.ru

http://www.hcenter.ru

support[at]hcenter.info

http://www.hcenter.info

I never reply to any emails sent to reporting addresses for fear of exposing my real identity. But, this is a weird case. Should I contact them and tell them that they are not in SC, but actually in another DNSbl? Or should I forward it to the deputies? Or just ignore it?

P.S. - I noticed someone was saying that reports to abuse[at]infobox.ru were going unanswered, but this one was apparently answered, acted on, and responded to.

Link to comment
Share on other sites

Lots of people ignore responses to report ids. IMHO, it is polite to answer them even if they seem fishy. You do have to mask your email address or send from a throwaway account which is a bit of trouble.

If the message doesn't indicate that a real white hat made a mistake and is sorry, it is an opportunity to 'educate' the sender (in a polite manner). If you have time you can write a lot more explanation than the deputies probably have time for.

OTOH, the deputies often do not like our explanations and probably would rather do it themselves.

Miss Betsy

Link to comment
Share on other sites

Lots of people ignore responses to report ids. IMHO, it is polite to answer them even if they seem fishy. You do have to mask your email address or send from a throwaway account which is a bit of trouble.

Too bad you can't reply from the reporting pseudonym address. Several of the other email systems I use, like Yahoo and Hushmail allow you to do this.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...