Help

[InfoResearch]

Hi! I am the administrator for our system because well - it's just me. Using 1and1 for my email system.

Noticed last week that I personally have started receiving spam (3-4) without ever putting this email address out except to customers on our website.

Now today, I am being blocked. Is it 1and1 or is it me?

How do I get my company unblocked if it is 1and1?

I have to be able to send email especially to my board members (the email that was blocked).

Here is the email info I received:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. The following addresses failed:

<board members email address>

SMTP error from remote server in greeting:

host mx.valueweb.com[216.219.253.196]:

554-ip02.ams.ftl.affinity.com

554 Unfortunately your access to this mail system has been rejected due to the sending MTA's poor reputation and e-mail hygiene on the Internet. Please reference the following URL for more information: http://www.senderbase.org/search?searchString=217.160.230.40

Thanks in advance for any advice.

[Wazoo]

This does not translate to an issue with the SpamCopDNSBL .. so to save the confusion, this Topic will be moved to the Lounge area with this post.

[StevenUnderwood]

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. The following addresses failed:

<board members email address>

SMTP error from remote server in greeting:

host mx.valueweb.com[216.219.253.196]:

554-ip02.ams.ftl.affinity.com

554 Unfortunately your access to this mail system has been rejected due to the sending MTA's poor reputation and e-mail hygiene on the Internet. Please reference the following URL for more information: http://www.senderbase.org/search?searchString=217.160.230.40

Did you follow the link provided?

On that page, did you follow the link for Google groups: http://groups.google.com/groups?scoring=d&...0+group:*abuse*

That shows your mail machine seems to be sending lots of junk onto the internet.

Also, looking at the spamcop site as a paid reporter, I have access to some information about older reports even though it is not currently listed.

Report History:
 Last 90 days   
--------------------------------------------------------------------------------

Submitted: Saturday, March 24, 2007 7:12:18 AM -0400: 
....Confirm Receipt..... 
2212596291 ( 66.98.138.80 ) To: abuse[at]ev1servers.net 
2212596290 ( 217.160.230.40 ) To: abuse[at]schlund.de 
2212596289 ( 205.152.59.66 ) To: thisisspam[at]bellsouth.net 
2212596288 ( 205.152.59.66 ) To: abuse[at]bellsouth.net 

--------------------------------------------------------------------------------

Submitted: Saturday, March 24, 2007 3:59:26 AM -0400: 
Synegrate Opportunity 
2212377568 ( [url="http://www.foxgraph.com/"]http://www.foxgraph.com/[/url] ) To: abuse[at]dls.net 
2212377567 ( 69.15.209.5 ) To: abuse[at]cbeyond.net 
2212377563 ( 217.160.230.40 ) To: abuse[at]schlund.de 

--------------------------------------------------------------------------------

Submitted: Wednesday, March 21, 2007 6:54:35 PM -0400: 
Publisher Membership Information 
2208386893 ( [url="http://www.adshuh.com/main.asp?pid=30008"]http://www.adshuh.com/main.asp?pid=30008[/url] ) To: postmaster[at]ecommerce.com 
2208386826 ( [url="http://www.adshuh.com/main.asp?pid=30008"]http://www.adshuh.com/main.asp?pid=30008[/url] ) To: abuse[at]ecommerce.com 
2208386766 ( 67.182.103.198 ) To: abuse[at]comcast.net 
2208386678 ( 217.160.230.40 ) To: abuse[at]schlund.de 

--------------------------------------------------------------------------------

Submitted: Wednesday, March 21, 2007 3:41:45 PM -0400: 
=?ISO-8859-1?Q?=B1=B1=C3=C0=CA=D0=B3=A1?= - =?ISO-8859-1?Q?=D0=E8=C7=F3?= - =... 
2208209273 ( [url="http://www.sinobillboard.com/"]http://www.sinobillboard.com/[/url] ) To: abuse[at]dreamhost.com 
2208209263 ( [url="http://china.sinobillboard.com/about_us.html"]http://china.sinobillboard.com/about_us.html[/url] ) To: abuse[at]dreamhost.com 
2208209254 ( 75.84.94.214 ) To: abuse[at]rr.com 
2208209247 ( 217.160.230.40 ) To: abuse[at]schlund.de 

--------------------------------------------------------------------------------

Submitted: Sunday, March 18, 2007 7:02:10 AM -0400: 
Govt Grants Billions Available 
2202293193 ( [url="http://www.ultimategrantsecrets.com/unsubscribe."]http://www.ultimategrantsecrets.com/unsubscribe.[/url].. ) To: jay[at]uwtech.com 
2202293179 ( [url="http://www.ultimategrantsecrets.com/index.html?."]http://www.ultimategrantsecrets.com/index.html?.[/url].. ) To: jay[at]uwtech.com 
2202293159 ( 66.116.103.159 ) To: jay[at]uwtech.com 
2202293122 ( 217.160.230.40 ) To: abuse[at]schlund.de 

--------------------------------------------------------------------------------

Submitted: Friday, March 16, 2007 12:06:24 PM -0400: 
Reconnecting 
2200475946 ( [url="https://coveylink.insidesales.com/do=noauth/ema."]https://coveylink.insidesales.com/do=noauth/ema.[/url].. ) To: abuse#viawest.net[at]devnull.spamcop.net 
2200475945 ( 64.90.204.229 ) To: abuse#viawest.net[at]devnull.spamcop.net 
2200475942 ( [url="https://coveylink.insidesales.com/do=noauth/ema."]https://coveylink.insidesales.com/do=noauth/ema.[/url].. ) To: netsupport[at]viawest.net 
2200475941 ( 64.90.204.229 ) To: netsupport[at]viawest.net 
2200475920 ( [url="https://coveylink.insidesales.com/do=noauth/ema."]https://coveylink.insidesales.com/do=noauth/ema.[/url].. ) To: abuse[at]internap.com 
2200475898 ( 64.90.204.229 ) To: abuse[at]internap.com 
2200475886 ( 217.160.230.40 ) To: abuse[at]schlund.de 

--------------------------------------------------------------------------------

Submitted: Friday, March 16, 2007 12:59:17 AM -0400: 
grammatical whisker 
2199310023 ( 217.160.230.40 ) To: abuse[at]schlund.de 
2199310017 ( 208.57.135.152 ) To: ip-abuse[at]mpowercom.net 

--------------------------------------------------------------------------------

Submitted: Friday, March 16, 2007 12:13:34 AM -0400: 
Complimentary Ringtones for You Daniel 
2199262698 ( [url="http://ajfjacbghehca.maileviction.com/exit/"]http://ajfjacbghehca.maileviction.com/exit/[/url] ) To: abuse#marliness.net[at]devnull.spamcop.net 
2199262697 ( 66.97.169.61 ) To: abuse#marliness.net[at]devnull.spamcop.net 
2199262696 ( 217.160.230.40 ) To: abuse[at]schlund.de 

--------------------------------------------------------------------------------

Submitted: Thursday, March 15, 2007 11:58:43 AM -0400: 
departmental bushy 
2198466452 ( 217.160.230.40 ) To: abuse[at]schlund.de 
2198466403 ( 201.38.68.2 ) To: abuse[at]embratel.net.br 
2198466341 ( 201.38.68.2 ) To: mail-abuse[at]cert.br 

--------------------------------------------------------------------------------

Submitted: Thursday, March 15, 2007 9:40:27 AM -0400: 
Unlock Govt Grants 
2198311455 ( [url="http://www.ultimategrantsecrets.com/unsubscribe."]http://www.ultimategrantsecrets.com/unsubscribe.[/url].. ) To: jay[at]uwtech.com 
2198311451 ( [url="http://www.ultimategrantsecrets.com/index_e.htm."]http://www.ultimategrantsecrets.com/index_e.htm.[/url].. ) To: jay[at]uwtech.com 
2198311444 ( 66.116.103.159 ) To: jay[at]uwtech.com 
2198311424 ( 217.160.230.40 ) To: abuse[at]schlund.de 

[InfoResearch]

Thank you so much for your post and your history reporting.

Now - for the stupid questions:

Does this mean it's coming because of 1and1 or does that mean someone has "hacked" into our domain and is using our webmail? Since I KNOW that none of the messages listed in your history report came from me (I am the only one with access to the email system).

Sorry for the ignorance on this end.

What do I need to do to change this? Change firewalls, run a virus check, etc.?

[Wazoo]

Does this mean it's coming because of 1and1

The data provided is based on traffic seen coming from that IP address.

or does that mean someone has "hacked" into our domain and is using our webmail?

"our" is a question best answered by you defining that term. Are you paying for a dedicated e-mail server for "our" domain? This seems pretty doubtful as you keep bringing up "1 and 1" so the indication would be that "you" are using a "shared" e-mail server.

"Hacking into your domain" is actually a bit of an odd statement. Servers get hacked and/or compromised directly.

Since I KNOW that none of the messages listed in your history report came from me (I am the only one with access to the email system).

Now you are making it sound like you are paying for a specific e-mail server just for you and yours ...????

Perhaps you are talking abut an Admin capability to generate/control e-mail accounts under your domain .. this has little to do with controlling traffic from a shared server.

What do I need to do to change this? Change firewalls, run a virus check, etc.?

If you run "the server" then there's much to do. However, I'm not convinced that "you" run the server in question.

For instance, using your registered address here, the MX records show;

ns47.1and1.com reports the following MX records:

Preference Host Name IP Address

10 mx01.1and1.com 217.160.226.101

10 mx00.1and1.com 217.160.226.100

So we have incoming servers that are shared and your query suggests a shared output server.

Schlund is no stranger to this scenario. Have you talked to them at all? Although not dealing with the SpamCopDNSBL, there are a number of FAQs here that deal with the situation of "my e-mail is blocked" .... have you looked at any of them?

[SpamCopAdmin]

554 Unfortunately your access to this mail system has been rejected due to the sending MTA's poor reputation and e-mail hygiene on the Internet. Please reference the following URL for more information: http://www.senderbase.org/search?searchString=217.160.230.40

I'm afraid I can't help you. Your mail problems don't have anything to with SpamCop.

- Don D'Minion - SpamCop Admin -

[turetzsr]

<snip>

Schlund is no stranger to this scenario. Have you talked to them at all? Although not dealing with the SpamCopDNSBL, there are a number of FAQs here that deal with the situation of "my e-mail is blocked" .... have you looked at any of them?

...If I read this correctly, Wazoo seems to have skipped a step: how Schlund comes into the picture. Here's what I found: http://www.spamcop.net/sc?track=217.160.230.40. So, InfoResearch, I agree with Wazoo that Schlund is the place you need to go to get the immediate spam problem resolved.

...Another approach I would try were I in your shoes would be to pursue this with 1and1. If you paid 1and1 to provide you with reliable e-mail service, they are not meeting their obligation to you and should help get it resolved (fairly quickly); if they can not (or will not), I would look for a provider that offers better support. My guess is that will also be more expensive but right now you're paying for service you are not getting.