InfoResearch Posted March 26, 2007 Share Posted March 26, 2007 Hi! I am the administrator for our system because well - it's just me. Using 1and1 for my email system. Noticed last week that I personally have started receiving spam (3-4) without ever putting this email address out except to customers on our website. Now today, I am being blocked. Is it 1and1 or is it me? How do I get my company unblocked if it is 1and1? I have to be able to send email especially to my board members (the email that was blocked). Here is the email info I received: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. The following addresses failed: <board members email address> SMTP error from remote server in greeting: host mx.valueweb.com[216.219.253.196]: 554-ip02.ams.ftl.affinity.com 554 Unfortunately your access to this mail system has been rejected due to the sending MTA's poor reputation and e-mail hygiene on the Internet. Please reference the following URL for more information: http://www.senderbase.org/search?searchString=217.160.230.40 Thanks in advance for any advice. Link to comment Share on other sites More sharing options...
Wazoo Posted March 26, 2007 Share Posted March 26, 2007 This does not translate to an issue with the SpamCopDNSBL .. so to save the confusion, this Topic will be moved to the Lounge area with this post. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted March 26, 2007 Share Posted March 26, 2007 This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. The following addresses failed: <board members email address> SMTP error from remote server in greeting: host mx.valueweb.com[216.219.253.196]: 554-ip02.ams.ftl.affinity.com 554 Unfortunately your access to this mail system has been rejected due to the sending MTA's poor reputation and e-mail hygiene on the Internet. Please reference the following URL for more information: http://www.senderbase.org/search?searchString=217.160.230.40 Did you follow the link provided? On that page, did you follow the link for Google groups: http://groups.google.com/groups?scoring=d&...0+group:*abuse* That shows your mail machine seems to be sending lots of junk onto the internet. Also, looking at the spamcop site as a paid reporter, I have access to some information about older reports even though it is not currently listed. Report History: Last 90 days -------------------------------------------------------------------------------- Submitted: Saturday, March 24, 2007 7:12:18 AM -0400: ....Confirm Receipt..... 2212596291 ( 66.98.138.80 ) To: abuse[at]ev1servers.net 2212596290 ( 217.160.230.40 ) To: abuse[at]schlund.de 2212596289 ( 205.152.59.66 ) To: thisisspam[at]bellsouth.net 2212596288 ( 205.152.59.66 ) To: abuse[at]bellsouth.net -------------------------------------------------------------------------------- Submitted: Saturday, March 24, 2007 3:59:26 AM -0400: Synegrate Opportunity 2212377568 ( [url="http://www.foxgraph.com/"]http://www.foxgraph.com/[/url] ) To: abuse[at]dls.net 2212377567 ( 69.15.209.5 ) To: abuse[at]cbeyond.net 2212377563 ( 217.160.230.40 ) To: abuse[at]schlund.de -------------------------------------------------------------------------------- Submitted: Wednesday, March 21, 2007 6:54:35 PM -0400: Publisher Membership Information 2208386893 ( [url="http://www.adshuh.com/main.asp?pid=30008"]http://www.adshuh.com/main.asp?pid=30008[/url] ) To: postmaster[at]ecommerce.com 2208386826 ( [url="http://www.adshuh.com/main.asp?pid=30008"]http://www.adshuh.com/main.asp?pid=30008[/url] ) To: abuse[at]ecommerce.com 2208386766 ( 67.182.103.198 ) To: abuse[at]comcast.net 2208386678 ( 217.160.230.40 ) To: abuse[at]schlund.de -------------------------------------------------------------------------------- Submitted: Wednesday, March 21, 2007 3:41:45 PM -0400: =?ISO-8859-1?Q?=B1=B1=C3=C0=CA=D0=B3=A1?= - =?ISO-8859-1?Q?=D0=E8=C7=F3?= - =... 2208209273 ( [url="http://www.sinobillboard.com/"]http://www.sinobillboard.com/[/url] ) To: abuse[at]dreamhost.com 2208209263 ( [url="http://china.sinobillboard.com/about_us.html"]http://china.sinobillboard.com/about_us.html[/url] ) To: abuse[at]dreamhost.com 2208209254 ( 75.84.94.214 ) To: abuse[at]rr.com 2208209247 ( 217.160.230.40 ) To: abuse[at]schlund.de -------------------------------------------------------------------------------- Submitted: Sunday, March 18, 2007 7:02:10 AM -0400: Govt Grants Billions Available 2202293193 ( [url="http://www.ultimategrantsecrets.com/unsubscribe."]http://www.ultimategrantsecrets.com/unsubscribe.[/url].. ) To: jay[at]uwtech.com 2202293179 ( [url="http://www.ultimategrantsecrets.com/index.html?."]http://www.ultimategrantsecrets.com/index.html?.[/url].. ) To: jay[at]uwtech.com 2202293159 ( 66.116.103.159 ) To: jay[at]uwtech.com 2202293122 ( 217.160.230.40 ) To: abuse[at]schlund.de -------------------------------------------------------------------------------- Submitted: Friday, March 16, 2007 12:06:24 PM -0400: Reconnecting 2200475946 ( [url="https://coveylink.insidesales.com/do=noauth/ema."]https://coveylink.insidesales.com/do=noauth/ema.[/url].. ) To: abuse#viawest.net[at]devnull.spamcop.net 2200475945 ( 64.90.204.229 ) To: abuse#viawest.net[at]devnull.spamcop.net 2200475942 ( [url="https://coveylink.insidesales.com/do=noauth/ema."]https://coveylink.insidesales.com/do=noauth/ema.[/url].. ) To: netsupport[at]viawest.net 2200475941 ( 64.90.204.229 ) To: netsupport[at]viawest.net 2200475920 ( [url="https://coveylink.insidesales.com/do=noauth/ema."]https://coveylink.insidesales.com/do=noauth/ema.[/url].. ) To: abuse[at]internap.com 2200475898 ( 64.90.204.229 ) To: abuse[at]internap.com 2200475886 ( 217.160.230.40 ) To: abuse[at]schlund.de -------------------------------------------------------------------------------- Submitted: Friday, March 16, 2007 12:59:17 AM -0400: grammatical whisker 2199310023 ( 217.160.230.40 ) To: abuse[at]schlund.de 2199310017 ( 208.57.135.152 ) To: ip-abuse[at]mpowercom.net -------------------------------------------------------------------------------- Submitted: Friday, March 16, 2007 12:13:34 AM -0400: Complimentary Ringtones for You Daniel 2199262698 ( [url="http://ajfjacbghehca.maileviction.com/exit/"]http://ajfjacbghehca.maileviction.com/exit/[/url] ) To: abuse#marliness.net[at]devnull.spamcop.net 2199262697 ( 66.97.169.61 ) To: abuse#marliness.net[at]devnull.spamcop.net 2199262696 ( 217.160.230.40 ) To: abuse[at]schlund.de -------------------------------------------------------------------------------- Submitted: Thursday, March 15, 2007 11:58:43 AM -0400: departmental bushy 2198466452 ( 217.160.230.40 ) To: abuse[at]schlund.de 2198466403 ( 201.38.68.2 ) To: abuse[at]embratel.net.br 2198466341 ( 201.38.68.2 ) To: mail-abuse[at]cert.br -------------------------------------------------------------------------------- Submitted: Thursday, March 15, 2007 9:40:27 AM -0400: Unlock Govt Grants 2198311455 ( [url="http://www.ultimategrantsecrets.com/unsubscribe."]http://www.ultimategrantsecrets.com/unsubscribe.[/url].. ) To: jay[at]uwtech.com 2198311451 ( [url="http://www.ultimategrantsecrets.com/index_e.htm."]http://www.ultimategrantsecrets.com/index_e.htm.[/url].. ) To: jay[at]uwtech.com 2198311444 ( 66.116.103.159 ) To: jay[at]uwtech.com 2198311424 ( 217.160.230.40 ) To: abuse[at]schlund.de Link to comment Share on other sites More sharing options...
InfoResearch Posted March 26, 2007 Author Share Posted March 26, 2007 Thank you so much for your post and your history reporting. Now - for the stupid questions: Does this mean it's coming because of 1and1 or does that mean someone has "hacked" into our domain and is using our webmail? Since I KNOW that none of the messages listed in your history report came from me (I am the only one with access to the email system). Sorry for the ignorance on this end. What do I need to do to change this? Change firewalls, run a virus check, etc.? Link to comment Share on other sites More sharing options...
Wazoo Posted March 26, 2007 Share Posted March 26, 2007 Does this mean it's coming because of 1and1 The data provided is based on traffic seen coming from that IP address. or does that mean someone has "hacked" into our domain and is using our webmail? "our" is a question best answered by you defining that term. Are you paying for a dedicated e-mail server for "our" domain? This seems pretty doubtful as you keep bringing up "1 and 1" so the indication would be that "you" are using a "shared" e-mail server. "Hacking into your domain" is actually a bit of an odd statement. Servers get hacked and/or compromised directly. Since I KNOW that none of the messages listed in your history report came from me (I am the only one with access to the email system). Now you are making it sound like you are paying for a specific e-mail server just for you and yours ...???? Perhaps you are talking abut an Admin capability to generate/control e-mail accounts under your domain .. this has little to do with controlling traffic from a shared server. What do I need to do to change this? Change firewalls, run a virus check, etc.? If you run "the server" then there's much to do. However, I'm not convinced that "you" run the server in question. For instance, using your registered address here, the MX records show; ns47.1and1.com reports the following MX records: Preference Host Name IP Address 10 mx01.1and1.com 217.160.226.101 10 mx00.1and1.com 217.160.226.100 So we have incoming servers that are shared and your query suggests a shared output server. Schlund is no stranger to this scenario. Have you talked to them at all? Although not dealing with the SpamCopDNSBL, there are a number of FAQs here that deal with the situation of "my e-mail is blocked" .... have you looked at any of them? Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted March 26, 2007 Share Posted March 26, 2007 554 Unfortunately your access to this mail system has been rejected due to the sending MTA's poor reputation and e-mail hygiene on the Internet. Please reference the following URL for more information: http://www.senderbase.org/search?searchString=217.160.230.40 I'm afraid I can't help you. Your mail problems don't have anything to with SpamCop. - Don D'Minion - SpamCop Admin - Link to comment Share on other sites More sharing options...
turetzsr Posted April 24, 2007 Share Posted April 24, 2007 <snip> Schlund is no stranger to this scenario. Have you talked to them at all? Although not dealing with the SpamCopDNSBL, there are a number of FAQs here that deal with the situation of "my e-mail is blocked" .... have you looked at any of them? ...If I read this correctly, Wazoo seems to have skipped a step: how Schlund comes into the picture. Here's what I found: http://www.spamcop.net/sc?track=217.160.230.40. So, InfoResearch, I agree with Wazoo that Schlund is the place you need to go to get the immediate spam problem resolved. ...Another approach I would try were I in your shoes would be to pursue this with 1and1. If you paid 1and1 to provide you with reliable e-mail service, they are not meeting their obligation to you and should help get it resolved (fairly quickly); if they can not (or will not), I would look for a provider that offers better support. My guess is that will also be more expensive but right now you're paying for service you are not getting. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.