Help with blocked IP

[north_carolina]

I sent this message from one e-mail account to another on the same PC:

Your message did not reach some or all of the intended recipients.

Subject: test

Sent: 8/8/2007 12:38 AM

The following recipient(s) cannot be reached:

'wellsclan[at]earthlink.net' on 8/8/2007 12:38 AM

451 Blocked - see http://www.spamcop.net/bl.shtml?24.225.62.137

First, I don't understand why I'm being blocked. It was half-way explained to me today that it was a bot or something. I've ran Spybot, Adaware, etc. I've waited the mandatory 24 hours but I'm still being blocked. Trying to run a home business here and this is frustrating to say the least!

Question, why can I send from my earthlink account but not my business account (using Outlook). Both are on my computer and behind my cable box? I thought my IP was being blocked but it seems that it's only blocking a particular domain name? I've tried to contact my ISP (Earthlink) but they deny there is anything they can do. They point the finger at Time Warner, the company that provides my high speed service. Time Warner sends me to Earthlink. But then my Earthlink e-mail works so they say it's maybe my other e-mail account. So I call them and they say it's my ISP. Argh!

Who is blocking me and is this legal?

[agsteele]

I'm assuming you didn't follow the link provided which offers the explanation...

24.225.62.137 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in a short time.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

The Senderbase statistics show a change in Email volumes in the Last day of 1190%

This suggests a problem on the particular PC. The reverse DNS for the IP in question is user-0ce2fk9.cable.mindspring.com

This looks to be a dynamic IP.

On that basis I would suggest you run an urgent anti-virus and spyware scan of your PC. From the limited information available I'd say you might have an infection which is using your PC to distribute spam without your knowledge.

Of course, it could also be that another Mindspring customer previously had the IP allocated and you're suffering their bad.

If you can tell us how your PC is configured to send Email then that would be helpful. What is your outgoing SMTP server name in your mail program?

I should add that SpamCop simply provides a register of IPs known to be sending spam at the moment or recently. The receiving ISP has chosen to reject your messages based on that list. So, if the message was sent to yourself then it is your own ISP that has decided to reject your messages since they stand a significant chance of being spam based on the data I collected.

Andrew

[petzl]

451 Blocked - see http://www.spamcop.net/bl.shtml?24.225.62.137

First, I don't understand why I'm being blocked. Who is blocking me and is this legal?

Pay for you to use my signature

If you are blocked by SpamCop it is usually because your computer has been hacked into and every thug who wants to has access to it including spammers (who spew spam from it worldwide)

Everything on that computer can be accessed. Thugs can determine where you live when you are home when you are not

This is because you have a Trojan/zombie program running on it (or you use a unsecured wireless connection)

[GraemeL]

A reverse lookup indicates that the address is dynamic:

dig -x 24.225.62.137

;; ANSWER SECTION:

137.62.225.24.in-addr.arpa. 86052 IN PTR user-0ce2fk9.cable.mindspring.com.

24.225.62.137 is also listed by the following lists as being a dynamic address:

24.225.62.137 RBL filtered by safe.dnsbl.sorbs.net

24.225.62.137 RBL filtered by combined.njabl.org

24.225.62.137 RBL filtered by pbl.spamhaus.org

All of those indicate that your IP address should not be transmitting email direct to MX.

The Spamhaus listing will almost certainly cause you major problems. If your contract does allow you to run servers, then you should open a support ticket with your ISP and ask them to get your address removed from the lists above.

[Miss Betsy]

<snip>Question, why can I send from my earthlink account but not my business account (using Outlook). Both are on my computer and behind my cable box?

It is the IP address of the computer that is sending the email. Apparently, your earthlink account uses an earthlink mail server which does not allow spam. Your business account uses the dynamic IP address assigned to your computer. This IP address has increased usage lately which is generally an indication that a spammer has infected it. It is not a good idea to use a dynamic IP address anyway because many ISPs block them on principle.

I thought my IP was being blocked but it seems that it's only blocking a particular domain name?

blocklists only block IP addresses. email addresses and domain names are never even looked at by a blocklist

<snip>

Who is blocking me and is this legal?

The ISP who runs the mail server that receives your email is the one who is using the blocklist. I would be very surprised if either earthlink or Time Warner used the spamcop blocklist to block email, but maybe so.

If you are going to run a home business on the internet, then I suggest doing a lot of research on how to prevent your website being hacked, how to use email responsibly, and how to make your computer absolutely secure. I do hope that you haven't bought a 'kit' to start your business.

Miss Betsy

[Telarin]

There is really not enough information provided to say for sure, but it would appear that whoever is providing your outgoing mail service is filtering outgoing mail based on the SCBL. This is definitely NOT a recommended use of the SCBL, but "their server, their rules".

Again, it would be useful to know what your outgoing mail servers are for further troubleshooting. The IP address you list appears to be a mindspring.com address, I believe that is part of Earthlink, is it not? Where exactly does Time Warner come into the picture?

[north_carolina]

There is really not enough information provided to say for sure, but it would appear that whoever is providing your outgoing mail service is filtering outgoing mail based on the SCBL. This is definitely NOT a recommended use of the SCBL, but "their server, their rules".

Again, it would be useful to know what your outgoing mail servers are for further troubleshooting. The IP address you list appears to be a mindspring.com address, I believe that is part of Earthlink, is it not? Where exactly does Time Warner come into the picture?

This is what is confusing me. EVERY single e-mail that I try to send from my business account is being blocked. Not just test messages to myself, but to all my clients as well. My outgoing mail server on this business account is provided by ixwebhosting.com. When I called them, they said this is my local service provider's issue, not theirs. When I called Earthlink, my ISP, they say it's my cable provider's problem (Time Warner) because they provide my IP address. When I call Time Warner, they say it's Earthlink's issue. The thing is, I can send fine from my Earthlink account.

I'm assuming you didn't follow the link provided which offers the explanation...

UMmm, yes I did read the explanation. But this doesn't tell me anything. This morning, it says I'm not listed in the database but yet I'm still getting "System undeliverable" e-mails and can't send.

The Senderbase statistics show a change in Email volumes in the Last day of 1190%

This suggests a problem on the particular PC. The reverse DNS for the IP in question is user-0ce2fk9.cable.mindspring.com

This looks to be a dynamic IP.

On that basis I would suggest you run an urgent anti-virus and spyware scan of your PC. From the limited information available I'd say you might have an infection which is using your PC to distribute spam without your knowledge.

Of course, it could also be that another Mindspring customer previously had the IP allocated and you're suffering their bad.

If you can tell us how your PC is configured to send Email then that would be helpful. What is your outgoing SMTP server name in your mail program?

I should add that SpamCop simply provides a register of IPs known to be sending spam at the moment or recently. The receiving ISP has chosen to reject your messages based on that list. So, if the message was sent to yourself then it is your own ISP that has decided to reject your messages since they stand a significant chance of being spam based on the data I collected.

Andrew

I do have McAfee running on all computers (I have a secured wireless network in my home with three other computers hooked to it). I secure my network based on MAC address. I run Spybot, Adaware, Trend Micro, I know how to use these things but nothing is showing up on any of the reports that indicate unusual activity.

Affected outgoing e-mail is my own domain coast2coastbusiness.com hosted by ixwebhosting.

The receiving ISP has chosen to reject your messages based on that list. So, if the message was sent to yourself then it is your own ISP that has decided to reject your messages since they stand a significant chance of being spam based on the data I collected.

But then why am I unsable to send ANY e-mail? Every single, and I repeat, every single e-mail I send is kicked back as undeliverable with the statement that it's being blocked.

A reverse lookup indicates that the address is dynamic:

dig -x 24.225.62.137

;; ANSWER SECTION:

137.62.225.24.in-addr.arpa. 86052 IN PTR user-0ce2fk9.cable.mindspring.com.

24.225.62.137 is also listed by the following lists as being a dynamic address:

24.225.62.137 RBL filtered by safe.dnsbl.sorbs.net

24.225.62.137 RBL filtered by combined.njabl.org

24.225.62.137 RBL filtered by pbl.spamhaus.org

All of those indicate that your IP address should not be transmitting email direct to MX.

The Spamhaus listing will almost certainly cause you major problems. If your contract does allow you to run servers, then you should open a support ticket with your ISP and ask them to get your address removed from the lists above.

So who is my ISP? My business account belongs to ixwebhosting, my cable provider is Time Warner, my e-mail provider (owns my account apparently) is Earthlink. From what I've read on your website, I am supposed to notify my ISP so that they can fix whatever they need to fix. Problem is, none of these companies claim to be able to do this. So who is supposed to do this?

If you are going to run a home business on the internet, then I suggest doing a lot of research on how to prevent your website being hacked, how to use email responsibly, and how to make your computer absolutely secure. I do hope that you haven't bought a 'kit' to start your business.

I am actually a Microsoft Certified Professional and have been working at home for a number of years without a problem, this is why I am so frustrated. I know how to use the tools, I have a secure wireless setup in my home, and no, I didn't buy a "kit" : )

Just the mere fact that my e-mail address is on the Internet, it's prone to being harvested, nothing I can really do about that. I doubt my website was hacked because nothing shows up in any reports that I have run from anyof the programs (Spybot S&D, Adaware, etc).

On one hand, Spamcop says "it's not personal" but yet on the other, I've been made to feel that I am an irresponsible spammer.

BTW, just tried to reply to a message from my mother, who has a hotmail account, and it got kicked back with the "undeliverable" message but when I follow the link it says I'm not listed. THIS is why I think this whole thing is suspect - does this spamcop program even work? Why is it blocking every single e-mail? Interrupting my business by blocking all of my e-mails doesn't seem like it should be legal.

[dra007]

Once again, you failed to listen to the help provided. Spamcop has no ability to block your e-mail. This was pointed out by many of the previous posters that tried to be helpful.

[StevenUnderwood]

This is what is confusing me. EVERY single e-mail that I try to send from my business account is being blocked. Not just test messages to myself, but to all my clients as well. My outgoing mail server on this business account is provided by ixwebhosting.com. When I called them, they said this is my local service provider's issue, not theirs.

If ixwebhosting.com is your mail provider for these messages, it appears they are blocking messages their customers from using their service. Get specifics from them as to what they expect your local service provider to repair. Let them know that use of the SpamCop list to block email is not recommended by Spamcop, that it should be used to tag suspected spam or in a scoring situation.

UMmm, yes I did read the explanation. But this doesn't tell me anything. This morning, it says I'm not listed in the database but yet I'm still getting "System undeliverable" e-mails and can't send.

The Senderbase statistics show a change in Email volumes in the Last day of 1190%

BTW, just tried to reply to a message from my mother, who has a hotmail account, and it got kicked back with the "undeliverable" message but when I follow the link it says I'm not listed. THIS is why I think this whole thing is suspect - does this spamcop program even work? Why is it blocking every single e-mail? Interrupting my business by blocking all of my e-mails doesn't seem like it should be legal.

SpamCop BL is a DNSBL, subject to the update delays and caching issues of any DNS system. While the master listing may be updated, mirrors may still be in the process and many local systems may have your IP cached for as long as their local systems are configured to do so.

[Telarin]

It appears that whoever is providing your outgoing mail server is blocking the email from their SMTP server, so NONE of your email goes out. This is a serious flaw in their use of the SCBL, as it was never intended to be used in that manner.

However, as I said before, it is their server, so their rules apply. You may want to email the deputies using the contact form on the spamcop.net website to see if they can provide you with information on what kinds of emails have been hitting the spam traps. That may give us some insight into where to look next.

[Wazoo]

I am actually a Microsoft Certified Professional

not sure why you wanted to play that card ... just as with those folks that proudly hang their degrees on the wall, these 'credentials' don't really mean much when the 'issue' isn't actually within the alleged field of expertise.

From the top, you are posting here from the same IP address that you are asking about. Your described 'network' did not include running your own e-mail server. However you do mention a wireless (home) network in use. Complaint is that 'your' e-mail is being blocked by 'your' ISP. Strangely enough, we just went through this whole scenario with a girl in the Netherlands. Your story and data seen thus far match that storyline almost exactly. (for a good time, please take the time to read through [Resolved] 213.93.21.64 is blocked )

http://www.senderbase.org/senderbase_queri...g=24.225.62.137 starts out with the data bit:

Date of first message seen from this address: 2007-08-04 ... so what happened a few days ago that all of a sudden has e-mail being sent from 'your' IP address?

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ...... 3.0 .. 1188%

Last month .. 1.9

Seems to suggest that the spew hasn't stopped, much in contrast to your complaint that you can't send any mail, SenderBase's "Magnitude" Explained depicts that "3" as being something along the lines of 1.4 thousand e-mails a day leaving that IP address.

(I have a secured wireless network in my home with three other computers hooked to it). I secure my network based on MAC address.

Forging a MAC address is trivial. You didn't mention WEP or WAP being in use. You didn't actually qualify how the systems 'hooked up' are actually configured, i.e. one or more of them configured to act as an 'ad hoc' networked system, which could then also be providing a gateway into your network, bypassing your 'network security' settings ....

I run Spybot, Adaware, Trend Micro, I know how to use these things but nothing is showing up on any of the reports that indicate unusual activity.

coincidentally or not, I am in the process of trying to clean up a system that had three different root-kit infections (that I've identified thus far) .. and being root-kits, these aren't seen by your standard anti-virus, anti-malware tools ....

Affected outgoing e-mail is my own domain coast2coastbusiness.com hosted by ixwebhosting.

Actually, from what data you have provided, and noting the exact correlation to the previously mentioned Netherlands girl Topic/Discussion, it appears to be ixwebhosting that is rejecting your attempts to send e-mail "from your PC" because of the SpamCopDNSBL listing of 'your' IP address.

As stated a number of times, 'your' computer should not be sending e-mail. One would think that a Microsoft Certified Professional wouldn't need this explained, but .... telling your Outlook e-mail client to 'send' e-mail does not mean that Outlook actually 'delivers' that e-mail. Outlook has to connect to an e-mail server somewhere, which would then accept the data from your Outlook client, process that data, and then attempt to deliver that e-mail for you. Your storyline is that the e-mail server involved will not accept a connection from your PC, whereas the other iSP does not use the SpamCopDNSBL against its incoming connections (assumedly because you are 'directly' connected to them)

Your actual problem .. you need to identify the source of the outgoing e-mail that is tagged as coming from your IP address. In the case of the Netherlands girl, it in fact did turn out to be someone that she probably waved 'Hi' to everyday ... a neighbor with an infected system that was in fact using her wireless network to send its spew .... actually locking down the wireless router did end up fixing her problem . but that was after all the virus scans, malware scans, turning off some of the computers for hours at a time, etc. etc. etc.

The primary future issue is based on the fact that the SpamCopDNSBL is based on a bit of math to determine listing/de-listing. So where things are at right now, it is showing as not-listed, but ... that could change if a few more outgoing e-mails (that you know nothing about) start hitting spamtraps, generating some more user complaints, at which time the math could then work out again to get this IP address re-listed.

[agsteele]

But then why am I unsable to send ANY e-mail? Every single, and I repeat, every single e-mail I send is kicked back as undeliverable with the statement that it's being blocked.

It is difficult to say except that your IP address is currently sending exceedingly high levels of Email (based on the Senderbase logs). Unless you are sending exceptionally large numbers of messages then, as suggested previously, it does seem that you have a problem.

I asked previously: "If you can tell us how your PC is configured to send Email then that would be helpful. What is your outgoing SMTP server name in your mail program?"

You didn't provide that information but I am inclined to ask if you are running an Exchange server on your network...

But, as others have noted, your IP is listed in more than one DNSBL and, being a dynamic IP, you are likely to have ongoing issues if you are running Exchange or a similar mail server product.

Andrew

[north_carolina]

It appears that whoever is providing your outgoing mail server is blocking the email from their SMTP server, so NONE of your email goes out. This is a serious flaw in their use of the SCBL, as it was never intended to be used in that manner.

However, as I said before, it is their server, so their rules apply. You may want to email the deputies using the contact form on the spamcop.net website to see if they can provide you with information on what kinds of emails have been hitting the spam traps. That may give us some insight into where to look next.

From what I see in my e-mail account settings, my outgoing mail server is my domain name (coast2coastbusiness.com) hosted by ixwebhosting. I just called them and they said to call my cable provider since it's the IP that is being blocked. So which is it, outgoing mail server or cable provider's IP that is being blocked? I'm so confused.

[turetzsr]

From what I see in my e-mail account settings, my outgoing mail server is my domain name (coast2coastbusiness.com) hosted by ixwebhosting. I just called them and they said to call my cable provider since it's the IP that is being blocked. So which is it, outgoing mail server or cable provider's IP that is being blocked? I'm so confused.

...Gotta admit, so am I. Normally, incoming e-mail from specific IP addresses (which are normally outgoing e-mail servers) are blocked by ISPs or e-mail providers. Here, some have suggested that your outgoing mail is being blocked. You have said you continue to be blocked although you are no longer in the SpamCop blacklist. Basically, I think you need to find out who is sending you the message saying your e-mail is blocked and ask them how they are determining that your e-mail is to be blocked. Sometimes, the provider doing the blocking sends a message the indicates an IP address is on the SpamCop list when, in fact, it is some other criterion that is being used. Another possibility, of course, is that there's some caching involved, as StevenUnderwood suggested, above.

[north_carolina]

...Gotta admit, so am I. Normally, incoming e-mail from specific IP addresses (which are normally outgoing e-mail servers) are blocked by ISPs or e-mail providers. Here, some have suggested that your outgoing mail is being blocked. You have said you continue to be blocked although you are no longer in the SpamCop blacklist. Basically, I think you need to find out who is sending you the message saying your e-mail is blocked and ask them how they are determining that your e-mail is to be blocked. Sometimes, the provider doing the blocking sends a message the indicates an IP address is on the SpamCop list when, in fact, it is some other criterion that is being used. Another possibility, of course, is that there's some caching involved, as StevenUnderwood suggested, above.

Thanks Steve, yes I imagine it was cached (although 12 hours longer than the stated "24 hours" is a long time). I am still getting the runaround from all involved. I am on hold with Time Warner, but they are saying the IP is an Earthlink IP, but Earthlink is saying the IP is assigned via Time Warner. So I'm trying to get a hold of someone who can for sure tell me why my IP is being blocked.

All are denying that they use Spamcop so I can't tell you from where I'm receiving the message. The "From" Address just says "System Administrator" and it's only affecting the one e-mail account that I use for my business, which is separate from my Earthlink account but behind the same router and cable box (thus the same IP).

Like I mentioned, I can understand if no e-mail worked because of my IP being blocked, but I am able to send e-mails via Earthlink but not my other account which uses my domain name as the smtp server. No, I don't have an Exchange server, just a regular e-mail client setup.

Sorry if I sound grumpy, but I've been spending all my time trying to get this straightened out and I cannot bill my clients if I don't work : (

[turetzsr]

<snip>

Sorry if I sound grumpy, but I've been spending all my time trying to get this straightened out and I cannot bill my clients if I don't work : (

...It is annoying all around when e-mail doesn't work. Relying on it for business is something you may wish to rethink: backhoes can cut telecommunications lines, server software can crash, bits can get lost while being transferred through the internet. E-mail isn't a guaranteed-communications mechanism, even absent spammers and other evildoers and incompetent/unhelpful provider staff.

[Miss Betsy]

From what I see in my e-mail account settings, my outgoing mail server is my domain name (coast2coastbusiness.com) hosted by ixwebhosting. I just called them and they said to call my cable provider since it's the IP that is being blocked. So which is it, outgoing mail server or cable provider's IP that is being blocked? I'm so confused.

I would be just as confused if I were in your shoes. I don't understand about webhosting, etc. very well. However, I don't think that an outgoing server uses a domain name, IIUC. I have an email account where I receive email from two different servers - one, the original email address which came with the internet connection (cable) and one, from a mail server that belongs to a website hosted by a hosting company. However, both my email addresses go out through the internet connection. If I send email by the website address via the internet connection, the return path is to the website email server.

Of course, if I go to the webmail of the website, then the email goes out from their mail server just as when I send an email from an hotmail account, it goes out via the hotmail servers.

There are ways to send out email directly from your computer, but I don't know how to do that. However, from all the discussion, it sounds as if that is what you are doing for your business address - and also, if it is a spammer who has infected your wireless connection, how he is doing it. Of course, maybe I am even more confused than you are. Even though your hosting company provides your email address, it would be the IP address of your computer if you have set it up to send email. Email addresses don't mean much when you are talking about how email works. It is the IP of the mail server or IOW, the IP address of the computer that sends the email.

The reason your earthlink email goes through is because you are using their mail servers. The reason your business email doesn't go through is because your business email goes through a computer that was listed on the spamcop bl. Not all mail server admins use the spamcop bl, so it is unlikely that every email you send would be rejected. That's why some have suggested that whoever owns the email server is rejecting your email before it is sent to the internet. And that is probably a mistake since that is not the way the spamcop bl is designed to work. It is designed to recognize IP addresses of incoming email as coming from an IP address that has been reported as sending spam. Since it doesn't check for spam content, if someone else sends an email from that IP address, the email is tagged, or rejected, also. Since the mail servers of webmail (and hosting companies) know the IP address of the computer sending the email to them, it is possible that your hosting company is, either deliberately, or by error, using the spamcop bl on incoming email from customers so that your outgoing email is rejected before it ever gets to a mail server. The fact that it is late in keeping up with the scbl may be due to the fact that it is not being refreshed because it wasn't supposed to be there in the first place.

The reference to the other topic where someone had a similar problem and the senderbase statistics point to a spammer operating in a way you haven't found yet. I think I would concentrate first on seeing what happens (as in the other topic) to the senderbase statistics and on finding the loophole the spammer has found if the senderbase statistics continue to show an increase. Just as people hire you to solve their problems, then possibly it would be a good idea to hire an expert in finding computer infections if you don't have time to learn how to do it yourself.

Then, it wouldn't be a bad idea to learn exactly how your email is handled so that if something happens in the future, you can show the proper abuse desk that it is their problem.

I hope my non-technical understanding of what your problem is helps you to see what is the problem (which may not be what I think) and track down how to solve it.

Miss Betsy

[Wazoo]

http://www.senderbase.org/senderbase_queri...g=24.225.62.137

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ...... 2.3 .. 119%

Last month .. 1.9

something has changed for the better .. womdering why nothing has been mentioned ...

08/08/07 20:51:21 IP block 24.225.62.137

Earthlink, Inc. ERLK-CBL-TW-MIDSOUTH (NET-24-225-32-0-1)

24.225.32.0 - 24.225.95.255

EARTHLINK, INC ERLK-TW-WILMINGTON17 (NET-24-225-48-0-1)

24.225.48.0 - 24.225.63.255

08/08/07 20:52:18 whois !NET-24-225-48-0-1[at]whois.arin.net

CustName: EARTHLINK, INC

Address: 1375 PEACHTREE STREET, LEVEL A

City: ATLANTA

StateProv: GA

PostalCode: 30309

Country: US

RegDate: 2006-11-16

Updated: 2006-11-16

NetRange: 24.225.48.0 - 24.225.63.255

CIDR: 24.225.48.0/20

08/08/07 20:51:06 Slow traceroute 24.225.62.137

66.185.134.150 RTT: 63ms TTL:170 (RR-Raleigh.atdn.net probable bogus rDNS: No DNS)

24.93.64.169 RTT: 51ms TTL:170 (ge-1-3-0.chrlncsa-rtr6.southeast.rr.com ok)

24.93.64.122 RTT: 85ms TTL:170 (pos6-0.wlmgncilm-rtr2.ec.rr.com ok)

24.25.33.185 RTT: 62ms TTL:170 (srp1-1.wlmgncjkv-rtr2.ec.rr.com ok)

24.25.32.22 RTT: 67ms TTL:170 (gig15-0-wlmgncjkv-bsr1.ec.rr.com ok)

* * * failed

* * * failed

* * * failed .. could pretend this is your firewall at work?

So showing here is Earthlink in chatge of the IP Block, Roadrunner handling the 'local' part of the backbone of your Internet connection .. in other places, one would also see AOL in the mix ...

Technically, none of this really matters ... as the issue was with ixwebhosting blocking your attempted connection to their e-mail server, based on the SpamCopDNSBL listing, which was caused by some spew from 'your' IP Address.

coast2coastbusiness.com

ns3.ixwebhosting.com reports the following MX records:

Preference Host Name IP Address

10 mail26.opentransfer.com 76.162.254.26

this your 'incoming' e-mail server at ixwebhosting

Bothers me to have to repeat and explain this to someone that threw the "Microsoft Certified Professional" card .. but ... This is pretty much a match for the 'other' Topic/Discussion, yet you make no mention of trying to wade through that to compare notes, issues, circumstances, and results. The issue of 'caching' .... no one here has a clue as to how ixwebhosting would have their network configured. Apparently they are grabbing the SpamCopDNSBL listing every now and then and caching those results locaaly (just one possibility) .. or they may be hitting a mirror somewhere else that is holding onto an old copy for some reason. This is probably way beyond a Tier-1 droid to have sitting in their scripts.

The point now would seem to be that something was done to stop the spew (or the spammer has moved on?) so the basic problem now is waiting for someone's cache to get renewed ...????

[Wazoo]

at the time of this post;

Report on IP address: 24.225.62.137

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ....... 2.3 .. 119%

Last month ... 1.9

[agsteele]

From what I see in my e-mail account settings, my outgoing mail server is my domain name (coast2coastbusiness.com) hosted by ixwebhosting. I just called them and they said to call my cable provider since it's the IP that is being blocked. So which is it, outgoing mail server or cable provider's IP that is being blocked? I'm so confused.

It is your IP address provided by your cable provider that appears to be blocked. But that's why I asked what your outgoing SMTP server name is.

I'm not sure that your outgoing mail server will be coast2coastbusiness.com - at the very least I'd expect mail.coast2coastbusiness.com or smtp.coast2coastbusiness.com but your DNS record shows the MX as mail26.opentransfer.com

So again, I ask for a brief narrative describing the means by which you send mail. Are you using, for example, Outlook Express with an SMTP server name of mail26.opentransfer.com? Or do you have some form of mail server running on the home/office PC - such as Exchange but could be any other mail server program such as Mercury, FTGate, MDaemon, etc etc...?

Have you run the checks to identify whether you have a trojan on one of your PCs? A trojan would also use your PC's IP. I'm of the view that this is the most likely cause.

Andrew

[north_carolina]

It is your IP address provided by your cable provider that appears to be blocked. But that's why I asked what your outgoing SMTP server name is.

I'm not sure that your outgoing mail server will be coast2coastbusiness.com - at the very least I'd expect mail.coast2coastbusiness.com or smtp.coast2coastbusiness.com but your DNS record shows the MX as mail26.opentransfer.com

So again, I ask for a brief narrative describing the means by which you send mail. Are you using, for example, Outlook Express with an SMTP server name of mail26.opentransfer.com? Or do you have some form of mail server running on the home/office PC - such as Exchange but could be any other mail server program such as Mercury, FTGate, MDaemon, etc etc...?

Have you run the checks to identify whether you have a trojan on one of your PCs? A trojan would also use your PC's IP. I'm of the view that this is the most likely cause.

Andrew

- My outgoing e-mail server is mail.coast2coastbusiness.com (I use MS Outlook)

I was on the phone all day yesterday, calling up the different players: cable provider, ISP, and my business web hosting. Once again they all say they do not even use Spamcop so they don't know why my e-mail was blocked. I reviewed my router settings with them and did checks on two computers (the other two are off, one has been for the last month and the other has been off since Monday.) The one that was off since Monday, I am now told by my teenager, was because it kept having a blue screen on bootup. I'm inclined to think this may have been caused by viruses, trojans, malware and could have been the culprit all along.

I plan to turn off the router, reformat the hard drive, reinstall Windows, then run the Spybot, Adaware, etc.

I am still stumped as to why all of my outgoing e-mail was being blocked when my cable provider, ISP, and webhosting company as they all say they don't use Spamcop?

Thanks for everyone's suggestions, I do appreciate it. Hopefully this is the end to the nightmare.

http://www.senderbase.org/senderbase_queri...g=24.225.62.137

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ...... 2.3 .. 119%

Last month .. 1.9

something has changed for the better .. womdering why nothing has been mentioned ...

08/08/07 20:51:21 IP block 24.225.62.137

Earthlink, Inc. ERLK-CBL-TW-MIDSOUTH (NET-24-225-32-0-1)

24.225.32.0 - 24.225.95.255

EARTHLINK, INC ERLK-TW-WILMINGTON17 (NET-24-225-48-0-1)

24.225.48.0 - 24.225.63.255

08/08/07 20:52:18 whois !NET-24-225-48-0-1[at]whois.arin.net

CustName: EARTHLINK, INC

Address: 1375 PEACHTREE STREET, LEVEL A

City: ATLANTA

StateProv: GA

PostalCode: 30309

Country: US

RegDate: 2006-11-16

Updated: 2006-11-16

NetRange: 24.225.48.0 - 24.225.63.255

CIDR: 24.225.48.0/20

08/08/07 20:51:06 Slow traceroute 24.225.62.137

66.185.134.150 RTT: 63ms TTL:170 (RR-Raleigh.atdn.net probable bogus rDNS: No DNS)

24.93.64.169 RTT: 51ms TTL:170 (ge-1-3-0.chrlncsa-rtr6.southeast.rr.com ok)

24.93.64.122 RTT: 85ms TTL:170 (pos6-0.wlmgncilm-rtr2.ec.rr.com ok)

24.25.33.185 RTT: 62ms TTL:170 (srp1-1.wlmgncjkv-rtr2.ec.rr.com ok)

24.25.32.22 RTT: 67ms TTL:170 (gig15-0-wlmgncjkv-bsr1.ec.rr.com ok)

* * * failed

* * * failed

* * * failed .. could pretend this is your firewall at work?

So showing here is Earthlink in chatge of the IP Block, Roadrunner handling the 'local' part of the backbone of your Internet connection .. in other places, one would also see AOL in the mix ...

Technically, none of this really matters ... as the issue was with ixwebhosting blocking your attempted connection to their e-mail server, based on the SpamCopDNSBL listing, which was caused by some spew from 'your' IP Address.

coast2coastbusiness.com

ns3.ixwebhosting.com reports the following MX records:

Preference Host Name IP Address

10 mail26.opentransfer.com 76.162.254.26

this your 'incoming' e-mail server at ixwebhosting

Bothers me to have to repeat and explain this to someone that threw the "Microsoft Certified Professional" card .. but ... This is pretty much a match for the 'other' Topic/Discussion, yet you make no mention of trying to wade through that to compare notes, issues, circumstances, and results. The issue of 'caching' .... no one here has a clue as to how ixwebhosting would have their network configured. Apparently they are grabbing the SpamCopDNSBL listing every now and then and caching those results locaaly (just one possibility) .. or they may be hitting a mirror somewhere else that is holding onto an old copy for some reason. This is probably way beyond a Tier-1 droid to have sitting in their scripts.

The point now would seem to be that something was done to stop the spew (or the spammer has moved on?) so the basic problem now is waiting for someone's cache to get renewed ...????

Yes Wazoo, my e-mail began working late yesterday afternoon, about 36 hours or so after being notified that I was blocked. All these explanations seem to border on educated guessing about my web host using an old cached something or other to block me. Why did it happen Saturday then again on Monday? I could see if I was sending "spew" - love the jargon btw - from an address and users who use spamcop reject my e-mail, but to arbitrarily reject all my outgoing legitimate e-mail is far far beyond acceptable. Seems like spamcop has faulty programming.

And fyi, seems that you've never taken a MCP. Unless I was a MCSE I wouldn't have taken anything related to mail servers, Exchange servers, etc., my test covered networking with workstations, servers, and enterprise networks, so you can get off that rant now as it's getting old. I only said that as some people were implying that I didn't even know how to run a virus scan, that's all.

[Telarin]

Someone is lying to you. My guess would be your business web host provider, as it appears to me that is where you mail is being blocked. If you only spoke to tier 1 support, it would be unlikely that they would be fully aware of all the anti-spam mechanisms in place, as many providers tend to guard that information. I would suggest asking them to escalate your ticket to tier 2 if they are unable to resolve the problem.

[north_carolina]

Someone is lying to you. My guess would be your business web host provider, as it appears to me that is where you mail is being blocked. If you only spoke to tier 1 support, it would be unlikely that they would be fully aware of all the anti-spam mechanisms in place, as many providers tend to guard that information. I would suggest asking them to escalate your ticket to tier 2 if they are unable to resolve the problem.

Thank you Will. I had a hunch that may have been the case because I had escalated it to the top level of my cable provider (coincidentally my phone, same cable/voip provider, kept cutting off while I was on hold!) and if it happens again, I'll definitely be more persistent with them.

[turetzsr]

<snip> could see if I was sending "spew" - love the jargon btw - from an address and users who use spamcop reject my e-mail, but to arbitrarily reject all my outgoing legitimate e-mail is far far beyond acceptable.

...Very true!

Seems like spamcop has faulty programming.

<snip>

...Very false! SpamCop has no control over anyone's programming. If some provider is blocking all your outgoing mail, SpamCop is hardly to blame. First point of blame is the spammer; the second point of blame is the provider mis-using the SpamCop BL.