Jump to content

We're listed 67.38.176.142


EVV532

Recommended Posts

67.38.176.142 is listed. Can someone help us determine why?

The best source for the information you are asking for is to go to the spamcop web page and click on the Blocking List Tab.

There you will find a window to inter your numeric IP address. When you click on the button you will see that at this time:

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours.

Causes of listing

* System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

There is also some additional information about your IP and mail.threeieng.com that you should address.

Hope this helps.

Link to comment
Share on other sites

Still trying to find the original cause for getting listed in the first place.

The original cause for being listed seems to be that mail from your IP was received by some of SpamCop's spam traps. Apparently three times during the last five days.

Spamtraps are: "Non-existent email addresses set up by SpamCop to definitively identify spam. As SpamCop never used these email addresses to signup for a mailing list or purchase an item, for example, SpamCop knows spammers harvested the emails for their mailing lists."

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

The fact that your volume of email has increased 1050% over last month would indicate that something has changed. Do you know what has changed? There are lots of tools available to help you identify malware on your machines if you can't account for the increase in volume in other ways.

Link to comment
Share on other sites

Yep. Did that earlier. Still trying to find the original cause for getting listed in the first place.
Lou (preceding post) has mentioned the SenderBase stats, which you can access via the lookup you know about. You only seem to be listed on the SCbl, looking at http://www.robtex.com/rbl/67.38.176.142.html (so no evidence is available from other sources) but the hits on SC spamtraps seem to continue going by SenderBase and the currency of your listing in the SCbl. And spamtrap evidence is secret. The deputies (deputies[at]admin.spamcop.net) might be able to tell you the TYPE of traffic they are seeing in the spamtraps (NDNs, etc) which could maybe help you home in on the continuing problem.
Link to comment
Share on other sites

My first suggestion is to get a quick fix in until you can more definatively track down the problem machine. The first thing I would suggest doing is configure your firewall to only allow outgoing port 25 traffic from your mailserver. This will block any infected computers on your network from sending out mail. If your router/firewall supports it, configuring it to log those failed attempts can be very useful in tracking down the infected computer.

Link to comment
Share on other sites

Telarin your right it doesn't look like the fix is in yet. Last I checked the volume is up to 1228% over 1050% yesterday. There must also been some additional hits at the spam Traps because the time remaining on the list has increased also.

Keep digging EVV532, the problem is there somewhere.

Link to comment
Share on other sites

Telarin your right it doesn't look like the fix is in yet. Last I checked the volume is up to 1228% over 1050% yesterday. There must also been some additional hits at the spam Traps because the time remaining on the list has increased also.

I was watching the time tick down ... 3 .... 2 - then 22. Bummer! We're still digging.

Trying the port 25 blocking suggestion. Thanks to all.

Any other additional ideas are appreciated.

Link to comment
Share on other sites

Your not mindlessly bouncing email?

In this case wouldn't that require SpamCop spam Traps to send email or someone to know the address of a spam trap and include it in an email to EVV532?

I don't think either is very likely (nada!). If he had been reported by someone other than a spam trap, what you suggest is very likely.

Link to comment
Share on other sites

In this case wouldn't that require SpamCop spam Traps to send email or someone to know the address of a spam trap and include it in an email to EVV532?

I don't think either is very likely (nada!). If he had been reported by someone other than a spam trap, what you suggest is very likely.

Au contraire, very likely and very common. Spamtrap addresses are 'out there' to attract the scrapers: that's the whole point. No human needs to know them.

Human report now received

Submitted: Thu, 07 Feb 2008 08:29:45 GMT:
Crazy Britney does it again!

	* 2820599222 ( 67.38.176.142 ) To: abuse[at]prodigy.net 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...