dcsuser Posted April 7, 2004 Share Posted April 7, 2004 Can anyone help us to understand 1) what is happening 2) who is responsible for correcting the situation and 3) how to get ourselves UNblocked? 1. WHAT IS HAPPENING We host a few websites for clients in a datacenter out of Texas. So far, when e-mail is sent to 2 domains we receive a response from spamcop stating that somewhere along the line the e-mail was blocked. Example (e-mail addresses intentionally altered): The original message was received at Tue, 6 Apr 2004 09:56:12 -0400 (EDT) from rrcs-central-24-106-103-186.biz.rr.com [24.106.103.186] ----- The following addresses had permanent fatal errors ----- <drgreg[at]yyyyyyyyyyyyyy.com> (reason: 550 5.7.1 <support[at]xxxxxxxxxxxxxx.net>... no access from[65.24.5.137],see http://spamcop.net/) ----- Transcript of session follows ----- ... while talking to mail.yyyyyyyyyyyyyy.com.: >>> MAIL From:<support[at]xxxxxxxxxxxxxx.net> SIZE=5240 <<< 550 5.7.1 <support[at]xxxxxxxxxxxxxx.net>... no access from[65.24.5.137],see http://spamcop.net/ 554 5.0.0 Service unavailable 2) WHO IS RESPONSIBLE FOR CORRECTING THE SITUATION? When I researched the IP address 65.24.5.137 in the Spamcop database it returned a RoadRunner mail server (our ISP) with several example spam e-mails to describe why that IP was black listed. When I typed in the IP addresses of the client domains I received no entries found in the database. This leads me to believe that our ISP (RoadRunner) has been blocked however their technical support is trying to tell us that it is OUR mail servers which are at fault, not the fact that THIER IP address is listed in the SpamCop database. Who is really responsible for correcting the situation, RR - with their mail server or ours with the mail server in Texas? 3) HOW TO GET OURSELVES UNBLOCKED? Regardless of the answer to #2 (who is responsible), what is the process for getting the IP out of the blocked list? Any help would be most appreciated as our clients are understandably upset. Regards, DCSUSER Link to comment Share on other sites More sharing options...
Merlyn Posted April 7, 2004 Share Posted April 7, 2004 This IP(65.24.5.137) is not currently blocked but it has been in the block list in the past. ---------------------------------------------------------------------------- 65.24.5.137 not listed in bl.spamcop.net Since SpamCop started counting, this system has been reported about 10 times by less than 10 users. It has been sending mail consistently for at least 161.5 days. In the past 30 hours, it has been listed once for a total of 9 hours In the past week, this system has: Been detected sending mail to spam traps Been witnessed sending mail about 2060 times Other hosts in this "neighborhood" with spam reports: 65.24.5.135 65.24.5.136 ------------------------------------------------------------------------------ I believe this is in Road Runners DHCP range. If you are running a mail server on a DHCP Range then expect to be blocked as many admins will not accept email from Dynamic ranges. You should use your ISP's mail server. If you are running a mail server on this IP then you have sent email to spam traps. Those are addresses that have never requested anything. Actually they have never been used for correspondence. No one knows they even exist. They should not be receiving mail. In any event you are not currently listed in bl.spamcop.net Link to comment Share on other sites More sharing options...
dcsuser Posted April 7, 2004 Author Share Posted April 7, 2004 Thank you for your response. It appears that we were not the only people to contact RR yesterday to inquire as to what is going on. My guess is that RR must have contacted SpamCop directly to resolve the issue. DCSUSER Link to comment Share on other sites More sharing options...
Merlyn Posted April 7, 2004 Share Posted April 7, 2004 NO, that will not happen. You fell of the list because it timed out after a specific amount of time from the last spam report. If more spam is reported you will be listed again and deservedly so. BTW: You are also listed by: BLARSBL Blars Block List: block.blars.org -> 127.1.0.17 DUINV Realtime IP/DIALUP List: duinv.aupads.org -> 127.0.0.4 See http://www.aupads.org/cgi-bin/duinv-lookup...ind=65.24.5.137 DRBL-VOTE-SANDY Distributed RBL node: sandy.ru: vote.drbl.sandy.ru -> 127.0.0.2 RoadRunner DHCP Network 030628:ROADRUNNER-CENTRAL DRBL-WORK-SANDY Distributed RBL node: sandy.ru: work.drbl.sandy.ru -> 127.0.0.2 zaraza:RoadRunner DHCP Network zaraza:030628:ROADRUNNER-CENTRAL DRBL-WORK-GREMLIN Distributed RBL node: gremlin.ru: work.drbl.gremlin.ru -> 127.0.0.2 vote.drbl.sandy.ru[at]ns.sci-nnov.ru:030628:ROADRUNNER-CENTRAL vote.drbl.sandy.ru[at]ns.sci-nnov.ru:RoadRunner DHCP Network Link to comment Share on other sites More sharing options...
dcsuser Posted April 7, 2004 Author Share Posted April 7, 2004 Merlyn, Just to clarify that situation, I have no control over how RR uses their mail server nor do I have control over how other RR customers use the mail server that was black listed. Consequently, honest users of the service such as myself cannot help but feel victimized when the entire IP is blocked because of the actions of the minority. I only mention this because in your reply your tone suggests that we were at fault for the block that was put into place. My belief is that if I were to send e-mail to our servers in Texas using a different ISP (bypassing the blocked RR account), my e-mail would be delivered normally. I say this because when I entered the IP addresses of our client's websites, they came up as NOT being blocked by SpamCop. Is this not correct? Hopefully, RR will take steps to minimize the misuse of their servers in the future. Regards, DCSUSER Link to comment Share on other sites More sharing options...
dra007 Posted April 7, 2004 Share Posted April 7, 2004 I just finished reporting a couple of spams routed through rr server, I asked them to stop the abuse...Unless they correct this problem I am quite sure that I and others will continue to submit reports...here is one example: Tracking message source: 24.95.58.35: Routing details for 24.95.58.35 [refresh/show] Cached whois for 24.95.58.35 : abuse[at]rr.com Using abuse net on abuse[at]rr.com abuse net rr.com = abuse[at]rr.com Using best contacts abuse[at]rr.com Yum, this spam is fresh! 24.95.58.35 not listed in dnsbl.njabl.org 24.95.58.35 not listed in dnsbl.njabl.org 24.95.58.35 not listed in cbl.abuseat.org 24.95.58.35 listed in dnsbl.sorbs.net ( 127.0.0.10 ) 24.95.58.35 not listed in relays.ordb.org. 24.95.58.35 not listed in plus.bondedsender.org 24.95.58.35 not listed in query.bondedsender.org 24.95.58.35 not listed in iadb.isipp.com Link to comment Share on other sites More sharing options...
Spambo Posted April 7, 2004 Share Posted April 7, 2004 [snip] Just to clarify that situation, I have no control over how RR uses their mail server nor do I have control over how other RR customers use the mail server that was black listed. Consequently, honest users of the service such as myself cannot help but feel victimized when the entire IP is blocked because of the actions of the minority. [snip] But you DO have control over which mail server(s) you patronize. The rest of the world shouldn't be obligated to receive spam coming from the server you use just because non-spammers choose to share services with spammers. You have numerous options, such as free accounts at Yahoo, Hotmail, or hundreds of other places. There are also any number of low cost alternatives that are more reliable than the free services. The fact remains that as long as spam is originating at a particular IP that IP is subject to widespread blocking. The spam victims cannot stop your provider from ignoring the abuses commited by some off its users but they certainly can prevent the spam from reaching their inbox. Link to comment Share on other sites More sharing options...
Wazoo Posted April 7, 2004 Share Posted April 7, 2004 we receive a response from spamcop stating that somewhere along the line the e-mail was blocked Just a bit of correction here .. and it's a major one ... you did NOT receive these messages FROM SpamCop ... you received them from an ISP that was using the SpamCop DNSbl in it's aresnal of tools in the attempt at stopping incoming spam. Actual numbers of folks using the SpamCop DNSbl are unknown (again, it's offered openly and feeely to anyone that cares to implement it .. further noting that most users don't also follow the recommendation of using it for tagging vice blocking) ... but let's say that your system sent out 200 e-mails to various points around the world ... you may receive these bounces from 20 of the intended recpients' ISP's e-mail servers .. the other 180 would have gone through. My belief is that if I were to send e-mail to our servers in Texas using a different ISP (bypassing the blocked RR account), my e-mail would be delivered normally That's exactly the point raised by a number of folks responding here ... use of an e-mail server being run by an ISP a bit more pro-active about controlling the abuse of their system .... Also noted is that SpamCop is but one identity that offers use of IP lists that are available for use to control incoming spew, and all of these lists have their own requirements and methods of listing and de-listing IP addresses identified as being "bad" ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.