Jump to content

SenderBase Reputation Help


Grokked

Recommended Posts

First, let me preface my questions with the following comments. Due to Hurricane Ike hitting Houston and causing significant power problems, I contracted with Dell MessageOne to provide backup email service for my users. The power to our offices went down at approximately midnight on Friday (12th) and, when I realized this around 2:30am Saturday morning, I activated the backup service. Power didn't return until around 4:00pm on Sunday (14th) and I did not switch back over from the backup service until 9:30pm on Monday night. During this time my users we fully able to access their email and conduct business with only minor frustration. Since Monday night we have been fully operational just as we were before the storm.

However, on Wednesday I had an email to my sales rep at Dell.com returned as undeliverable after 2 days (sent on Monday from backup service), which is the timout I have configured on my email server. While investigating, I tried connecting via telnet to Dell's SMTP server and received the following error;

554-ps-smtp.us.dell.com

554 Connections from this sending hostname 67.106.118.130.ptr.us.xo.net, IP address of: 67.106.118.130 are being rejected due to low SenderBase Reputation score (below -2). Your SenderBase organization: 4162354. See http://www.senderbase.org/ for more information.

So, I immediately kicked off a company-wide virus scan (Symantec Enterprise Edition) and began other research to figure out what is going on.

I started by checking the blacklists (http://www.mxtoolbox.com/blacklists.aspx?AG=GBL&gclid=CL2L8-Lv6JUCFRIcawodqEsueQ) and our IP address isn't listed on any of them.

I then went to SenderBase.org and looked up our IP address and found the reputation to be poor. The volume statistics show a magnitude of 2.7 for the last month but 0.0 for the last day. Nothing else of any note, at least to me, shows up on that page.

So I tried looking up each of our domains (hudsonmarine.com, hmms-usa.com, hudsontrident.com, hudsonsystems.com, tmsalogix.com). Not a single one of these show any email detected in the SenderBase database.

So now I'm at a loss of where to look next. If I really do have a problem with one of my systems, I need more information to help me figure out which one as I have over 70 computers, most of which are laptops, and a dozen or more of which are spread around the world at any given moment.

And if the problem came about because of the Dell MessageOne service, then how do I figure out what happened so I can be sure it doesn't happen next time?

I'll do my best to answer questions in the hope the someone can point me in the right direction.

Thanks.

Link to comment
Share on other sites

First, this is not a SenderBase support forum... this might get moved to the Lounge. Some of the people here have looked into the reputation score, but I'm not sure they ever got an answer.

SpamCop did see 2 spam reports against your IP address last week:

Submitted: Thursday, September 11, 2008 09:22:07 -0400:

Your account has been temporarily limited !

3473228153 ( ht tp://scotiabank.nm.ru/ ) To: abuse[at]comstar.ru

3473228152 ( ht tp://scotiabank.nm.ru/ ) To: postmaster[at]comstar.ru

3473228151 ( ht tp://scotiabank.nm.ru/ ) To: abuse#pochta.ru[at]devnull.spamcop.net

3473228150 ( 67.107.106.227 ) To: abuse[at]algx.net

3473228149 ( 67.106.118.130 ) To: relays[at]admin.spamcop.net

--------------------------------------------------------------------------------

Submitted: Thursday, September 11, 2008 05:39:00 -0400:

Your account has been temporarily limited !

3472543216 ( ht tp://scotiabank.nm.ru/ ) To: abuse[at]comstar.ru

3472543206 ( ht tp://scotiabank.nm.ru/ ) To: postmaster[at]comstar.ru

3472543200 ( ht tp://scotiabank.nm.ru/ ) To: abuse#pochta.ru[at]devnull.spamcop.net

3472543173 ( 67.106.118.130 ) To: abuse[at]algx.net

[phishing site links broken]

Link to comment
Share on other sites

http://www.spamcop.net/sc?id=z2237523055z3...f798018fc7533bz

http://www.spamcop.net/sc?id=z2237049018ze...c40590cef56f9dz

You can use those links to review recent examples of spam sent from 67.106.118.130. The "View entire message" link will show you the full headers and text.

Thanks for the Tracking URLs. However, not sure how this actually answers the SendeBase Reputation score question.

Link to comment
Share on other sites

Hi.

My company is recently experiencing problem emailing a number of external mail addresses, through a poor senderbase score attached to our IP address 87.236.7.99

We have checked with multiple blocklists including this one, since senderbase seems to use information gathered here, but we are NOT listed on any lists at all.

Why are we experiencing these problems right now and what can we do to resolve them?

*There is only 1 server behind this IP address and is a dedicated Surfcontrol email filtering system.

Link to comment
Share on other sites

My company is recently experiencing problem emailing a number of external mail addresses, through a poor senderbase score attached to our IP address 87.236.7.99

I see a moderator has already moved your post into an existing thread on this topic.

You'll read that SenderBase is only indirectly connected with the SpamCop blocklist. You'll need to contact the SenderBase admins at the Email address provided above.

Andrew

Link to comment
Share on other sites

My company is recently experiencing problem emailing a number of external mail addresses, through a poor senderbase score attached to our IP address 87.236.7.99

We have checked with multiple blocklists including this one, since senderbase seems to use information gathered here, but we are NOT listed on any lists at all.

Why are we experiencing these problems right now and what can we do to resolve them?

*There is only 1 server behind this IP address and is a dedicated Surfcontrol email filtering system.

Hi, as you say this is not a blocklist problem, merging herewith to a similar recent inquiry.

'We' don't know much about SenderBase but, as in the earlier case, if one of the paying members (or SC Admin) can locate some spam reports from your IP address, that might help you pin down problems. Also, you will note that Don (SC Admin) kindly provided the SenderBase contact address in a post immediately above yours.

People 'here' will give you what help they can.

[on edit - Thanks Andrew. OP sent a message, including the abuse address for that IP - abuse[at]dataweb.nl - in the event reports on spam have been sent in the recent past]

Link to comment
Share on other sites

We are still blocked on that IP. Yesterday we changed the IP routing to use a second mail route that was clean on Senderbase(thats why the traffic went down to 0.0). This solved the problem for a short time. Now this IP address is now blocked with a 'poor' Senderbase score even though we are sending 20-40 mails per hour and has only been used for 24 hours. Both IP addresses are not listed on any blacklists. Even when we use www.mxtoolbox.com, the Senderbase entry is listed as green and 'ok'. This IP is 82.95.106.251 (FYI)

Where are Senderbase getting their information from and how can we possibly resolve this since noone responds to support[at]senderbase.org and I see no telephone number.

This is now a real problem and we, as admins, can do nothing right now.

Help?

Link to comment
Share on other sites

Where are Senderbase getting their information from and how can we possibly resolve this since noone responds to support[at]senderbase.org and I see no telephone number.

This is now a real problem and we, as admins, can do nothing right now.

Have you tried contacting the guys at SenderBase as previously suggested? Not only is this forum unconnected with SenderBase but the folk here are simply users of SpamCop. Looks like you need to converse with SenderBase.

Andrew

Link to comment
Share on other sites

...Where are Senderbase getting their information from and how can we possibly resolve this since noone responds to support[at]senderbase.org and I see no telephone number. ...
I'm afraid all we SC users know about is the public/published knowledge - SenderBase Reputation Score Overview (thanks to Mike Easter in news.spamcop.net spamcop for the link) and you already know how to look up your reputation score at http://www.senderbase.org/home/rep_lookup (M.E. again) or at least know what the score is reported from rejections. You can look for clues as to email/spam 'sightings' by searching the internet but I certainly can find nothing there.

Maybe the deputies or SC admin have a contact phone number but whether they can/would pass it on is another matter since there is no obvious SC involvement in the problem. Anyway

SpamCop Admin <service[at]admin.spamcop.net>

SpamCop Deputies <deputies[at]admin.spamcop.net>

Link to comment
Share on other sites

We are still blocked on that IP.

Just as noted with the use of the SpamCopDNSBL, the use of the SenderBase Reputation Score is a decision of the recipient, applied to the configuration of their network. Short term, perhaps contacting those recipients and asking about possible whitelisting might be something to try.

Yesterday we changed the IP routing to use a second mail route that was clean on Senderbase(thats why the traffic went down to 0.0). This solved the problem for a short time.

Just noting that there is no traffic yet showing at http://www.senderbase.org/senderbase_queri...g=82.95.106.251 but the SRS has changed for the original IP Address http://www.senderbase.org/senderbase_queri...=67.106.118.130

Now this IP address is now blocked with a 'poor' Senderbase score even though we are sending 20-40 mails per hour and has only been used for 24 hours. Both IP addresses are not listed on any blacklists. Even when we use www.mxtoolbox.com, the Senderbase entry is listed as green and 'ok'. This IP is 82.95.106.251 (FYI)

Where are Senderbase getting their information from and how can we possibly resolve this since noone responds to support[at]senderbase.org and I see no telephone number.

Yet again, the only data available thus far is found at SenderBase Reputation Score ..... The actual links having been provided previously in this Topic/Discussion.

I would be negligent not to point out some recent traffic that concerns xs4all network referenced with the use of the second IP Address offered up. XS4ALL here in this Forum

[scspamcop] Re: Even if it could handle multibyte characters, SC doesn't find reporting address Maria Jacobs over in the spamcop newsgroup.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...