artgamble711 Posted April 9, 2004 Share Posted April 9, 2004 I send out a lot of emails, and had a lot of trouble with them being blocked by spam cop. I was told by you that my email server had me on a shared IP and it was one of the other mailers. They (my email server) changed me to my own IP. I keep getting errors like this: (reason: 550 5.7.1 <lagle[at]nacs.net>... Mail Probable spam - blocked. <art[at]gamble-america.com> For help Go To: http://spamcop.net/w3m?action=checkblock&ip=209.216.203.28) The problem is that 209.216.203.28 is my OLD ip, I now have a different one. Here is what I heard back from my email provider Art, I do not have a solid answer for you just yet. We have determined that those Spamcop messages you got are not from us, they are coming from the people's servers you are sending to. The big question is why Spamcop thinks gamble-america.com is 209.216.203.28 instead of its new IP, 209.216.205.82. I would like to talk to our head administrator here about this, but he isn't in until Monday. Sorry for the delay, but we are really scratching our heads on this one. I will send you another message on Monday after I talk with Brandon. You might also try asking Spamcop why they are incorrectly registering gamble-america.com as 209.216.203.28. Anyways, I will send you another mail on Monday with the progress This is really hurting my business. Can you tell me what I have to do. My IP address is now 209.216.205.82. There should be no problem with that. It must be my domain Gamble-America.com that is giving the problem. There has NEVER been a complaint about me. Everybody on my email list has ASKED to get my specials. Thanks, Art Nittskoff Gamble America 440 498-2100 Link to comment Share on other sites More sharing options...
Wazoo Posted April 9, 2004 Share Posted April 9, 2004 Parsing input: 209.216.203.28 host 209.216.203.28 = virt8r.secure-wi.com (cached) Reporting addresses: abuse[at]adnc.com Parsing input: 209.216.205.82 host 209.216.205.82 (getting name) = gamble-america.com. Reporting addresses: abuse[at]adnc.com First item up for discussion might be one of a thing called DNS propogation? .. You've not mentioned the timeframe involved. Link to comment Share on other sites More sharing options...
Jeff G. Posted April 9, 2004 Share Posted April 9, 2004 Art, Thanks for writing. Are you sure that your (or someone else's) email isn't still going out through 209.216.203.28 (now named virt8r.secure-wi.com but still running a Sendmail 8.11.6/8.11.6 mailserver)? This link shows the following in part: Query bl.spamcop.net - 209.216.203.28 209.216.203.28 is virt8r.secure-wi.com 209.216.203.28 not listed in bl.spamcop.net Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 153.9 days. In the past 12.1 days, it has been listed 3 times for a total of 4.5 days In the past week, this system has: Been reported as a source of spam less than 10 times Been witnessed sending mail about 40 times A sample sent sometime during the 24 hours beginning Wednesday 2004/04/07 20:00:00 -0400: Received: Subject: outsource your software development work - india - hr From: ka.. at ..x.com A sample sent sometime during the 24 hours beginning Wednesday 2004/03/31 19:00:00 -0500: Received: from - (- -.-.com) (209.216.203.28) by -.-.net with - - Apr 2004 - - Subject: outsource your software development work - india - hr From: ka.. at ..t.com A sample sent sometime during the 24 hours beginning Saturday 2004/03/27 19:00:00 -0500: Received: from -.-.com (-.-.com [209.216.203.28]) by -.-.-.com (-.-) with - id -203-28- Sun, 28 Mar 2004 - - Subject: market watch alert - From: [ non-parseable address suppressed ] Similarly, this link shows the following in part: Query bl.spamcop.net - 209.216.205.82 209.216.205.82 is gamble-america.com 209.216.205.82 not listed in bl.spamcop.net SpamCop has no record of this system It appears that 209.216.203.28 was not exclusively yours - it was used by all of the customers assigned to Secure - WI's virtual host "8r". It also appears that abuse[at]gamble-america.com would bounce and that gamble-america.com has no listed phone number, both violations of RFCs with listings pending here. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 9, 2004 Share Posted April 9, 2004 All of this is speculation without seeing the headers of the message as it reached the server that issued the block. That information may be included in the bounce. Otherwise, I could setup a test account you could send email to so I could post what the headers look like. 1. For outgoing messages, do you use your own mail server or are you using your ISP's server? I can see your incoming MX are: gamble-america.com MX preference = 10, mail exchanger = www.gamble-america.com gamble-america.com nameserver = ns2.hostdns4u.com gamble-america.com nameserver = ns1.hostdns4u.com www.gamble-america.com internet address = 209.216.205.82 ns2.hostdns4u.com internet address = 209.126.236.2 ns1.hostdns4u.com internet address = 209.126.235.2 2. If you send your email through your ISP's host or your mail server is using their server to get to the internet, their IP will still be the connecting server. Your server should be connecting directly to the MX server of the recipient. Link to comment Share on other sites More sharing options...
Spambo Posted April 10, 2004 Share Posted April 10, 2004 [snip] The big question is why Spamcop thinks gamble-america.com is 209.216.203.28 instead of its new IP, 209.216.205.82.[snip] SpamCop thinks gamble-america.com is at 209.216.205.82 See http://www.spamcop.net/sc?track=gamble-america.com and http://www.spamcop.net/w3m?action=checkblock&ip=209.216.205.82 says that the IP is not listed and there is no record of it ever being listed. Link to comment Share on other sites More sharing options...
artgamble711 Posted April 10, 2004 Author Share Posted April 10, 2004 Thanks everone for the replies. I must admit, I really don't understand most of what has been told to me. Let me start with what I do. I own a travel agency, I send out my last minute specials. Here is what i do. I have a large (a little over 1,000) people on my email list. I use Outlook Express. I have these people broken down into 2 groups. When i send an email, I send it to myself, and then list one of the groups as a blind carbon copy. When i get the email sent to myself, i forward it to the other group. The company that hots my website is Web Intellects somewhere in California. I am in Ohio. I really do not understand how email works, I know I send it, hopefully people get it. Web Intellect has set me up with my own IP (because of all the problems I encountered.) The problem now is that I am still getting some mail blocked, but SUPPOSEDLY, it is not coming from my IP. I will send a copy of my mail to any address you tell me to. Just let me know. Also, please let me know how to list my phone number. Every thing I do is above board and I never send spam. Here is all my information. Art Nittskoff President of Gamble America 33536 Aurora Rd Cleveland, Ohio 44139 440 498-2100 or 800 677-DICE (3423) Thanks again to everone that took the time to reply! Thanks, Art Nittskoff Gamble America Art[at]Gamble-America.com 440 498-2100 800 677-DICE (3423) Link to comment Share on other sites More sharing options...
Miss Betsy Posted April 10, 2004 Share Posted April 10, 2004 It sounds as if you are very conscientious about your mailings. But not knowing much about email, maybe you are doing something you shouldn't and wouldn't if you knew. Have you read the pinned FAQ on "Best Mailing Practices?" http://forum.spamcop.net/forums/index.php?showtopic=779 Even if it doesn't apply to this problem, if you haven't read these links, you might find some interesting items there. Hope you get the problems worked out. Miss Betsy Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 10, 2004 Share Posted April 10, 2004 Please send a test email to spamtest<at>poboxes.com and I will paste the headers here with any explaination I can come up with. PLease put your handle here (artgamble711) in the subjet so I don't repot it mistakenly. You could also tell us what the setting in your Outlook Express for SMTP server is. When you send an email your local machine looks to the server (A) it is configured to use to send that message, usually a mail server for your company or the mail server for your ISP. That server (A) usually checks that you ar authorized to send messges through it, then checks the email addresses for the repicients. For each email address, that server looks to the internet and asks which machine accepts mail for that address and then connects to that server ( and sends the message. That server ( holds the message to be picked up by the recipient. Sometimes there are multiple servers between (A) and ( but they all do the same thing. Before seeing your headers, I am guessing you are still using your ISP's SMTP server which is on the bl, probably not due to your message but because they have not stopped other spammers from usng the server. We will know more with the headers. Link to comment Share on other sites More sharing options...
Spambo Posted April 10, 2004 Share Posted April 10, 2004 Thanks everone for the replies. I must admit, I really don't understand most of what has been told to me. Let me start with what I do. I own a travel agency, I send out my last minute specials. [snip] Maybe you should read the articles at MAPS Basic Mailing List Management Guidelines for Preventing Abuse and cluelessmailers.org Best Practices to ensure that you are not spamming some of the recipients on your mailing lists. Link to comment Share on other sites More sharing options...
Wazoo Posted April 10, 2004 Share Posted April 10, 2004 Maybe you should read the articles at MAPS Basic Mailing List Management Guidelines for Preventing Abuse and cluelessmailers.org Best Practices to ensure that you are not spamming some of the recipients on your mailing lists. Just so there's no confusion, both of these items are addressed in Miss Betsy's pointer to the Pinned item at http://forum.spamcop.net/forums/index.php?showtopic=779 Link to comment Share on other sites More sharing options...
Spambo Posted April 10, 2004 Share Posted April 10, 2004 Just so there's no confusion, both of these items are addressed in Miss Betsy's pointer to the Pinned item at http://forum.spamcop.net/forums/index.php?showtopic=779 Added emphasis ;o) Link to comment Share on other sites More sharing options...
Merlyn Posted April 10, 2004 Share Posted April 10, 2004 I believe there is more here than the eye can see. It would be nice to know the IP that was "actually" blocked. This has been a very slippery topic. Link to comment Share on other sites More sharing options...
artgamble711 Posted April 10, 2004 Author Share Posted April 10, 2004 I sent the email to spamtest[at]poboxes.com Here are my settings: SMTP: 209.216.205.82 Thanks again for all the help. Art Link to comment Share on other sites More sharing options...
StevenUnderwood Posted April 10, 2004 Share Posted April 10, 2004 And I have received it. If OE on your machine is set to use 209.216.205.82 as it's SMTP server as you mention, it does not appear to be working properly. This message went from your machine on ameritech.net to 209.216.203.28 which is what the original error message stated. They (my email server) changed me to my own IP. The listing below shows they did not do what they said they would. You are still sharing a mail server with others who are sending spam with subjects like: Subject: outsource your software development work - india - hr Subject: market watch alert - Unless you a) get them to remove their spammers, move your email to another server which does not have spammers, or c) move to a different email provider, you will continue to have problems. You can present the headers below (munged with x for your address and y and z for my addresses) as evidence to your email provider. Content-Type: multipart/alternative; boundary="----=_NextPart_000_007D_01C41F21.706ADD50" Date: Sat, 10 Apr 2004 17:29:54 -0400 [17:29:54 EDT] Delivered-To: z From: Art Nittskoff <x> MIME-Version: 1.0 Message-ID: <008001c41f42$f83b8790$fdd72743[at]art> Received: (qmail 28387 invoked from network); 10 Apr 2004 21:30:15 -0000 Received: from unknown (192.168.1.101) by blade6.cesmail.net with QMQP; 10 Apr 2004 21:30:15 -0000 Received: from apollo.netforward.com (HELO a5.netforward.com) (69.56.175.229) by mailgate.cesmail.net with SMTP; 10 Apr 2004 21:30:15 -0000 Received: from virt8r.secure-wi.com (virt8r.secure-wi.com [209.216.203.28]) by a5.netforward.com (8.12.9/8.12.9) with ESMTP id i3ALUFOQ031058 for <y>; Sat, 10 Apr 2004 16:30:15 -0500 Received: from art (adsl-68-76-120-21.dsl.bcvloh.ameritech.net [68.76.120.21]) (authenticated (0 bits)) by virt8r.secure-wi.com (8.11.6/8.11.6) with ESMTP id i3ALU4316210 for <y>; Sat, 10 Apr 2004 14:30:04 -0700 Return-Path: <x> Subject: artgamble711 (test email) To: y X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 X-Priority: 3 X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6 X-spam-Level: * X-spam-Status: hits=1.7 tests=CLICK_BELOW,HTML_COMMENT_SAVED_URL, HTML_FONTCOLOR_RED,HTML_FONTCOLOR_UNKNOWN, HTML_FONT_BIG,HTML_LINK_CLICK_HERE,HTML_MESSAGE,HTML_TAG_EXISTS_TBODY, LINES_OF_YELLING, LINES_OF_YELLING_2,OFFERS_ETC,SAVE_UP_TO version=2.63 X-SpamCop-Checked: 192.168.1.101 69.56.175.229 209.216.203.28 68.76.120.21 P.S. This IP is currently NOT on the BL. Link to comment Share on other sites More sharing options...
Merlyn Posted April 11, 2004 Share Posted April 11, 2004 68.76.120.21 is a dynamic IP, many hosts/ISP's will not receive mail from a dynamic IP. Why don't you use the ameritech's email servers? Dynamic IP's are not trusted by most. Yes your IP is blocked in: NJABL Not Just Another Blacklist.: dnsbl.njabl.org -> 127.0.0.3 swbell.net PPPoX DSL Pools -- 1071415970 (Sun Dec 14 16:32:50 2003) NJABLDYNA NJABL list of dynamic ip spaces: dynablock.njabl.org -> 127.0.0.3 Dynamic/Residential IP range listed by NJABL dynablock - http://njabl.org/dynablock.html BLARSBL Blars Block List: block.blars.org -> 127.1.0.1 ameritech.net. Dial-Up/Cable/DSL/Home IP Range - Use your providers SMTP Gateway or whitelist your server at: http://moensted.dk/spam/no-more-funn/?addr=68.76.120.21 \ Victoria Chan\ <vkchan[at]kendryl.net> / http://ws.arin.net/cgi-bin/whois.pl?queryinput=N% UUINTRUDERS local bl at Uppsala University: intruders.docs.uu.se -> 127.0.0.2 And any other prive servers that block dynamic ranges. Link to comment Share on other sites More sharing options...
Wazoo Posted April 11, 2004 Share Posted April 11, 2004 68.76.120.21 is a dynamic IP, many hosts/ISP's will not receive mail from a dynamic IP. Why don't you use the ameritech's email servers? He is, and that's the IP that has issues (though not listed at SpamCop just now) ... I'm beginning to wonder if the talk at the start of this thread was some kind of confusion between the poster and the "support" dudes at the ISP ... Received: from virt8r.secure-wi.com (virt8r.secure-wi.com [209.216.203.28]) e-mail to Steven shows the same address complained about in the beginning is still being used for outgoing e-mail. The big question is why Spamcop thinks gamble-america.com is 209.216.203.28 instead of its new IP, 209.216.205.82. alleged quote from techy at ISP now questioning the "was" (referencing the e-mail server) and "is" (perhaps the web-site [never actually stated that a web-site was in the conversation, other than the mentioning of the Domain name a number of times]) Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.