![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: History
John E. Malmberg
wb8tyw at qsl.network
Tue Feb 1 23:24:09 EST 2005
Paul Peeraerts wrote:
> My mail server uses the Spamcop blacklists, and a client that tried to
> send a mail to us received the following warning:
>
> Blocked - see http://www.spamcop.net/bl.shtml?193.252.22.175
> but if you go to that URL you get:
>
> 193.252.22.175 not listed in bl.spamcop.net
>
> So I suppose the IP-number was delisted just recently. Is there a place
> where I can find the recent history of listing and delisting for a given
> IP-number?
The full information is only available from a deputy, because as has
been explained before, the spammers were using the data.
But there is more information available from other sources:
And your unless your client's ISP fixes what appears to be a severe
security problem on their network, they will probably find more and more
networks refusing their e-mail.
http://ops.mail-abuse.com/cgi-bin/nph-ops-sview?193.252.22.175
It shows that this is the output relaying for a web mailer that as of
Jan 23 was sending illegal Nigerian 419 scams on behalf of criminals.
As long as these criminals can use that web mailer, it has effectively
made those mail servers the output of an open relay.
The people that report this spam to the MAPS-OPS typically also will
report it to other anti-spam organizations, so there is no telling how
many private blocking lists that mail server is on.
Spamhaus.org is now listing networks that permit spammers to send
Nigerian 419 scams, and spamhaus.org is more widely used as a blocking
list than spamcop.net.
That mail server is not currently listed with spamhaus.org, but with
what can be viewed from it, it is probably a matter of time.
http://groups-beta.google.com/groups?as_epq=%22193.252.22.175%22&as_ugroup=*abuse*
Is showing a 419 scam dated JAN 30, 2005.
In this case, the mail server is not admitting where it got the spam
that it is sending from, which is a very bad sign. It indicates that
the spammer possibly has administrative access to the server, or a
server on a local LAN.
The public evidence is that this mail server and the network around them
have severe security problems and a number of criminals on the internet
have found this out, and have taken at least some control of them.
Criminals sell this information to other criminals, so until your
client's ISP takes action to stop them, this problem will only get worse
for them.
I would not worry too much about the spamcop.net reports, I would
recommend that your client's ISP do a complete security audit on the
servers until they find out how these criminals are able to send spam
through it.
And unlike your server which gives an SMTP diagnostic when it does not
accept e-mail, many commercial spam filters just silently delete mail
from sources of spam.
So when your client does not get a rejection message from other networks
they send e-mail to, there still is a high possibility that their
intended recipient never received their e-mail.
-John
wb8tyw at qsl.network
Personal Opinion Only
More information about the SpamCop-Help
mailing list