[SC-Help] Blocked? Read this.

[Miss Betsy]

Why Am I Blocked?
Probable Causes

If your email has suddenly been blocked by the SpamCop blocklist,
it is probably because you share an IP address with other email
users and there is someone who:

    * is using auto-responses that are replying to spam with forged
spamtrap email addresses (such as Out-of-Office/Vacation notices,
virus notifications, and 'created email' bounces);
    * has a computer with a virus that sends spam without the
owner's knowledge;
    * has a computer that has been compromised and spammers are
remotely controlling it to transmit their spew;
    * is sending unsolicited emails and your internet service
provider is allowing it;
    * or because, as in all systems, there may have been a mistake.
(very rare)

The SpamCop BL listing will expire automatically within a specific
period of time based primarily on when the last spam came from that
IP address. http://www.spamcop.net/fom-serve/cache/297.html for
more information on the SpamCop BL listing.

For people who are operating servers: (followed by FAQ for people
who do not operate servers; if you don’t operate a server, scroll
down until you find it.)

Am I really listed in the SpamCop Blocklist?:
You can check the status of any server by entering its address at
http://www.spamcop.net/bl.shtml  The reason an IP address is listed
can also be obtained from that page.

If the blocklist only lists spamtraps, then the likely culprits are
auto-responders or misdirected bounces (that is, bounce emails sent
after acceptance of the email instead of being rejected by the
server during the SMTP phase, which would include emails such as
"no such user", "non-existent mailbox", and/or "quota exceeded").

If the blocklist only lists reports, you have a spammer at work.

If the blocklist lists spam traps and reports,
    * You have your firewall configured to allow a compromised
machine on your network to spew to the world
      (you do have a firewall in place, don't you?)
    * the SMTP/Auth exploit of an Exchange server is in progress,
see these links:
      http://news.spamcop.net/cgi-bin/fom?file=372
      http://www.winnetmag.com/article/articleid/40507/40507.html
      http://www.winnetmag.com/article/articleid/42406/42406.html
     *A link for your references:  http://dsbl.org/relay-methods
It describes many of the security problems that spammers already
scan for and will exploit to send spam.

      How To Block Open SMTP Relaying and Clean Up Exchange Server
SMTP Queues To prevent SMTP relaying with Microsoft Exchange Server
see
http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958#4
# (NOTE: While commonly seen on Exchange servers, this condition is
possible on all platforms)
     * Your PHP mailer program has been taken over by criminals.
(You did not know that your PHP bulletin board had a very
vulnerable mailer program on it? You did not know that you had PHP
installed and running?)

Please also see:

    * How can I get removed from SpamCop's blocking system?
http://www.spamcop.net/fom-serve/cache/76.html
    * John's explanation at John's revised post, for Why Am I
Blocked FAQ
http://forum.spamcop.net/forums/index.php?showtopic=673
    * Merlyn's explanation at FAQ Entry: Why is my email blocked?
http://forum.spamcop.net/forums/index.php?showtopic=35

Post the IP address that is blocked in the Spamcop web forum or
newsgroup. There are many knowledgeable people in the SpamCop
groups who will help you figure out why and offer solutions. If you
need to know what triggered the report from a spamtrap, email
deputies <at> spamcop.net. Only they can see. However, a post will
generally get you faster replies and more specific help on what is
the problem.

The rest of this FAQ is for people who do not run servers.
For people whose email was returned
Q: What does SpamCop do with my email?
A: Nothing

The Internet Service Provider (ISP) of the person, or business, you
are sending email "To" is blocking email from your ISP's computers
(servers), using a list provided by SpamCop.
Your email doesn't pass through SpamCop's mail servers and SpamCop
has no way of blocking or bouncing your email.
In addition, the SpamCop email service uses the blocklist to "tag"
incoming mail so that suspected spam is placed in a particular
folder and that is the way the blocklist is intended to be used.

Q: What is a blocklist?
A: A blocklist helps ISP’s to prevent spam coming to their
customers.

An ISP can use a blocklist (a list of IP addresses),to block
(bounce back) all email coming from a particular IP address.
The blocking is based not on your email address (which looks like
username at example.com), but on the IP address (which looks like
198.162.250.196).

This IP address is assigned to the mail server you use, which is
probably run by your ISP. You may share this same server with
hundreds or thousands of other customers. If one of the other
customers is sending spam through that shared mail server, it will
cause the IP address of that mail server to be put on the
blocklist. And when you send email through that server, ISP’s who
use blocklists to avoid receiving spam, will also block your email.

SpamCop is one of many blocklists. DNS Blackhole Lists (DNSBLs) is
a link to page that lists and categorizes a number of blocklists.
Trying to describe the difference between spamcop & other lists
(particularly the time it takes to get off the list) and how
SpamCop can be an early warning system for ISP's is a bit
difficult, as each is different in concept, targets, results
ranges, and oversight. If more specific data is desired on other
DNSBLs, please visit that listing site.

Q: What is SpamCop?
A: Unique, automated blocklist and spam filtering

SpamCop has a program that will find the correct address to send a
complaint because the email address you see that says who it is
from is often forged by spammers. SpamCop finds the correct IP
address and forwards complaints for its members. If a lot of
reports are made, the IP address goes on the SpamCop blocklist that
is used by many ISP’s. for more detailed information on how Spamcop
works see: http://www.spamcop.net/fom-serve/cache/3.html


Q: How do ISP’s use SpamCop
A: As 1) a warning that spammers have slipped by their defenses and
2) to block spam.

* Responsible ISP's welcome SpamCop reports and will remove
spammers quickly from their systems.
*When they block emails, they send a message that looks like this:
451 Blocked - see
http://www.spamcop.net/bl.shtml?xxxx.xxxx.xxxx.xxxx:
or
email from xxx.com blocked,refused by Spamcop,see
http://www.spamcop.net

Q: Why me?
A: It Happens to the best of us
It is annoying to have your email blocked. It is also annoying to
have a backhoe interrupt email service.

However, until the blocking problem is resolved, you can email
people through a web based email service (the most familiar web
based email services are hotmail and yahoo).

After you have taken care of the immediate problem of being able to
communicate with someone by email, the next step is to see what can
be done so this inconvenience does not happen to you again.

The one thing you do not want to do is to complain to those
correspondents who are using an email service that uses the SpamCop
blocklist. They probably really like the reduction in spam!

You have the responsibility to see that your ISP provides you with
reliable email service.
See this link for a longer explanation of costs
http://forum.spamcop.net/forums/index.php?showtopic=660

Q: Who do I contact to correct this problem?
A: Your ISP (email service provider) first
Usually the ISP with the blocked IP address has also been notified
with the evidence of spam reports. Your ISP may have already acted
on the Spamcop report they have received by the time you call. It
may just have been a mistake on their part or, possibly, the
reporter's part. Reporters can be fined or banned for mistakes.

As soon as your ISP stops the spam from being sent, or uses the
procedures at SpamCop to point out the reporter's mistake, the IP
address is taken off the blocklist (usually within 48 hours for
spam; immediately for reporter error).

It may be that your call is the first time your ISP has heard that
SpamCop has listed your IP address. Listings are made, in addition
to member reporting, automatically from spamtraps (an eMail address
that is not used, nor published anywhere, so only gets eMail if
someone is sending spam!).

Your ISP can find out about SpamCop at
http://www.spamcop.net/fom-serve/cache/76.html
 if they don’t already know about SpamCop.

SpamCop deputies have access to the full evidence for a listing.
Deputies can delist IP addresses which are listed in error.

Q: My ISP says it’s not their fault.
A: People in this forum will help with information to give your ISP

You will need to know your IP address for people to understand what
has happened (it should be in the message you received telling you
your mail was blocked).
It is also helpful to know the reasons why it was blocked. (To do
this, go to http://www.spamcop.net/bl.shtml . Make a note of the
reason for the listing. For example "Been reported as a source of
spam about 30 times" "Been detected sending mail to spam traps" as
this is important)
There are many people who will explain to you what has happened and
what you can do.

If you are interested in finding out more about blocklists and
exactly why your email was blocked, you may post in the web forum
http://forum.spamcop.net/forums/index.php?showforum=11
or in the SpamCop NNTP newsgroup
news://news.spamcop.net/spamcop.help  with the above information.

Please remember that this block is not aimed at you personally.
There are a limited number of IP addresses on the Internet, so you,
and the spammer, may get a different one each time you log-on. Your
Internet Service Provider is the only one who can investigate and
take action to stop spam from coming from that IP address. In the
meantime, the email service at the other end does not have to
accept your email until spam has stopped coming from that
particular IP address just as postal and package services can
refuse certain types of mail and packages.

Revised 22 February 2005 Added link from John
Revised 17 Feb 2005 - Clarification of non-SMTP-reject e-mail
generation
Revised 2 February 2005 Revised the time period of listing and
added comment that there are two sections Miss Betsy
Revised 26 Jan 2005 - Wazoo added some of WB8TYW's input - more to
come <g>
Revised 18 Nov 2004 - Wazoo added DNSBL List URL
Revised 16 Nov 2004 - Wazoo - Ouch! newsgroup link fixed!
Revised 2 Sep 2004 - Wazoo
Revised August 7, 2004 - Miss Betsy, Wazoo, dbiel
Edited per Wazoo comments March 6, 2004 rev March 7 rev Mar 8 for
format (agsteele) Rev Mar11 with more links Rev Mar 12 with new
John link rev 13 listized "Probable Causes" rev 14 consolidated
some links
Contributors: Michaell, Mike Easter, Wazoo, Greenlady, John, JT,
JeffG
(Last Revised 26 January 2005)
(URL =
http://forum.spamcop.net/forums/lofiversion/index.php/t972.html )


--