[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Re: How do I get delisted from the database with my e-mail addresses reporting blocked?

Mike Easter MikeE at ster.invalid
Wed Jan 11 15:43:39 EST 2006 

Dino wrote:
> I tried to send e-mail to one of my distributors and got the following
> response back for several of my address attempts:
>
> "Hi. This is the qmail-send program at mail01k.rapidsite.net.
> I'm afraid I wasn't able to deliver your message to the following
> addresses. This is a permanent error; I've given up. Sorry it didn't
> work out.

That is your recipient's server blocking your mail and saying something
that is not correct or accurate for the basis of the block.  So the
message isn't at all helpful to us about understanding what IP address
might be blocked.

> <thomasp at synnex.com>:
> 63.144.8.5 does not like recipient.
> Remote host said: 550 Message refused because the sender
> dvaresco at dcvtech.com is listed as a known
> spammer on SpamCop.net
> Giving up on 63.144.8.5."

SpamCop SC does not block anything, but SC does maintain a blocklist;
but that blocklist is a list of IP addresses not email addresses.  So
therefore the 550 message is 'illogical' -- ie it doesn't make any
sense.

Further, I can't make sense yet of who the players are in the message.
Let's say that the mail was from your address and going out your mail
provider's output server and it would be trying to go in to your
recipient's MX.  So, you are dvaresco at dcvtech.com and your recipient is
thomasp at synnex.com   -- 63.144.8.5 rDNS emailgateway1.synnex.com and
that is the primary MX for synnex.com addresses.

Next we are trying to figure out what is the IP of your output server.
Your incoming MX server is

Mail for dcvtech.com is handled by mail-fwd.mx.rapidsite.net
Addresses:
  198.66.41.34

but that isn't necessarily your output server.  If I go look at the
output servers listed at senderbase, I see about 20 of them, so your
mail could have been trying to go out any one of these:

131.103.218.141 mail01c.rapidsite.net
131.103.218.109 mail01b.rapidsite.net
131.103.218.197 mail01l.rapidsite.net
131.103.218.175 mail01h.rapidsite.net
131.103.218.78 mail01e.rapidsite.net
131.103.218.173 mail01d.rapidsite.net
131.103.218.77 mail01a.rapidsite.net
131.103.218.174 mail01g.rapidsite.net
131.103.218.194 mail01i.rapidsite.net
131.103.218.196 mail01k.rapidsite.net
131.103.218.110 mail01f.rapidsite.net
131.103.218.195 mail01j.rapidsite.net
128.121.64.70 mail14a.g14.rapidsite.net
128.121.64.164 mail14b.g14.rapidsite.net
128.121.64.66 mail14d.g14.rapidsite.net
128.121.64.165 mail14c.g14.rapidsite.net
207.158.192.62 mail.rapidsite.net
199.239.254.18 mail-fwd.mx.g19.rapidsite.net
198.66.41.34 mail-fwd.mx.rapidsite.net
208.55.43.123 mail-fwd.rapidsite.net
198.66.41.36 mail-fwd.rapidsite.net
128.121.85.2 mail-fwd.mx.g14.rapidsite.net

That's why you wish that any block message you got had named the IP of
the output server instead of such a stupid message.

131.103.218.141 mail01c.rapidsite.net is SCbl listed
131.103.218.109 mail01b.rapidsite.net is SCbl listed
131.103.218.175 mail01h.rapidsite.net is SCbl listed
131.103.218.175 mail01h.rapidsite.net is SCbl listed
131.103.218.78 mail01e.rapidsite.net is SCbl listed
131.103.218.173 mail01d.rapidsite.net is SCbl listed
131.103.218.77 mail01a.rapidsite.net is SCbl listed
131.103.218.174 mail01g.rapidsite.net is SCbl listed
131.103.218.194 mail01i.rapidsite.net is SCbl listed
131.103.218.196 mail01k.rapidsite.net is SCbl listed
131.103.218.195 mail01j.rapidsite.net is SCbl listed

So, obviously rapidsite has a problem.  Let's look at the top one

it will be delisted automatically in approximately 21 hours.
has sent mail to SpamCop spam traps
System administrator has already delisted this system once
In the past 314.8 days, it has been listed 60 times for a total of 62.7
days

Other hosts in this "neighborhood" with spam reports
131.103.218.77 131.103.218.78 131.103.218.79 131.103.218.80
131.103.218.109 131.103.218.110 131.103.218.111 131.103.218.112
131.103.218.142 131.103.218.143 131.103.218.173 131.103.218.174
131.103.218.175 131.103.218.194 131.103.218.195 131.103.218.196
131.103.218.197 131.103.218.198

> I know I am not a spammer as I am the only one that uses my e-mail
> address.  I tried inputting my IP address into the Spamcop IP address
> checking system as well as 63.144.8.5 that was listed in the error msg
> above, and it says it is not blocked, so I am lost as to what to do.
> There is also no contact info for the Spamcop people.

Your problem is that your mail provider's output servers are getting
themselves listed as a spamsource because they are hitting spamtraps.

As a result of bad or abusive behavior by your mail provider, then other
people who use the SCbl to help them block spam and other abusive mail,
such as backscatter, are going to block your provider's output server's
IP address.

The message you got is inaccurate.  Your email address wasn't blocked by
anything having to do with spamcop.  Your provider's IP address was
blocked by your recipient's server based on the SCbl listing of that
server IP.

verio.net is notified about the abuses of the output servers above
because of this structure.

http://www.spamcop.net/sc?action=rcache;ip=131.103.218.141

Personally, I would notify
OrgAbuseEmail:  abuse at us.ntt.net

and
whois -h whois.abuse.net us.ntt.net ...
postmaster at ntt.net  abuse at ntt.net (for ntt.net)

in addition to verio.

Also, if I were rapidsite and if I were the domainname owner for
dcvtech.com -- I would want some other arrangements about my mail.

It looks like your are the domainname registrant for dcvtech, so I
recommend that you make a change in your mail service provider to one
that doesn't find itself listed on major spam blocklists.

Or, if you can motivate rapidsite to find out what is going wrong with
its servers to cause its many output servers to be hitting spamcop
spamtraps.


-- 
Mike Easter
kibitzer, not SC admin

More information about the SpamCop-List mailing list