[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Re: 209.86.89.69 (earthlink)

Mike Easter MikeE at ster.invalid
Wed Mar 1 12:09:30 EST 2006


Phillip Remaker wrote:
> DNS lookups for 209.86.89.69 at bl.spamcop.net say it is a spammer.
>
>  "Blocked - see http://www.spamcop.net/bl.shtml?209.86.89.69"

Currently at senderbase the lookup sez it is listed

http://www.senderbase.org/search?searchString=209.86.89.69
Real-time blacklists [ Click to view all ]
 bl.spamcop.net http://spamcop.net/w3m?action=checkblock&ip=209.86.89.69

But it is not unusual for some lookup to be incorrect compared to the
spamcop.net web gizmo.

> But going to the URL
>
> http://www.spamcop.net/w3m?action=blcheck&ip=209.86.89.69
>
> I see
>
> 209.86.89.69 not listed in bl.spamcop.net

That is also what I see at the spamcop web gizmo.

> I had to poke a hole for that IP.  But what happened?  I ended up
> blocking earthlink users.

EL servers can easily get themselves blocklisted, since EL has a
spamblocker which has an abusive configuration of performing challenges.

The default configuration of the EL spamblocker is medium.  EL's medium
spamblocker is quite leaky.  EL admin advises people who are unhappy
with EL's leaky medium spamblocker setting to reconfigure to spamblocker
high.  EL's default configuration for spamblocker high is to send
spamblocker medium spam to the known spam folder, to send whitelisteds
to the Inbox, and to send everything else to the Suspect folder.
Everything which lands in the suspect folder is challenged, which
includes all of the spam which leaked past spamblocker medium.

Those challenges are all going to bogus Froms and the bogus Froms
include spamtraps and spamcop reporters.  As a result, EL servers get
blocklisted and EL customers have trouble with their mail delivery.

I have not been able to convince the EL mail admins to use a default
configuration on the spamblocker high setting to turn challenges off.
Challenging spam is an abusive activity for a server, even if some of
the spam has already been filtered.

> I see a note on net abuse-sightings for 2/22... How did it not cycle
> out of the DNS lookup?

I'm sure the EL server gets itself listed and unlisted all the time.
This recent discrepancy is most likely from being listed and unlisted
again.

-- 
Mike Easter
kibitzer, not SC admin



More information about the SpamCop-List mailing list