This is Interesting: Free Magazines for Graphics designers and webmasters
Home > Archive > Webmaster forum > June 2007 > Email problems (spamblock lists)
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Email problems (spamblock lists)
|
|
| Alfred Molon 2007-06-22, 6:20 pm |
| This year it has happened many times that emails which I sent were
blocked because the IP address of the mailserver was in some spamblock
list. Emails would bounce back, I would contact my provider who in turn
would trigger the removal of the IP address from the blacklist.
A number of times I have had my site (and the mailserver) moved to a
different server with a different IP address, only to experience a few
weeks later that the new IP address would be listed in a spam list.
This is really driving me crazy. Any suggestions about what I might do?
Is this a frequent problem?
By the way, I also have an auxiliary email address (@gmx.de) and there I
have never experienced that a mail would bounce back.
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
| Auggie 2007-06-22, 6:20 pm |
|
"Alfred Molon" <alfred_molonCANCEL@yahoo.com> wrote in message
news:MPG.20e6590532df53e098b568@news.supernews.com...
> This year it has happened many times that emails which I sent were
> blocked because the IP address of the mailserver was in some spamblock
> list. Emails would bounce back, I would contact my provider who in turn
> would trigger the removal of the IP address from the blacklist.
>
> A number of times I have had my site (and the mailserver) moved to a
> different server with a different IP address, only to experience a few
> weeks later that the new IP address would be listed in a spam list.
>
> This is really driving me crazy. Any suggestions about what I might do?
>
> Is this a frequent problem?
>
> By the way, I also have an auxiliary email address (@gmx.de) and there I
> have never experienced that a mail would bounce back.
Because you have moved your server in the past and had it start up again it
sounds like the problem could be you, rather than the mail server (IE: If
the mail server was being used by another user to spam people and then the
WHOLE server gets blocked because of one user)
Have you checked if you have an email virus that is spamming people every
time you check email?
Do you have a dynamic IP and your ISP allows people to run servers through
their accounts? (happened to me once where I picked up an IP address of
somebody who had spammed millions of people from his home computer and thus
all my emails were being blocked).
As for the scope of the problem: Do you know if you are in an actual spam
blacklist? Or are you just suspecting you are? Many places have tightened
up spam filters so if you use a domain name as your FROM address some sites
just block them without even running a filter over the content of the email.
| |
| Alfred Molon 2007-06-22, 6:20 pm |
| In article <88Xei.1136$qC1.264@edtnps89>, Imperial.Palace@Rome.It says...
> Because you have moved your server in the past and had it start up again it
> sounds like the problem could be you, rather than the mail server (IE: If
> the mail server was being used by another user to spam people and then the
> WHOLE server gets blocked because of one user)
>
> Have you checked if you have an email virus that is spamming people every
> time you check email?
I'm connecting to the Internet through a DSL account of GMX; right now
my IP address is 84.154.57.174.
The mailserver through which I send emails is the one of my host (all-
inkl) and its IP address is a different one (85.13.131.xxx).
There is no spambot on my site, and if there was one sending zillions of
emails, my host would have found out long ago. They are not that
incompetent.
> Do you have a dynamic IP and your ISP allows people to run servers through
> their accounts? (happened to me once where I picked up an IP address of
> somebody who had spammed millions of people from his home computer and thus
> all my emails were being blocked).
The problem does not originate from our home computer (see above).
> As for the scope of the problem: Do you know if you are in an actual spam
> blacklist? Or are you just suspecting you are? Many places have tightened
> up spam filters so if you use a domain name as your FROM address some sites
> just block them without even running a filter over the content of the email.
One email just bounced back with this message:
host smtpgate.chello.at[213.46.255.2] said: 551 Mail from your IP
address is currently blocked based on RBL listing (in reply to RCPT TO
command)
On June 14th an email bounced back with this error code:
host hrndva-02.mgw.rr.com[24.28.204.36] refused to talk to me: 550-
hrndva-mx-13.mgw.rr.com 550 ERROR: Mail Refused - 85.13.131.115 - See
http://security.rr.com/cgi-bin/bloc...p?85.13.131.115
Is this enough proof?
BTW, on June 14th I asked my host to move my site and mailserver to a
different server with a different IP address, but one week later this
new IP address was in a spamblock list.
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
| Auggie 2007-06-22, 10:19 pm |
|
"Alfred Molon" <alfred_molonCANCEL@yahoo.com> wrote in message
news:MPG.20e6646019df609c98b56a@news.supernews.com...
> In article <88Xei.1136$qC1.264@edtnps89>, Imperial.Palace@Rome.It says...
>
>
> I'm connecting to the Internet through a DSL account of GMX; right now
> my IP address is 84.154.57.174.
Thats a Netherlands IP address.... that probably explains it.
I have my own mail server and get maybe 600-700 spam emails a day from the
Netherlands... So personally I just block the entire IP range as its
generally pretty safe to presume if it comes from the Netherlands its going
to be spam.
So you might not be a spammer, but that doesn't really help you when 99% of
the other users are... and thats most likely your problem.
| |
| Jim Moe 2007-06-22, 10:19 pm |
| Alfred Molon wrote:
> This year it has happened many times that emails which I sent were
> blocked because the IP address of the mailserver was in some spamblock
> list. Emails would bounce back, I would contact my provider who in turn
> would trigger the removal of the IP address from the blacklist.
>
> A number of times I have had my site (and the mailserver) moved to a
> different server with a different IP address, only to experience a few
> weeks later that the new IP address would be listed in a spam list.
>
Just to be clear: You have your own site hosted on an ISP? Both a
website and email are there. You use that site to relay your mail to the
world.
- If you have a "Contact Us" mail form on your website, it may be hijacked
to send spam. This happened to us a while back. Several large ISPs
suddenly started rejecting our mail because of a poorly written mail script.
- You have a weak username and password for the mail account. It may be
used to relay undesirable mail.
- Your own computer (not the hosted site) may have a virus, trojan,
spambot or rootkit for sending spam.
--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
| |
| Viper 2007-06-22, 10:19 pm |
| Auggie wrote:
> "Alfred Molon" <alfred_molonCANCEL@yahoo.com> wrote in message
> news:MPG.20e6646019df609c98b56a@news.supernews.com...
>
> Thats a Netherlands IP address.... that probably explains it.
>
> I have my own mail server and get maybe 600-700 spam emails a day
> from the Netherlands... So personally I just block the entire IP
> range as its generally pretty safe to presume if it comes from the
> Netherlands its going to be spam.
>
> So you might not be a spammer, but that doesn't really help you when
> 99% of the other users are... and thats most likely your problem.
I block all that IP Space too.
| |
| Alfred Molon 2007-06-23, 6:17 am |
| In article <sMYei.1156$qC1.446@edtnps89>, Imperial.Palace@Rome.It
says...
>
>
> Thats a Netherlands IP address.... that probably explains it.
>
> I have my own mail server and get maybe 600-700 spam emails a day from the
> Netherlands... So personally I just block the entire IP range as its
> generally pretty safe to presume if it comes from the Netherlands its going
> to be spam.
>
> So you might not be a spammer, but that doesn't really help you when 99% of
> the other users are... and thats most likely your problem.
Sigh...
84.154.57.174 is NOT a Netherlands IP address. It is a GERMAN IP
address, owned by Deutsche Telekom:
inetnum: 84.136.0.0 - 84.191.255.255
netname: DTAG-DIAL20
descr: Deutsche Telekom AG
country: DE
admin-c: DTIP
tech-c: DTST
status: ASSIGNED PA
And that is the IP address of my DSL account. The emails are sent from
the mailserver of the host. If I resend the emails through another
mailserver they are not blocked.
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
| Alfred Molon 2007-06-23, 6:17 am |
| In article <M7KdndQmhomo8-HbnZ2dnUVZ_jydnZ2d@giganews.com>, jmm-
list.AXSPAMGN@sohnen-moe.com says...
> Just to be clear: You have your own site hosted on an ISP? Both a
> website and email are there. You use that site to relay your mail to the
> world.
1. No, the host is not an ISP.
2. The host provides the mailserver of the @molon.de addresses.
> - If you have a "Contact Us" mail form on your website, it may be hijacked
> to send spam. This happened to us a while back. Several large ISPs
> suddenly started rejecting our mail because of a poorly written mail script.
I do not have a "Contact us mailform on the site. And if somebody
managed to plant a spamscript on the site sending zillions of spam
mails, the host would have found out a long time ago.
> - You have a weak username and password for the mail account. It may be
> used to relay undesirable mail.
Then I will change all passwords, just to be on the safe side. But as I
wrote above, if the tons of spam originated from my site, the provider
would have found out - so I would rule out this possibility.
> - Your own computer (not the hosted site) may have a virus, trojan,
> spambot or rootkit for sending spam.
No, because in that case it would be the IP address of the DSL account
which is blacklisted, not the IP address of the host's mailserver.
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
| Doc O'Leary 2007-06-23, 6:20 pm |
| In article <MPG.20e6590532df53e098b568@news.supernews.com>,
Alfred Molon <alfred_molonCANCEL@yahoo.com> wrote:
> This year it has happened many times that emails which I sent were
> blocked because the IP address of the mailserver was in some spamblock
> list. Emails would bounce back, I would contact my provider who in turn
> would trigger the removal of the IP address from the blacklist.
>
> A number of times I have had my site (and the mailserver) moved to a
> different server with a different IP address, only to experience a few
> weeks later that the new IP address would be listed in a spam list.
>
> This is really driving me crazy. Any suggestions about what I might do?
Your ISP is spam friendly, and is clearly taking more steps to actively
help spammers than help you. There is no other reason to keep shifting
a mail server to a "clean" IP address. The best thing you can do is
stop doing business with them.
> Is this a frequent problem?
Not with any reasonable provider.
--
My personal UDP list: 127.0.0.1, 4ax.com, buzzardnews.com, googlegroups.com,
heapnode.com, localhost, x-privat.org
| |
| Alfred Molon 2007-06-23, 6:20 pm |
| In article <droleary.usenet-6E9740.05461623062007@sn-ip.vsrv-
sjc.supernews.net>, droleary.usenet@2q2007.subsume.com says...
> Your ISP is spam friendly, and is clearly taking more steps to actively
> help spammers than help you. There is no other reason to keep shifting
> a mail server to a "clean" IP address. The best thing you can do is
> stop doing business with them.
The ISP is the company providing access to the Internet, while the host
is the company providing webspace and the mailserver. Which of the two
companies are you referring to?
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
|
| Alfred Molon wrote:
> In article <sMYei.1156$qC1.446@edtnps89>, Imperial.Palace@Rome.It
> says...
>
> Sigh...
>
> 84.154.57.174 is NOT a Netherlands IP address. It is a GERMAN IP
> address, owned by Deutsche Telekom:
>
> inetnum: 84.136.0.0 - 84.191.255.255
> netname: DTAG-DIAL20
> descr: Deutsche Telekom AG
> country: DE
> admin-c: DTIP
> tech-c: DTST
> status: ASSIGNED PA
>
> And that is the IP address of my DSL account. The emails are sent from
> the mailserver of the host. If I resend the emails through another
> mailserver they are not blocked.
Either way it is still a bad IP block. When the EU changes its laws allowing
ISP's to keep records on who used what IP address and when so they can do
their jobs removing spammers then maybe the rest of the world will accept
their traffic.
| |
| Jim Moe 2007-06-23, 6:20 pm |
| Alfred Molon wrote:
>
> I do not have a "Contact us" mailform on the site. And if somebody
> managed to plant a spamscript on the site sending zillions of spam
> mails, the host would have found out a long time ago.
>
Spammers are smarter than that now. When we were hijacked, the volume of
spam sent was a few 1000s per day, but not enough to trigger our host's
warning system.
The only way to know for sure is to study your mail logs. Look for
outgoing messages that you did not send.
>
> [...] if the tons of spam originated from my site, the provider
> would have found out - so I would rule out this possibility.
>
Large email servers have set a very low threshold for detecting spam
sites, sometimes as few a 1000 per day from a single IP address.
--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
| |
| Auggie 2007-06-23, 6:20 pm |
|
"Alfred Molon" <alfred_molonCANCEL@yahoo.com> wrote in message
news:MPG.20e6f45d62ed9e1098b56c@news.supernews.com...
> In article <sMYei.1156$qC1.446@edtnps89>, Imperial.Palace@Rome.It
> says...
>
> 84.154.57.174 is NOT a Netherlands IP address. It is a GERMAN IP
> address, owned by Deutsche Telekom:
>
Ok. I said "Netherlands" because as soon as I saw your IP address I thought
"thats a bad one" so I went to arin.net and did the whois and it came up
with:
OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
But yes, going to hostip.info does say your IP is in Germany.
But either way, in that the RIPE Network guys are coming up in doing the
whois I would still say thats whats causing your problems.
| |
| Alfred Molon 2007-06-23, 6:20 pm |
| In article <4e-dnXMWZeFcxODbnZ2dnUVZ_hisnZ2d@giganews.com>, jmm-
list.AXSPAMGN@sohnen-moe.com says...
> The only way to know for sure is to study your mail logs. Look for
> outgoing messages that you did not send.
I don't have mail logs.
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
| Blinky the Shark 2007-06-23, 6:20 pm |
| Auggie wrote:
>
> "Alfred Molon" <alfred_molonCANCEL@yahoo.com> wrote in message
> news:MPG.20e6f45d62ed9e1098b56c@news.supernews.com...
>
> Ok. I said "Netherlands" because as soon as I saw your IP address I thought
> "thats a bad one" so I went to arin.net and did the whois and it came up
> with:
>
> OrgName: RIPE Network Coordination Centre
> OrgID: RIPE
> Address: P.O. Box 10096
> City: Amsterdam
> StateProv:
> PostalCode: 1001EB
> Country: NL
>
> But yes, going to hostip.info does say your IP is in Germany.
The RIPE page also said:
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
That that link leads you to:
Deutsche Telekom AG, Internet service provider
--
Blinky RLU 297263
Killing all posts from Google Groups
The Usenet Improvement Project: http://blinkynet.net/comp/uip5.html
| |
| Doc O'Leary 2007-06-24, 6:19 pm |
| In article <MPG.20e72d0678f7d09398b572@news.supernews.com>,
Alfred Molon <alfred_molonCANCEL@yahoo.com> wrote:
> In article <droleary.usenet-6E9740.05461623062007@sn-ip.vsrv-
> sjc.supernews.net>, droleary.usenet@2q2007.subsume.com says...
>
>
> The ISP is the company providing access to the Internet, while the host
> is the company providing webspace and the mailserver. Which of the two
> companies are you referring to?
I am referring to the Provider of the Internet Service in question.
--
My personal UDP list: 127.0.0.1, 4ax.com, buzzardnews.com, googlegroups.com,
heapnode.com, localhost, x-privat.org
| |
| Jim Moe 2007-06-24, 6:19 pm |
| Alfred Molon wrote:
>
>
> I don't have mail logs.
Your ISP/hosting service does. You should have access to them.
--
jmm (hyphen) list (at) sohnen-moe (dot) com
(Remove .AXSPAMGN for email)
| |
| Alfred Molon 2007-06-24, 6:19 pm |
| In article <IK-dnYDJEtN8PuPbnZ2dnUVZ_qrinZ2d@giganews.com>, jmm-
list.AXSPAMGN@sohnen-moe.com says...
>
> Your ISP/hosting service does. You should have access to them.
I'm not so sure. They were able to produce logs for the past day, but
were unable to tell me how many emails had been sent in the month of
June.
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
| Alfred Molon 2007-06-24, 6:19 pm |
| In article <droleary.usenet-C92A1A.06031424062007@sn-ip.vsrv-
sjc.supernews.net>, droleary.usenet@2q2007.subsume.com says...
>
> I am referring to the Provider of the Internet Service in question.
And which Internet service are you referring to - the hosting service? I
don't know if the host is spam-friendly, or if other hosts are less
spam-friendly.
If hosts are indeed spam-friendly, I'd need information about how spam-
friendly are other hosts.
The host claims that the spam is generated by hackers who exploit known
vulnerabilities in standard Open Source scripts for mail forms.
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
| Beauregard T. Shagnasty 2007-06-24, 6:19 pm |
| Alfred Molon wrote:
> The host claims that the spam is generated by hackers who exploit known
> vulnerabilities in standard Open Source scripts for mail forms.
The host should be responsible enough to shut down the sites on his
servers that have been hacked, and notify the owners/webmasters of their
errors.
If any of the thousand or so other people/sites sharing your web/mail
hosting server are running insecure "contact us" scripts, the server's
IP address will surely be put on blocklists. All it takes is one of
those on your server. Check your bot logs and see if you have searches
for "formmail.pl", "formmail.cgi" and similar.
There are still thou^Wmillions of people using Matt's Formmail, which is
as secure as a piece of swiss cheese.
--
-bts
-Motorcycles defy gravity; cars just suck
| |
| Charles Sweeney 2007-06-24, 6:19 pm |
| Viper wrote
> Auggie wrote:
>
> I block all that IP Space too.
I hope Els doesn't try to email Auggie or Snakey!
See that Els? You're getting tarred with the spam brush!
Unfortunately I can't block the country with the worst and most prolific
spammers. Most of my customers are American and naturally I have to
allow their country.
--
Charles Sweeney
http://CharlesSweeney.com
| |
| Doc O'Leary 2007-06-25, 6:26 pm |
| In article <MPG.20e8d8ba9c354b1b98b580@news.supernews.com>,
Alfred Molon <alfred_molonCANCEL@yahoo.com> wrote:
> And which Internet service are you referring to - the hosting service? I
> don't know if the host is spam-friendly, or if other hosts are less
> spam-friendly.
So get off your XXX and do some research! Your current mail provider is
clearly incompetent and/or black hat. Look for alternatives and, at a
minimum, start checking if *their* servers are getting blocked. It's
not like spamming history for providers is hard to find on the net.
> The host claims that the spam is generated by hackers who exploit known
> vulnerabilities in standard Open Source scripts for mail forms.
They are lying to you. No responsible provider is going to start
shifting server IPs around unless they're actively supporting spammers.
--
My personal UDP list: 127.0.0.1, 4ax.com, buzzardnews.com, googlegroups.com,
heapnode.com, localhost, x-privat.org
| |
| Alfred Molon 2007-06-25, 6:26 pm |
| In article <droleary.usenet-AC81C8.08281725062007@sn-ip.vsrv-
sjc.supernews.net>, Doc O'Leary says...
> So get off your XXX and do some research! Your current mail provider is
> clearly incompetent and/or black hat. Look for alternatives and, at a
> minimum, start checking if *their* servers are getting blocked. It's
> not like spamming history for providers is hard to find on the net.
Never heard anything about that. Where can spamming histories be found?
--
Alfred Molon
http://www.molon.de - Photos of Asia, Africa and Europe
| |
|
| Charles Sweeney wrote:
> Viper wrote
Huh?
[color=darkred]
Right! :S
[color=darkred]
>
> I hope Els doesn't try to email Auggie or Snakey!
Didn't have any plans, no :-)
> See that Els? You're getting tarred with the spam brush!
Only if I use my ISP's mail address - most of the mail I send comes
from the US ;-)
> Unfortunately I can't block the country with the worst and most prolific
> spammers. Most of my customers are American and naturally I have to
> allow their country.
I wish I had a say in what my hosts use for spam block lists - every
day I'm getting closer to the decision to run my own mailserver, just
to be able to email clients without either side being on the spam list
of the other's host :-(
Already two clients now have to use my Dutch (!) email address in
order to reach me, as even the bounces don't get through...
--
Els http://locusmeus.com/
|
|
|
| | Copyright 2003 - 2008 forum4designers.com Software forum Computer Hardware reviews |
|