|
|
 Up |
|
|
  |
Author: E-Mail Sent to this address will be added to the BlackListsE-Mail Sent to this address will be added to the BlackLists
Date: Jan 7, 2007 11:21
> during configuring squid on www.reactos.org machine, I
> decided to "check" the machine with nphproxy web service,
> which reports open proxies, their ports etc. Yes, it
> found open proxy on Jan 2nd, 2007, which I certainly
> fixed immediately. BUT! That *useful* script reported
> our IP to a few blocking lists (oh, big thanks, very
> useful feature!). And now, I have to spend time removing
> the IP from all kind of lists, including spammers/etc.
Really? {It is not that I doubt you (ok, yea I doubt it).}
The script from jmarshall.com/tools/cgiproxy ?
or a script from somewhere else? (where?)
.. or through a form at a web site? (where?)
--
E-Mail Sent to this address Griffin-Technologies.net>
will be added to the BlackLists.
|
| Show full article (1.04Kb) |
|
| |
no comments
|
|
|
Author: Shmuel (Seymour J.) MetzShmuel (Seymour J.) Metz
Date: Jan 7, 2007 04:11
>Subject: Ip is on your blacklist but we do not spam and cannot find
>the reason for it
Please include the list, record number and IP address in your subject.
>Our Ip address 216.57.139.34 has been blacklisted.
By whom? What was in the rejection message? If there was a URL, did
you read the web page?
I see from http://www.completewhois.com/rbl_lookup.htm that you are
listed in none of the lists that they monitor. However, I see two good
reasosn that someone would reject your traffic.
FCrDNS fails; the rDNS for 216.57.139.34 is
mail2.odysseys-unlimited.com, but there is no A record for that
domain.
The whois data at ARIN show an rwhois server of rwhois.veroxity.net
for 216.57.139.34, but that domain does not exist.
|
| Show full article (1.38Kb) |
|
| |
no comments
|
|
|
Author: btaylorbtaylor
Date: Jan 6, 2007 13:33
Hi Josh,
Thanks for the time to respond to my inquiry. The block by:
( http://www.uceprotect.net/en/)
Was the one I was most curious about since as you mention Spamcop was a
bit more specific.
I looked at the data on trustedsource and it looks a little weird. I
guess on the 29th more mail was sent from our addresses than usual and
then on the second of Jan a dramatic increase. I will look into this
at the office and see if it is true through the logs and questioning
users.
As for the spam traps I believe it couldn't have happened from this IP
address. We literally only respond to people who have specifically
asked for informatoin about a tour or individual correspondence of some
sort. I am looking into this to make sure but I'm pretty confident
this couldn't have happened (unless they set up sting operations of
some sort pretending to be someone who is interested in something and
then blcok them when they respond - hightly unlikely I would think).
|
| Show full article (4.06Kb) |
|
2 Comments |
|
|
Author: DC HartDC Hart
Date: Jan 5, 2007 19:13
On Fri, 5 Jan 2007 11:04:08 GMT, E-Mail Sent to this address will be
added to the BlackLists
opined:
> btaylor wrote:
>> Our Ip address 216.57.139.34 has been blacklisted.
>> Would someone please be more specific as to what caused
>> us to be blacklisted.
>
> That does not look (to me) like the IP of a ISP authorized
> mail server, that IP appears to have been emitting Spam.
>
>
> 216.57.139.34 -> host-216-57-139-34.customer.veroxity.net
> IP has generic rDNS PTR w/ short (8 Hours) TTL, IP is not SWIPed
> 216.57.128.0/19 , Direct Allocation , veroxity.net
> I believe that all of veroxity is static. I have a dhcp zone
exclusion on the /19.
|
| Show full article (1.22Kb) |
|
no comments
|
|
|
|
|
|
Author: Josh GrosseJosh Grosse
Date: Jan 5, 2007 03:01
On Fri, 05 Jan 2007 01:39:18 +0000, btaylor wrote:
> Our Ip address 216.57.139.34 has been blacklisted. We do not spam and
> almost all mail is direct correspondence with people who have emailed
> us on a one to one basis. We use a Domino server and I cannopt find
> the expression you indicate will help me to understand what we have
> done to get blacklisted.
>
> Would someone please be more specific as to what caused us to be
> blacklisted.
>
> Thanks
> Bill Taylor
Bill,
I don't know specifically which blocklist you're referring to here, but
quick research into that IP address shows that
1) TrustedSource classifies that address's e-mail output as "suspicious"
and has logged e-mail output is up over 1000%% in the last 24 hours. See
http://trustedsource.org/query.php?q=216.57.139.34
|
| Show full article (2.29Kb) |
|
no comments
|
|
|
|
|
|
Author: Bill Gates (Email to me without this is not spam in the subject is directed straight to the trash unread by automatic filters.)Bill Gates (Email to me without this is not spam in the subject is directed straight to the trash unread by automatic filters.)
Date: Jan 1, 2007 19:37
Johann Steigenberger wrote:
>>However, why be persnickety about use of DNS aliases?
>>Yes, it's an RFC 2181 Section 10.2 violation, but why is that
>>important?
>
> We have seen spammers overdoing that CNAME Game so that we had following
> situation:
>
> PTR shows to a CNAME which also shows to another CNAME at another doamin which
> also shows to a CNAME at next domain ... we stopped counting after the 100
> CNAME ... no idea how many domains that lamer also had, but the reason he did
> so was clearly to dare us....
Curious, who was that (i.e. what domain)?
In this case, there's just one alias in-between, and the name server
sends the A record it refers to in the initial response:
|
| Show full article (2.46Kb) |
|
no comments
|
|
|
|
|
