<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Hi.<br>
<br>
I guess the maintainers of the mailing list could contact five-ten and
get removed from the list.<br>
When the company I work for moved buildings, our new IP address given
to us by our new ISP was already on FIVE-TEN's block list.<br>
I contacted them and once I had the reverse resolve name of our IP
changed to reflect it was a statically assigned address we were removed
from the list with minimal fuss.<br>
So I was thinking something similar could be done.<br>
<br>
I of course can just white-list this particular mail server, but the
mailing list maintainers may feel they want to have the site removed
from the black list.<br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="1000">----------
Jim Barber
DDI Health
</pre>
<br>
<br>
Lew Wolfgang wrote:
<blockquote cite="mid:46CA7C53.5050000@sweet-haven.com" type="cite">
<pre wrap="">Hi Jim,
Well, it happened to me too. One of my sites hosts email
for a small research company. This past Saturday I noticed
that a message from the president to his sister on hotmail.com
was rejected as being spammy. A quick check showed that we
were listed on apews.org with the reason being that another
host on our subnet was caught spamming, but is now shut down.
Further, it's a /17 subnet! 32,765 other innocent sites
(potentially) were judged guilty by association! Microsoft's
web site said the thing to do was implement SPF, which I
did and after registering with Microsoft, was able to send
mail to hotmail/msn addresses. SPF overrides a hit from
a DNSBL in Microsoft's world, I guess.
Then, this evening, we had another spammy bounce from an att.net
address. This time, we're also listed in blackholes.five-ten-sg.com
for the same "guilt by association" rationale. I guess they got
mailscanner.info with the same broad brush. I see that 83.98.192.7
is in apews.org too.
It's not right that innocent mail users and smtp sites have
to change IP addresses and/or hosting companies to get away from
spam-by-association. I also don't think that customer complaints
to the likes of att.net and Microsoft would carry much water.
So what are we to do?
Lew Wolfgang
Jim Barber wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi all.
Last night I noticed that most (all?) of my incoming posts from this
list were tagged as spam (despite having really low scores).
I found the cause was due to an RBL server that I use having listed one
of the email servers this list comes from.
The MailScanner server that is getting black listed is: 83.98.192.7
which reverse resolves to safir.blacknight.ie
The RBL server that I am using is blackholes.five-ten-sg.com
This one I've added myself, but I am reluctant to remove it since so far
over the months it has served me well.
If you go to <a class="moz-txt-link-freetext" href="http://www.five-ten-sg.com/blackhole.php">http://www.five-ten-sg.com/blackhole.php</a> and enter
83.98.192.7 into the form it comes back with the following:
------------------------------------------------------------
IP address 83.98.192.7 is listed here as 83.98.192.165 misc.
Although there may be other reasons, most of the listings in this
category are due to
(1. systems apparently sending bulk mail from ip addresses with bogus or
missing reverse dns, or with no web server, or with boilerplate web
content, or
2. a suspected multistage relay output, or
3. machines probably running MS SMTPSVC with an open guest account, or
4. running some open proxy), or it is in the same /24 subnet containing
multiple machines with that property.
------------------------------------------------------------
The 'misc' (127.0.0.9) return code is defined by the site as:
------------------------------------------------------------
misc - Miscellaneous includes (but is NOT limited to) the following groups.
Note that this does NOT include misc.spam which is listed under spam above.
1) /24 blocks of addresses containing systems that are apparently
sending bulk email (in volumes apparently comparable with the volume
from AOL, Earthlink, Google), with any of the following attributes:
missing or bogus reverse dns, reverse dns names in domains with no web
server, or domains with boilerplate web content.
2) Systems that are strongly suspected of being multistage open relays
(where I have not been able to identify the input stage) or open proxies.
3) Any system that delivers spam here, that appears to be running MS
SMTPSVC, and that appears to have relayed the message from China, Korea,
Brazil, or any known open proxy.
These are generally systems that have enabled the guest account, and
spammers are using them as open relays, even though they do require SMTP
AUTH.
Enabling the guest account allows anyone to relay thru them.
------------------------------------------------------------
Is this the correct place to report it to?
It's sort of ironic having an anti-spam list ending up marked as spam.
Oh well.
Regards,
</pre>
</blockquote>
<pre wrap=""><!---->
</pre>
</blockquote>
</body>
</html>