PDA

View Full Version : NTL's MTA is blacklisted ?


pcpilot
13-06-2004, 11:20
Hi All,

Just got this message from a friend who tried to send me an e-mail :-


This Message was undeliverable due to the following reason:

Each of the following recipients was rejected by a remote mail server.
The reasons given by the server are included to help you determine why
each recipient was rejected.

Recipient: <xxxxxxxxx@xxx.net>
Reason: rejected because 62.253.162.42 is in a black list at bl.spamcop.net Blocked - see http://www.spamcop.net/bl.shtml?62.253.162.42 (http://www.spamcop.net/bl.shtml?62.253.162.42)


Please reply to Postmaster@ntlworld.com (Postmaster@ntlworld.com)
if you feel this message to be in error.


nslookup on the IP resolves to mta02-svc.ntlworld.com

Could one of our resident gurus confirm / deny that this is the case ?

Bests
PC

eastwind
13-06-2004, 11:26
NTL has also been blacklisted by www.apnic.net (http://www.apnic.net/), this is the site you use to look up the locoation of IP addresses. I tried to search for an IP address and all I got was this:

%ERROR:201: access denied for 202.12.29.20%% Sorry, access from your host has been permanently denied% because of a repeated abusive behaviour.% Please contact <helpdesk@apnic.net> for unblocking.

The originating NTL server is 80.5.160.7 which is NTL Baguley, I wonder who has done what to APNIC to deserve this?

pcpilot
13-06-2004, 11:35
202.12.29.20 is nori.apnic.net, so it's one of their own servers.

Bests
PC

greencreeper
13-06-2004, 11:39
I'm none too keen on the Spamcop list - lot of false positives. Seems to be the muppet's favourite - "<mailwasher user> Coooo look a newsletter I asked for but can't remember asking for - blacklist the sender"

Paul
13-06-2004, 12:54
62.253.162.42 listed in bl.spamcop.net

Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

.
.

Listing History
It has been listed for 2.4 days.


and yes, it is one of NTL's mail server IP addresses.

Matth
13-06-2004, 22:55
Looked it up here http://www.openrbl.org - 7 positives
The BLARS code, means a spam sending domain, with no working abuse address.
DSBL.org have it as a relay, but it looks like all the tests have been made from an NTL IP address - so of course it relays!

swoop101
13-06-2004, 22:58
Don't try sending e-mails to most of Greece/ Rhodes either because NTL are blacklisted there as well. :(

nate
13-06-2004, 23:55
Report it to the AUP team.
aup@ntlworld.com

They will contact the relevant providers/blacklist databases to attempt to get the block removed.

greencreeper
14-06-2004, 01:37
I'm none too keen on the Spamcop list - lot of false positives. Seems to be the muppet's favourite - "<mailwasher user> Coooo look a newsletter I asked for but can't remember asking for - blacklist the sender"

Just received a newsletter from Maplin - a newsletter that I subscribe to as a customer. It was marked as spam. I checked the headers - "SPAM SPCOP 195.92.230.65". I checked spamcop's database: "SpamCop users have reported system as a source of spam less than 10 times in the past week". I ought to have a crystal ball :D

pcpilot
14-06-2004, 13:29
Thanks all, I'll get on to AUP.

Bests
PC

SMHarman
14-06-2004, 13:55
Just received a newsletter from Maplin - a newsletter that I subscribe to as a customer. It was marked as spam. I checked the headers - "SPAM SPCOP 195.92.230.65". I checked spamcop's database: "SpamCop users have reported system as a source of spam less than 10 times in the past week". I ought to have a crystal ball :D

I think this is down to :dunce: reporting mails they have subscribed to as spam, instead of unsubscribing.

Nutty
14-06-2004, 14:53
My mate at work was getting spam from an ntl broadband customer. Either he was a dumb spammer, or his PC was taken over. I forwarded the details to abuse@ntlworld.com.

abailey152
14-06-2004, 15:01
I'm none too keen on the Spamcop list - lot of false positives. Seems to be the muppet's favourite - "<mailwasher user> Coooo look a newsletter I asked for but can't remember asking for - blacklist the sender"
I don't think I'm too impressed with that comment! I use MailWasher, but I'm very careful as to what I report to spamcop. :mad:

I've only ever had a couple of false positives on the default blacklist, and that is because the whole domain was blacklisted when it should really have been a sub-domain. It tends to be 99.9% correct. Okay, not good if you are the holder of the 0.1% of domains incorrectly blocked, but it isn't bad.

greencreeper
14-06-2004, 20:55
I don't think I'm too impressed with that comment! I use MailWasher, but I'm very careful as to what I report to spamcop. :mad:


If so, then you're not a muppet user :) Peace!

What annoys me is that people (lots of them) are reporting newsletters and other solicited email as spam because they cannot remember subscribing, didn't read the small print when signing up for something, or can't be arsed unsubscribing. Mailwasher annoys me further by facilitating this "muppet reporting" - i.e. it makes it very easy to report "spam". It's undermining efforts to combat spam. I have issues with the accuracy of open (i.e. public submissions) blacklists in general anyway.

My email client, The Bat!, has a built-in email pre-viewer like mailwasher, but unlike mailwasher it actually works and has lots of useful features. Apologies in advance to any mailwasher fans :)

abailey152
15-06-2004, 01:41
This is a catch-22 situation. You either encourage people to report spam, and then audit their responses, or you make it more difficult to report, and get less people involved.

It's difficult to find a way around this, except throw resources at it. I agree that many users just cannot be trusted to audit their own reports correctly, so I think organisations like Spamcop need to do a little checking of their own before adding IP addresses to their blacklist.

greencreeper
15-06-2004, 03:04
This is a catch-22 situation. You either encourage people to report spam, and then audit their responses, or you make it more difficult to report, and get less people involved.

It's difficult to find a way around this, except throw resources at it. I agree that many users just cannot be trusted to audit their own reports correctly, so I think organisations like Spamcop need to do a little checking of their own before adding IP addresses to their blacklist.

There are different sorts of blacklist. It's acknowledged that the public, open lists, such as Spamcop, that anybody can submit an offending server to, are more prone to false positives and malicious reporting. Other lists, such as those that maintain honey traps and blacklist any server that sends emails to the traps, are generally more accurate. What's really needed is better legislation and a stronger system for monitoring spam and blacklisting those servers that send spam, allow it to be sent or are misconfigured in a way that assists spammers. I'm thinking agencies whose purpose it is to maintain [a] "definitive" list[s]. Currently Spampal has something like sixteen different lists and the list of lists is constantly changing - the smaller lists often "disappear" because of the overheads involved.

nate
15-06-2004, 04:25
Being almost totally self legislating, as we know it now, the internet really does rely on people trusting other people.

But how can we trust other people to accurately block spam, when it's people that are sending out the spam in the first place.

Bah.

What we need (which we'll probably never get) is a government (or co-ISP established) body that runs an operation like Spamhaus. But, it'd be too costly, what'd you rather, extra taxes (or higher ISP subscriptions), or to spend 10 minutes a day deleting spam?

I personally agree with the AOL/M$ story that is developing at the moment, where (to cut a long story short) apparently they're starting to work together to re-invent the SMTP protocol, which will prevent spam, or at least, spam on a large scale.

Man i'm so drunk.

SMHarman
15-06-2004, 09:43
I personally agree with the AOL/M$ story that is developing at the moment, where (to cut a long story short) apparently they're starting to work together to re-invent the SMTP protocol, which will prevent spam, or at least, spam on a large scale.

So that will become BMTP, bloated mail transfer protocol?

nate
15-06-2004, 10:44
So that will become BMTP, bloated mail transfer protocol?

hah! probably.
But guaranteed someone will come up with an opensource alternative.

greencreeper
15-06-2004, 16:02
I personally agree with the AOL/M$ story that is developing at the moment, where (to cut a long story short) apparently they're starting to work together to re-invent the SMTP protocol, which will prevent spam, or at least, spam on a large scale.


Doesn't sound good if only AOL and Microsoft are involved. It'll be like at the moment where you have the standard version of a program and the AOL version because AOL ignores the RFCs and does it likes. Proprietary doesn't work on the Internet. Should be interesting to see what develops.