One of my customer's is having an issue with Spam Cop. Folks trying to e-mail their domain from Insight are receving the following error:


From: Mail Delivery System <MAILER-DAEMON@asav07.manage.insightbb.com>
Date: May 4, 2006 7:52:26 AM EDT
To: yyy@insightbb.com
Subject: Delivery Status Notification (Failure)

The following message to <xxx@xxx.org> was undeliverable.
The reason for the problem:
5.1.0 - Unknown address error 550-'Message rejected because (asav07.manage.insightbb.com) [12.241.0.4] is\nblacklisted at bl.spamcop.net see Blocked - see\nhttp://www.spamcop.net/bl.shtml?12.241.0.4'
Final-Recipient: rfc822;xxx@xxx.org
Action: failed
Status: 5.0.0 (permanent failure)
Diagnostic-Code: smtp; 5.1.0 - Unknown address error 550-'Message rejected because (asav07.manage.insightbb.com) [12.241.0.4] is\nblacklisted at bl.spamcop.net see Blocked - see\nhttp://www.spamcop.net/bl.shtml?12.241.0.4' (delivery attempts: 0)
Reporting-MTA: dns; asav07.manage.insightbb.com

I have obscured the actual e-mail addresses. The question I have is that I dod not have any Spam protection configured for this domain, so i assume this is happing before it gets to my mail (i.e. at the AOH level). I am asking them to bang on Insight to get it resolved from their end, but is their anyway to put the mail server on a whitelist at least for my clients domain?

Here is the spamcop link for the problem child:
http://www.spamcop.net/bl.shtml?12.241.0.4

Thanks!

You are correct, this happens at the server level before we prepare to deliver the message into your inbox. The good news, for your client, is that spamcop blacklists expire very quickly, usually 24-48 hours after your client is no longer found to be sending spam. It might be a good idea for them to ensure that there are no infected pc's on their network acting as a bot and spewing messages onto the internet. There are several workarounds we have to permit message reception for your site. We can either avoid blacklist checking for any messages coming to your domain or we can specifically accept messages coming from their IP address. To have either of those configured, please contact us at support.

Thanks for the quick reply, I'll send a request through support (the affected accounts are all insight cable accounts in Northern Ky which represents a LOT of the folks that need to ontact the church). It looks like it is some bot, since the time till it expire keeps bouncing up (i.e. looks like it is hitting the secret spamcop addresses every few hours).

Just as an FYI, how widespread is the use of Spam Cop?

So how do we get this block lifted? Does Spamcop have /all/ of insightbb.com blocked? That's quite a lot of people ...

rvh@linux:~> whois 12.241.0.4

OrgName: AT&T WorldNet Services
OrgID: ATTW
Address: 200 S. Laurel AVE.
City: MIDDLETOWN
StateProv: NJ
PostalCode: 07748
Country: US

NetRange: 12.0.0.0 - 12.255.255.255
CIDR: 12.0.0.0/8
NetName: ATT
NetHandle: NET-12-0-0-0-1
Parent:
NetType: Direct Allocation
NameServer: DBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: DMTU.MT.NS.ELS-GMS.ATT.NET
NameServer: CBRU.BR.NS.ELS-GMS.ATT.NET
NameServer: CMTU.MT.NS.ELS-GMS.ATT.NET
Comment: For abuse issues contact abuse@att.net
RegDate: 1983-08-23
Updated: 2002-08-23

RTechHandle: DK71-ARIN
RTechName: Kostick, Deirdre
RTechPhone: +1-919-319-8249
RTechEmail: help@ip.att.net

OrgAbuseHandle: ATTAB-ARIN
OrgAbuseName: ATT Abuse
OrgAbusePhone: +1-919-319-8130
OrgAbuseEmail: abuse@att.net

OrgTechHandle: ICC-ARIN
OrgTechName: IP Customer Care
OrgTechPhone: +1-888-613-6330
OrgTechEmail: jeanbaptiste@att.com

OrgTechHandle: IPSWI-ARIN
OrgTechName: IP SWIP
OrgTechPhone: +1-888-613-6330
OrgTechEmail: help@ip.att.net

# ARIN WHOIS database, last updated 2006-05-07 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
rvh@linux:~> rvh@linux:~> nslookup 12.241.0.4
Server: 192.168.2.1
Address: 192.168.2.1#53

Non-authoritative answer:
4.0.241.12.in-addr.arpa name = gateway.insightbb.com.

Authoritative answers can be found from:
241.12.in-addr.arpa nameserver = ns1.asp.att.net.
241.12.in-addr.arpa nameserver = ns2.asp.att.net.
241.12.in-addr.arpa nameserver = ns3.asp.att.net.
241.12.in-addr.arpa nameserver = ns4.asp.att.net.
ns1.asp.att.net internet address = 204.127.198.5
ns2.asp.att.net internet address = 216.148.227.75
ns3.asp.att.net internet address = 204.127.202.5
ns4.asp.att.net internet address = 63.240.76.5

rvh@linux:~>

Please read my initial reply. The spamcop block is a matter between insight and spamcop. We use the list to block spam with. Customers with mail reception issues should contact support to have their domain's spam blocking disabled.

"Contact support"? Which "Support"? I can't get past the first level of script-readers at insight - and none of them have a clue what I'm talking about.

The spamcop Blacklisting has since been picked up by other lists and more of the net becomes unreachable every day.

I am sorry, I should have made this more clear.

If you are an AOH customer having problems receiving emails from blacklisted domains and wish to have the blacklisting checks removed from your domains, please contact AOH support at http://www.alphaomegahosting.com/support/

"Contact support"? Which "Support"? I can't get past the first level of script-readers at insight - and none of them have a clue what I'm talking about.

The spamcop Blacklisting has since been picked up by other lists and more of the net becomes unreachable every day.

Bear in mind that AOH can "fix" it so that folks blacklisted on Spam Cop can e-mail to a domain hosted by AOH. But they can do nothing to solve the underlying problem. I tried communicating to my clients this fact, and that they need to fix it at Insight so that they can ail to other domains, but as you mentioned, big ISPs don't always know what to do. :)

One other point, yes the ip address was an AT&T address, but it is used by our local insight to send e-mail.

BTW, How prevalent is Spam Cop use in the web world? Does anyone know?