trying to send and email to myself at work returned the following:

dean@roundrockisd.org
SMTP error from remote mailer after MAIL FROM:<dean@ourspot.net>:
host mailscan1.roundrockisd.org [209.184.141.15]:
550 Denied by policy: Sender is listed on DNS-based RBL


ARGH!
does this mean what I think it means? that the domain ourspot.net is now being refused by the mail server?
how does that happen? how can i fix it? it worked fine yesterday- what changed?!?! does this mean someone's distributing mass mail and spoofing my domain? or that someone's actually abusing the domain mailserver?
HELP!!!!

in case it is an issue for others on the same server


Jamie Shurett




Posted on 28 Jul 2004 10:27 AM
We will look into this issue for you and will be getting back with you shortly.
Dean Baker




Posted on 28 Jul 2004 11:07 AM
additional info
spamcop claims ip: 69.90.122.135 has sent spam in the last 7 days.

(paraphrased by district IT staff)
Jamie Shurett




Posted on 28 Jul 2004 11:16 AM
How it got listed: Some how your domain got black listed due to a spammer, more than likely someone bootlegged your domain and used it to send thousands of spam wich in turn caused anti spam depts to blacklist your domain.

How to fix:
Since the receiving server does not belong to us, you will have to contact the recieving server's administrator and get your domain taken off the black list. We unfortunately have no control over this at all.
Dean Baker




Posted on 28 Jul 2004 11:47 AM
but how did they bootleg it?
I mean, if understand correctly, its not just my domain, but the IP address of the virtual host that's being blacklisted. which means anyone else on that server will have the same problem. it also means that it was AOH's smtp service that was jacked.

... if I understand the situation correctly.
Dean Baker




Posted on 28 Jul 2004 11:53 AM
yup, its not just my domain its inetsrv9.gahost.com

ref:
http://www.senderbase.org/?searchBy=ipaddress&sb=1&searchString=69.90.122.135
http://openrbl.org/#69.90.122.135
http://www.spamcop.net/w3m?action=checkblock&ip=69.90.122.135

I replied to Dean's ticket about this, but for other inetsrv9 customers, I wanted to go ahead and let you know what's what here as well.

One of our customers on this server had a site that was setup very insecurely. This domain was "hijacked" and used to send out spam. The issue has been addressed and we do not expect to see any more spam sent from this server. Spamcop won't remove us before their automatic removal at 48 hours, which puts it at some time tomorrow. If the issue continues past then, we'll take additional steps with them to find out what needs done.

Please accept our sincerest apologies for the inconvenience this has caused. It affects us on many levels... aoh.com is on that server as well, so we feel your pain as well as our own and will do everything we can to make sure this goes away as soon as possible.

If you have any questions, please contact us at the helpdesk (http://alphaomegahosting.com).

if it was a hijacking- could you share what steps were taken to correct it and how to avoid it in the future?

if it was a user doing it- could you "accidentally" post their name, phone, address, picture, family, pets, etc..

The issue has been corrected. Let's just say it's not a good idea to set up a demo account when we tell you not to, especially when you register a domain specifically for it (since we have the option to use demo accounts turned off) and then publish the username and password on your main website. Appropriate measures to make sure this does NOT happen again have been taken, so I don't think it's necessary to have any "accidents".

UPDATE:

The spamcop listing has been removed.