I have a client on my server from ThePlanet. That client sends a newsletter once a week to about 50,000 recipients with a program that i built. The list was purchased from a company that sells targeted directory listings.
Each email has a very clear opt out link, and one click takes them off the list. There is also a direct link to the contact form, as well as the information of the company sending the mass emails (me). This should satisfy all regulatory requirements to comply with existing laws.
Now, these emails have been sent once a week for about a month now. Today, ThePlanet issued a support ticket entitled "Abuse: Spam Source". It seems that there was a problem from aol, and one of the emails was redacted.
Reading through ThePlanet terms of service, it seems that they only allow closed system mass mailings. So now I am faced with a problem, because I have a client who expects to send out emails next week with a system i built, and I have a hosting provider that is demanding some sort of "proof" that these emails are solicited.
For the record, this newsletter isn't junk spam like selling viagra or pumping a stock. It is a free weekly summary of significant new york appellate cases, and it has been very well received by the attorneys on the mailing list. There have been ridiculously few opt outs ( < 2%), and there have been literally *hundreds* of emails coming back to show their gratitude for the free service. Not even one comment has been negative.
So what can I do now? A significant number of attorneys on this list are expecting the newsletter, but it cant be sent due to this problem.
The best that I could come up with so far is to send an "Opt in" mass email, where users must click the link to opt in, and everyone else would be removed from the mass email. I could then use the unique keys used for opt ins as "proof" for ThePlanet that the emails are solicited.
I just installed the latest version of PHPList (Email manager program) on our client's dedicated server. The dedicated server is using Linux with Apache and PHP version 4.4.4.
When I try to subscribe to the newsletter I am suppose to receive a confirmation email.
Unfortunately my company's email host blocks this email thinking it's spam and I so I never receive the confirmation email. I then installed the exact same version of PHPList on a shared server with Linux, Apache, and PHP 4.4.4. Using this setup I received the confirmation email.
So it seems like the server is the problem and not the software. The IP address of the dedicated server is not blacklisted. Actually the IP address just came into existence in January 2007.
It really makes no sense to me why emails coming from the dedicated server are marked spam, but emails coming from the shared server are fine. Both servers are hosted by Hostgator.
I am clueless as to what action to take next. Are there any server settings that could fix this problem? Any ideas is greatly appreciated.
Hi folks I am also facing with the Google Spam Issue the header of sample email sent by a form is as follows. Is there anything wrong in this header. I don't understand why the emails are marked spam?
One of my e-mail addresses - steve@acme.ie - is regularly marked as spam. My mail server is not blacklisted. My e-mails are always plaintext, and only sometimes have URLs in them.
Looking at my mail server health everything looks ok except for what I assume are reverse DNS entries for my domain. So I'm guessing this is the problem.
So...
1. Do I need to ask my hosting company (I have a dedicated server with the planet) to set up reverse DNS entries for all my domains, or can I do this manually? Note I use my own DNS server, I do not use the hosting company's DNS server.
2. Will it be a problem that all my domains (dublinjobs.ie, acme.ie, etc.) use the same IP?
One of my clients is trying to send an email to someone who has barracuda spam filter on their systems. the spam filter is rejecting the email and marking the IP address as poor.
The IP address that it is rejecting is not the address of the SMTP server but the PC address (Outlook client). is this normal to check the client pc IP address and not the SMTP server?
The response from the spam filter includes a link to check the IP address which reports the IP address status as "poor".
The problem is this IP address is a dynamic IP assigned by the clients ISP. I tried a couple of IP addresses within the same subnet and they all seem to be marked as poor.
Does anyone have any suggestions on how I can fix this issue?? I have included the (masked) response from the spam filter below:
Code: From: Mail Delivery System [mailto:Mailer-Daemon@my.webhostsserver.com] Sent: 21 May 2009 12:51 To: clientemail@clientdomain.com Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
to@emailaddress.com SMTP error from remote mail server after end of data: host mail3.emailaddress.com [193.XX.XXX.91]: 554 Service unavailable; Client host [my.webhostserver.com] blocked using Barracuda Reputation; [url]
------ This is a copy of the message, including all the headers. ------
Return-path: <clientemail@clientdomain.com> Received: from [82.XXX.XXX142] (helo=JohnD) by my.webhostsserver.com with esmtpa (Exim 4.69) (envelope-from <clientemail@clientdomain.com>) id 1M76nq-0002SF-Jh; Thu, 21 May 2009 11:51:17 +0000 From: "John Doe" <clientemail@clientdomain.com> To: "'Paul Smith'" <to@emailaddress.com> Cc: "'Someone Else'" <someoneelse@adomain.com> Subject: Week commencing the 30th June Date: Thu, 21 May 2009 12:51:09 +0100 Message-ID: <003601c9da0a$7365a865$5a30f920$@jdoe@clientdomain.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0037_01C9DA12.D53A1060" X-Mailer: Microsoft Office Outlook 12.0 Thread-Index: AcnaCm5j32za/IgbRHavuUl2ZVBwWA== Content-Language: en-gb
I have a dedicated server in which i host 4 web sites using plesk one of them is mysite.com. That one is also set for ns1.mysite.com ns2.mysite.com.
(all domain names below are just example names)
Dns records for my apple.com orange.com and banana.com uses ns1.mysite.com and ns2.mysite.com my name server is also in the same machine.
In orange.com dns settings are as follows.
Code: 80.111.11.11 / 24PTRorange.com orange.com.NSns1.mysite.com. orange.com.NSns2.mysite.com. orange.com.A80.111.11.11 orange.com.MX (10)mail.mysite.com. orange.com.TXTv=spf1 a mx include:gmail.com,yahoo.com,hotmail.com ~all ftp.orange.com.CNAMEorange.com. mail.orange.com.A80.111.11.11 webmail.orange.com.A80.111.11.11 www.orange.com.CNAMEorange.com. 80.111.11.11 is dedicated ip for orange.com.
The PROBLEM:
The thing is whenever the server sends email it is flagged spam by yahoo, hotmail etc. I have created SPF for my orange.com but it is still marked as spam...
I have checked dns report for both mysite.com and orange.com but they seem to be OK with no warnings either.
I want to create a spf record or make somthing so the emails does not marked as spam.
i have a issue on my WHM/Cpanel Linux Server. I have hosted few vbulletin and IPB forums. Problem is that, when someone REGISTERS the CONFIRMATION email is sent to JUNK/SPAM in Hotmail and Yahoo email boxes.
I have noted that The Confirmation emails sent from many other servers are NOT MARKED as spam by Yahoo and Hotmail email accounts. But the mails sent from My servers are marked as SPAM by default.
I have pasted the headers below:
Here are headers
Mails sent from this server works fine. Received-SPF: pass (google.com: domain of webmaster@vbulletin.org designates 209.62.16.134 as permitted sender) client-ip=209.62.16.134; Authentication-Results: mx.google.com; spf=pass (google.com: domain of webmaster@vbulletin.org designates 209.62.16.134 as permitted sender) smtp.mail=webmaster@vbulletin.org
Mails sent from this server are sent to SPAM folder by default:
Received-SPF: neutral (google.com: 66.90.101.249 is neither permitted nor denied by domain of zahidon_4u@yahoo.com) client-ip=66.90.101.249; Authentication-Results: mx.google.com; spf=neutral (google.com: 66.90.101.249 is neither permitted nor denied by domain of zahidon_4u@yahoo.com) smtp.mail=zahidon_4u@yahoo.com
One thing i am sure is there is something that needs to be fixed in WHM. Some option but i am not sure of that.
my perfectly legitimate emails are being marked as spam. I have no clue why. I run postfix, all hostnames are supposedly configured correctly.
Here's the headers
Quote:
Delivered-To: email@mapletip.com Received: by 10.114.121.9 with SMTP id t9cs693254wac; Sat, 4 Aug 2007 18:44:05 -0700 (PDT) Received: by 10.90.54.4 with SMTP id c4mr3981359aga.1186278245304; Sat, 04 Aug 2007 18:44:05 -0700 (PDT) Return-Path: <email@mapletip.com> Received: from localhost.localdomain (251.102.232.72.static.reverse.ltdomains.com [72.232.102.251]) by mx.google.com with ESMTP id 6si5888223agb.2007.08.04.18.44.04; Sat, 04 Aug 2007 18:44:05 -0700 (PDT) Received-SPF: pass (google.com: domain of emailsupport@mapletip.com designates 72.232.102.251 as permitted sender) Received: from www.mapletip.com (localhost.localdomain [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 7AB1448224 for <life@mapletip.com>; Sat, 4 Aug 2007 20:44:23 -0500 (CDT) Date: Sat, 4 Aug 2007 20:44:23 -0500 To: test@mapletip.com From: MapleTip Email Support <email@mapletip.com> Reply-to: email@mapletip.com Subject: MapleTip Site - Question Message-ID: <8ceb3a16956f9d6e147d3c4f81ca0747@www.mapletip.com> X-Priority: 3 X-Mailer: PHPMailer [version 1.73] MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/html; charset="iso-8859-1"
I have a dedicated server in which i host 4 web sites using plesk one of them is mysite.com. That one is also set for ns1.mysite.com ns2.mysite.com.
(all domain names below are just example names)
Dns records for my apple.com orange.com and banana.com uses ns1.mysite.com and ns2.mysite.com my name server is also in the same machine.
In mysite2.com dns settings are as follows.
Code: 80.111.11.11 / 24PTRorange.com orange.com.NSns1.mysite.com. orange.com.NSns2.mysite.com. orange.com.A80.111.11.11 orange.com.MX (10)mail.mysite.com. orange.com.TXTv=spf1 a mx include:gmail.com,yahoo.com,hotmail.com ~all ftp.orange.com.CNAMEorange.com. mail.orange.com.A80.111.11.11 webmail.orange.com.A80.111.11.11 www.orange.com.CNAMEorange.com. 80.111.11.11 is dedicated ip for orange.com.
The PROBLEM:
The thing is whenever the server sends email it is flagged spam by yahoo, hotmail etc. I have created SPF for my orange.com but it is still marked as spam...
I have checked dns report for both mysite.com and orange.com but they seem to be OK with no warnings either.
I want to create a spf record or make somthing so the emails does not marked as spam.
I am dealing with a situation which i cannot understand. I am running an website for a resort and occasionally i am sending e-mail stop the people who book villas using the website. By occasionally i mean last year i sent 2 e-mail campaigns with a proper spam score.
However, at this moment, even the e-mails that i receive from the website's contact form arrive as Junk into Gmail for example.
I'm a web programmer with little knowledge of server maintenace, tasks, configurations, etc.
I run a website hosted a dedicated box with godaddy. It appears my MAX SMTP limit (25,000) is reached at times. I know for a fact my subscribers are not generating this many emails.
1) Is there a way I can see a log file all of the email messages that were sent using my SMTP qmail account?
2) I've entertained the possibility that someone has "hijacked" my qmail account and is using it send out spam messages?
Any help in being able to get to a log for qmail or to run some other kind of diagnosis to figure out what's exactly going on with my server and why my max smtp limit is reached constantly.
We have server in limestonenetwork for couple months, everything good until several abuse issues to our IP for several times recently. Based on instruction from Ryan A., Abuse Department Manager, I have suspend/terminate the suspected accounts in timely manner, each time there's abuse issue.
But today surprisingly, they terminate our server immediately without prior notification. I fully understand that this is my fault not to watch our hosting client for abuse issues.
I only need to get the data back for several hours so I can move the data to other server. Based on their tos limestonenetworks.com/service_info/tos.html I did not see any about temporary data restore so I think we still have right to get our data back.
question
is it true that I can not have my data back at all based on their tos ? since I can not find this matter mentioned on their tos.
Last week my VPS hosting provider has suspended my server because of a SPAM petition made by spamcop.com.
The problem is that the incriminated spam message was not sent from any IP adress of my VPS, or a domain hosted on my VPS. Still this, my ISP has suspended my server without sending me any warning e-mail.
Only guilt that i have is that the spammer found some e-mail adresses in one webportal hosted by my server and he mentioned this on the last 2 lines of the message: "This message was sent to you be cause we found your e-mail adress on a public website and this website is....www.somewebsite.com.
The admins of my ISP didn't asked me about the potential fraud and closed my VPS for almost 24 hours without warning me. I was in vacantion for 10 days and i didn't know about the fact that my clients are in trouble.
Now i'm asking you: Does the ISP made a right thing suspending my VPS only because on of my hosted domains was mentioned in the spam message, and no IP adresses or domains names of my VPS were in the X-Originating-IP header lines?
Apparently smtp servers from other countries are using our email addresses in the 'reply to'. Because of this much failed messages replies (message is blocked; user doesn't exist) are returned to our email accounts. Is there a way to handle abuse like this? We aren't an open relay but for some reason all the mail is coming back to us. Is there a way to combat this?
I was wondering what other people did to prevent their networks from being used as platforms for network abuse. I just setup an inward facing snort server, myself- But I was wondering what other providers (especially other low-cost VPS providers)
I got Abuse issue Tickets from FDC today, Which i have install new OS few days ago, only have 2 website i know they would not send out any spam email or anything..
Due to the below email, their is an abuse issue with your server. You have 24hrs to respond on how you will correct this issue before we null route the ip. Further complaints, without action may result in deactivation of your server.
Thanks for your cooperation.
--begin disclaimer You are receiving this message because you are listed as contact of one of the networks or domains involved in this incident. If you are not the correct contact please ignore this message. --end
Dear Mr,
Please investigate the incident described in the following partial log, giving the treatment as your AUP permit, reporting the measures to all recipients of this message.
In case of non acceptable treatment or reincidence, it will be taken restrictive measures to protect .BR registry.
The port in question was 10000 - registered in IANA[2] for: Network Data Management Protocol
The e-mail contact it was gotten by the following consultation: whois -h whois.lacnic.net 66.90.101.xxx Whois-----------------------------------------------------------------------
% Joint Whois - whois.lacnic.net % This server accepts single ASN, IPv4 or IPv6 queries
OrgName: FDC Servers.net, LLC OrgID: FDCSE Address: 141 West Jackson Blvd, Suite 1135 City: Chicago StateProv: IL PostalCode: 60604 Country: US
OrgAbuseHandle: ABUSE438-ARIN OrgAbuseName: ABUSE department OrgAbusePhone: +1-312-913-9304 OrgAbuseEmail: abuse@fdcservers.net
OrgNOCHandle: NOC1402-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-312-913-9304 OrgNOCEmail: abuse@fdcservers.net
OrgTechHandle: PKR5-ARIN OrgTechName: Kral, Petr OrgTechPhone: +1-630-729-0228 OrgTechEmail: abuse@fdcservers.net
# ARIN WHOIS database, last updated 2008-01-22 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Logs----------------------------------------------------------------------- Jan 22 11:51:08.961984 66.90.101.xxx.59733 > xxx.xxx.2.8.10000: S [tcp sum ok] 1684154077:1684154077(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117, id 47077, len 48) Jan 22 11:51:08.962002 66.90.101.xxx.59733 > xxx.xxx.2.15.10000: S [tcp sum ok] 2112584473:2112584473(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116, id 54111, len 48) Jan 22 11:51:08.962018 66.90.101.xxx.59733 > xxx.xxx.2.11.10000: S [tcp sum ok] 784051742:784051742(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117, id 34960, len 48) Jan 22 11:51:08.962043 66.90.101.xxx.59733 > xxx.xxx.2.16.10000: S [tcp sum ok] 188686613:188686613(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117, id 8194, len 48) Jan 22 11:51:08.962057 66.90.101.xxx.59733 > xxx.xxx.2.10.10000: S [tcp sum ok] 1829533742:1829533742(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117, id 26158, len 48) Jan 22 11:51:08.962080 66.90.101.xxx.59733 > xxx.xxx.2.12.10000: S [tcp sum ok] 1559560773:1559560773(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 116, id 4558, len 48) Jan 22 11:51:08.962093 66.90.101.xxx.59733 > xxx.xxx.2.9.10000: S [tcp sum ok] 60930635:60930635(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl 117, id 551, len 48) Jan 22 11:51:08.965238 66.90.101.xxx.59733 > xxx.xxx.2.3.10000: S [tcp sum ok] 1935758257:1935758257(0) win 65535 <mss 1460,nop,nop,sackOK> (ttl
How do you handle your postmaster and abuse addesses for each of your shared hosting accounts? I obviously dont want to receive them all as root and i dont have catchall accounts enabled. I was thinking about setting up aliases to point to their cpanel username account, but i dont know about you, but i hate those accounts and i highly doubt my clients are going to ever check them. These addresses seem to be high targets for spam as well. I have an anti-spam solution, but high volume targets still let a bit of spam through.
One of the sites I help run has 1.5 million pages of parts that can be ordered and information about those parts. We started seeing a ton of hits at around 20-30 pages per second over the past couple days.
There is no information about them on the internet and they are also masking as GoogleBot.
Be on the lookout as I am pretty sure they are trying to steal content and post it up for search results. They are using Amazon EC2 servers to do it also.
This is how they are identifying themselves: Mozilla/5.0 (compatible; Adtuitionbot/1.0; +http://www.google.com/bot.html)"
Offending IPs: 174.129.155.59, 72.44.52.93
In a 24 hour period, we blocked 408,821 requests from them.
Recently we received reports of spam being sent out in massive amounts from an old IP address we had with DedicatedNow/FortressITX, apparently the IP still has reverse DNS setup for our domain name for some reason and we are still receiving spam reports.
I have sent them two emails/tickets, which were logged into their ticket system and have had no response from them in regards to this. They have not taken any action because I am still receiving spam reports from the same IP address, surprising they have not taken any action towards spam on their servers.
I have also requested that they remove the reverse DNS entry, no response to that as well.
Emails were sent with the spam reports from junkemailfilter.com.
Perhaps this will get their attention and they will look into the problem and put a stop into the spam issue.
