Forum Moderators: phranque
Also, I tried to setup the same email account using other five (5) different IP -- from different offices, from different companies, from different IP providers -- I noticed the same problem happened.
4 out of 5 IP were blacklisted -- It reads in spamhaus.org "listed in the XBL, because it appears in CBL"
Is anybody experiencing something similar that?
As it happens for just one of my email account -- that means for just one of my hosting providers -- I feel if it is not a common practice for hosting providers using spamhaus controls -- sbl lists -- on shared hosting.
Any ideas or advice on that will be strongly appreciated.
Thanks
Is anybody experiencing something similar that?
Yes, it has happened to us a few times.... and it was a real pain the **s. Eventually, I got somebody on the phone from spamcop or spamhaus and they told me exactly what the issue was and how to fix it on the mail server. But, I do not have control of the mail server and it took some convincing to get the admin dude from a giant telco to change the settings on the mail server. But ever since then I have never had a problem with blacklisting.
[edited by: Rugles at 3:43 pm (utc) on June 3, 2009]
I can say it has never been used for any spamming practices.
Never been used by you - how *sure* are you that your server and your local computers are secure and have not been intruded on, abused for spamming? Most spammers work this way, silently hack a script on a site and abuse it for spamming, leaving you with the mess. If it were me the first thing I'd probably do is check out this possibility or all your de-listing work will be in vain.
Most spammers work this way, silently hack a script on a site and abuse it for spamming, leaving you with the mess
Do you mean my hosting provider -- where I am hosting my website mydomain.com -- could have been abused for spamming?
However, the email experiencing problems is the one provided by my hosting provider
-- i.e. account at mydomain.com.
They -- hosting provider -- told me the problem is with my IP. Please, note, my IP provider -- connectivity provider -- is other than hosting provider.
So, assuming what my hosting is saying is true, the problem would not be originated with a script on my website.
I suppose I should submit the problem to my IP provider.
Please tell me if I am missing anything.
Thanks
Do you mean my hosting provider -- where I am hosting my website mydomain.com -- could have been abused for spamming?
Correct. I'm a little confused by the last post, so to clarify:
Internet connection IP address - Your ISP modem. Generally this is a dynamic IP address assigned by the ISP, but there are some that offer static IP's. If **this** is the offending IP, then yes, the problem is with the Internet service provider OR something else. That "something else" could be internal to the ISP, you could have a virus on your computer that is allowing your computer to be used as a robot, or as simple as someone hacking your wireless connection. But I don't think that's what we're talking about here.
Web site IP address, which you're referring to as "hosting provider" - This is what I am guessing is the problem IP. If someone, say, hacks into another web site on this shared server and gains access to the overall system, or your site is vulnerable via XSS or public scripts, they could be using your dedicated IP/website to email spam.
However, the email experiencing problems is the one provided by my hosting provider -- i.e. account at mydomain.com.
**usually** the mail.example.com IP address is the the same IP address as the site, example.com.
Let me give you one simple, and very common, example.
You have a contact script on your site that works fine, but the input data is not filtered properly. The visitor inputs their email address so you can respond. It passes the visitor's email address through unfiltered to the mail routine. The mail routine only has
To: company
From: visitor
Subject: subject
(message body)
So through encoding, let's say I can pass newlines through your script in the "from" field. do something that would give you this effect:
me@example.com\nbcc:address1@example.com
I've just created a "bcc" field, so now your mail headers will look like this:
To: company
From: visitor
bcc:address1@example.com
Subject: subject
(message body)
Multiply that by 1000 . . .
bcc:address1@example.com,address2@example.com,address3@example.com ....
You receive one email, because that's what BCC does. Unknown to you, the sender has spammed "example.com" with 1000 email addresses. And they all come from your email address, your dedicated IP.
This is just *one way* and fairly easy to fix, but there are hundreds of ways your domain could be being abused for sending spam. Given the overall state of Life, the Universe, and Everything, I suggest this is the most likely possibility, you have insecure or vulnerable scripts, OR your domain is being accessed via the same from other domain accounts on the same server.
...Internet connection IP address - Your ISP modem. Generally this is a dynamic IP address assigned by the ISP, but there are some that offer static IP's. If **this** is the offending IP, then yes, the problem is with the Internet service provider OR something else...
Yes, my Internet connection IP address is static. (The number does not change)
And this was the IP blacklisted by spamhaus. So I think I have to ask my ISP what did happen with it as well as get them to contact spamhaus for delisting it.
I would like to clarify, the problem arose -- and I knew about it -- when setting up a new email account in Outlook on my PC, my hosting/email provider denied the use of SMTP because they said my IP was on spamhaus lists. Of course I was able to use the same SMTP when using another Internet connection IP, not blacklisted.
Provided that the second part of your explanation does not relate to my problem, however as a owner of websites including contact scripts I would be interested to know the best ways to protect it from abuses you described.
Thanks
