>I of course fixed that problem, and now I needed to find out where these >databases exist (the support guy couldn't help me here). After some >searching I found a site (http://mail-abuse.org/referred.html) that spells >out exactly what I needed to do to verify that our domain was in the >database(s) (it was) and how to request it be removed (I did).
That's for the RBL test. There are over 40 different anti-spam databases. http://www.dnsreport.com/tools/ip4r.ch?ip=209.12.34.178 shows that you are in several of them; you need to be removed from each one separately. >This is extremely frustrating and embarrasing because I'm (usually) on top >of things like this, but this fell through the cracks obviously. Now I >have to wait for our client to update their database (could take 24-48 >hours I'm told) so we can send mail again. Live and learn. The URL above will show you how long the entries are cached for (in the "TTL" column). >After all that, I *do* have a question. How can I tell by looking at my >log file that my server was indeed used for relay spamming? The only >other thing we can think of is that we sent unsolicited email to our >current and former clients asking if they'd like to subscribe to our >company newsletter. It's *possible* that that could have done it, but it's unlikely. SPAMCOP (at http://spamcop.net/w3m?action=checkblock&ip=209.12.34.178 )shows that you were sending mail like "Invest like the banks" and "The information and details are inside". They also show the date/time the E-mails were sent, so you can easily cross-reference your log files. The other spam tests have other URLs you can check. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/