On 1/23/2019 4:10 PM, Chris Boyd wrote:
Can you tell me why 208.81.240.138 is blocked? Only three people use that
server and I’ve looked over the logs and nothing sticks out.
Chris
It is a little strange and definitely inappropriate that you've emailed
this to the mailop mailing list. Doing so gives the FALSE impression
that the invaluement delist process is utterly broken or we're not
running invaluement professionally (not that we couldn't ever use
improvement).
So here are some facts that you've now forced me to share:
(1) your FIRST delist request to invaluement - came IN THE SAME EXACT
MINUTE - that you sent this email to MailOp. That is a MASSIVELY FAST...
AND... MASSIVELY IMPATIENT escalation. (especially since...)
(2) I saw your message with 4 minutes of you sending it (and within 4
minutes of you doing your FIRST delist request). I went to check on the
status of your delist request - and *our automated system had ALREADY
delisted your IP... before I could even get to it... it had delisted
sometime within 4 minutes of your FIRST delist request! *It was delisted
before anyone on mailop (or myself) even read *ANY* of your messages
about this.*
*
(3) *the listing was due to recent egregious phishing spam sent from
your IP to spamtrap addresses*. See attached screenshot of one of the
phishing spams sent recently from this IP. I blurred the FROM address
because I think that is an innocent bystander's address forged in that
spot. The "reply to" address is the criminal's address. This shows the
top of the spam, before scrolling - but it shows PLENTY. This particular
spam was sent to a spamtrap address. While the spam's header date is
from 2 days ago, it was actually sent yesterday. And it definitely came
from 208.81.240.138
So the listing was "for cause" - but our system was still willing to
delist IMMEDIATELY upon your FIRST delist request, and did so within a
few minutes of your request. It did so because your IP rated good enough
in our system to delist it after a delist request (without involving any
of our humans yet). More egregious spammers (such as those sending spam
on purpose - and where little or no legit email comes from that IP)
typically don't get that benefit.
If you want to know more about the spam, such as getting copy of the
headers, to help you track this problem down, then reply back off-list
and we can continue this discussion off-list.
ALSO - while I think your escalation in this case was in appropriate -
in the future, if something like this happens again - and you don't get
results after an hour or two (NOT like this situation - where we had
/*already */and /*immediately */delisted your IP!) - then please just
email me directly before posting this to a discussion list. I think
MailOp would appreciate that.
--
Rob McEwen
https://www.invaluement.com
___
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop