|
|
|
|
| The Telling IT Straight Network is not currently active and cannot accept new posts |
| Spam and Mail server info Question for the (more) Tech Savvy than me. | Views: 2157 |
| Jul 29, 2009 1:36 am | | Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Murray Farrell | | Hi Tech gurus.
I have an associate that sends me a few emails a week.
Sometimes they are marked as Spam.
Every email (OK I checked 5-6) seems to have a different 'From IP Address' Some are spam marked, others not.
This morning I received three emails from him over 90 mins where we were discussing this situation and each one had a different 'From email address'. BTW, these emails were NOT marked as spam.
I have spent a good (or was it bad?) three hours doing my research here and can't work out what is happening.
I had assumed the source IP address is the actual mail server address. But, the source address keeps on changing.
Is this because they are using multiple mail servers?
Or is it because they keep on getting their servers blocked by blacklists and they allocate another IP address to the single mail server they use.
Or some variation of the two before?
All appropriate tech level answers really appreciated.
Thanks in advance,
Murray
Private Reply to Murray Farrell |
| Jul 29, 2009 1:51 am | | re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Scott Wolpow | | It can be from Zombies, ask Lamar his machien was turned into one. It can be from spoofed IP's. Or it can be hijacked mail servers or they can use differant machines.
Look at the headers, should tell you alot. Next step is to use sendmail log or if Exchange has one, it's log.Private Reply to Scott Wolpow |
| Jul 29, 2009 2:19 am | | re: re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Murray Farrell | | Thanks Scott,
All the emails are definitely from my mate Casey. Some are marked as spam but aren't spam; and their IP source addresses in the actual received email are all different. The 3 emails I referred to this morning are also all legitimate and from from my mate Casey who is living 10 miles from me.
I just can't understand why legitimate emails through his hosting company to me are being treated like this.
Private Reply to Murray Farrell |
| Jul 29, 2009 3:20 am | | re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Reg Charie | | I am not 100% certain but I would suspect that your buddy's computer is compromised by a virus program that sends spam.
Normally the source IP is recorded by the program sending the email.
If this is changing, something is changing it, and that is not something that an email client would do on its own.
I would be concerned if my email's originating IP was being changed.
How much of a change is there in the IP addresses?
Are they in the same range?
Can you give us some actual examples?
Reg - NEW DEMO!! Turn photos into paintings http://FantasticMachines.com
All You Need is Dotcom-Productions and a Dream. http://dotcom-productions.com
0Grief http://0grief.com/special_hosting_accounts_for_my_ryze_friends.htm
CRELoaded websites http://RegCharie.com - SBTT http://thinktank-network.ryze.comPrivate Reply to Reg Charie |
| Jul 29, 2009 6:04 am | | re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Murray Farrell | | I probably haven't explained my self clearly. Sorry.
The emails I am asking about are definitely from my mate to me.
This morning's 3 emails were from:
Received: from unknown (HELO smtpauth19.prod.mesa1.secureserver.net) (64.202.165.30)
Received: from unknown (HELO smtpauth23.prod.mesa1.secureserver.net) (64.202.165.47)
Received: from unknown (HELO smtpauth13.prod.mesa1.secureserver.net) (64.202.165.37)
These were not marked as Spam.
------------------------------
This was yesterday + NOT marked as Spam
Received: from unknown (HELO smtpauth16.prod.mesa1.secureserver.net) (64.202.165.22)
--------------------------------
Now these are Spam Marked emails from the same guy.
Received: from unknown (HELO p3plsmtpa01-04.prod.phx3.secureserver.net) (72.167.82.84)
-------------
This was on the weekend.
Received: from unknown (HELO p3plsmtpa01-02.prod.phx3.secureserver.net) (72.167.82.82)
---------------------------
The following are from 2 weeks ago + marked as Spam
Received: from unknown (HELO smtpauth03.prod.mesa1.secureserver.net) (64.202.165.183)
---
Received: from unknown (HELO smtpauth03.prod.mesa1.secureserver.net) (64.202.165.183)
---
This too was marked as Spam and rxed in May
Received: from unknown (HELO smtpauth13.prod.mesa1.secureserver.net) (64.202.165.37)
-------------------------
So there are a few of the emails and as you can see, they all appear to be from secureserver.net and the IP addresses are changing. Maybe thay just have bulk email servers??
My action to attempt fix the situation started when my host rejected my mate's email with a Spam level of 7.5 on the weekend. I thought I'd get him whitelisted with my host... and you guys know the rest.
So that's what's happening.
Thanks Scott and Reg for your responses. (I've only seen you two while working on this reply).
CU
Murray
Private Reply to Murray Farrell |
| Jul 29, 2009 12:31 pm | | re: re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Scott Wolpow | | Your answer is why I had a major fight with the president of Godaddy.com As sson as I saw the smtp server I knew the answer.
It is all GoDaddy.com's fault. This is what happened to me a few years ago.
Their servers are marked as known spamers.
The one and only solution is to move away from Godaddy.com Nothing else will work. SPf is iffy at best.
My emaisl to a few international comapnies were traeted as spam, then blocked.Private Reply to Scott Wolpow |
| Jul 29, 2009 10:53 pm | | re: re: re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Murray Farrell | | Thanks guys for your replies.
I have heard people complaining about GoDaddy in the past.
It was reported that some hosting companies have taken legal action against people speaking frankly of their experiences.
Was your disagreement because
1 Mail server IP addresses were changing too often?
2 Some IP addresses in their block are on blacklists?
3 IP addresses are being changed so that some mail servers aren't blacklisted 100% of the time?
4 Problems with spamming policies and the resolution/non reolution of being blacklisted?
General answers are ok by me.
Feel free to send me a DM if you wish.
Thanks for your contributions Reg and Scott.
Regards,
MurrayPrivate Reply to Murray Farrell |
| Jul 29, 2009 11:03 pm | | re: re: re: re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Scott Wolpow | | I gave him the method to fix it and he refused. This was on Superbowl Sunday when they had their first ad.
He found out a little too late, after a deal died, who I was able to influence.Private Reply to Scott Wolpow |
| Jul 30, 2009 9:32 pm | | re: re: re: re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me. | # |
Reg Charie | | With some services it is a general rule your pooled IP Address changes when you disconnect and then reconnect. Some ISP's have a time limit that will release and renew your IP
Reg - NEW DEMO!! Turn photos into paintings http://FantasticMachines.com
All You Need is Dotcom-Productions and a Dream. http://dotcom-productions.com
0Grief http://0grief.com/special_hosting_accounts_for_my_ryze_friends.htm
CRELoaded websites http://RegCharie.com - SBTT http://thinktank-network.ryze.comPrivate Reply to Reg Charie |
| Jul 30, 2009 9:48 pm | | re: re: re: re: re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me | # |
Scott Wolpow | | Not the ISP in this case. He must be using GoDaddy for SMTP, that would cause this issue. Private Reply to Scott Wolpow |
| Jul 30, 2009 10:36 pm | | re: re: re: re: re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy than me | # |
Murray Farrell | | I agree about pooled IP addresses. As Scott said, it is not the ISP. That is Telstra Australia in this case. He thought he was hosting with PhotoBiz? but they must be resellers.
In one of the searches I did, the IP address had 12k host accounts linked to it. Whether that is correct, I don't know; but what I do know is that my mate is unhappy with the spam tags and wants to move from PhotoBiz but maybe stuck with proprietary scrips etc. Have a look at twistedirony.com if you like bizAArT. It's not commercial and proceeds are donated to WorldVision.
Regards,
Murray
Private Reply to Murray Farrell |
| Jul 31, 2009 12:53 am | | re: re: re: re: re: re: re: re: re: Spam and Mail server info Question for the (more) Tech Savvy tha | # |
Scott Wolpow | | His email is being handled through GoDaddy's zone files. May not have anything to do with hosting. That was at the core. It was just using their Zone files taht caused teh issue. Private Reply to Scott Wolpow |
 |
|
|
