AOL Error 554 RTR:BL

[twcinpa]

Received this AOL error message:
* 554 RTR:BL
http://postmaster.info.aol.com/errors/554rtrbl.html

EXPLANATION:

This error message indicates that a block has been placed against your IP address because we have received numerous complaints concerning mail coming from that IP address.

SOLUTION:

Please have your ISP or server administrator contact AOL for assistance. The mail administrator should request a feedback loop that will alert them to reported spam from their network. You can access the Feedback Loop request form here.

After going to spews.org I found this report:
Jaguar Technologies
|--------------------
0, 66.227.81.228, mass-mailer.net / internet-orange.com (dead)
1, 62.65.252.68, mass-mailer.net / internet-orange.com
1, 62.65.252.69, mass-mailer.net / internet-orange.com
1, 62.65.252.64 - 62.65.252.71, EE-BALTHOST / mass-mailer.net / internet-orange.com (on listed starman.ee)
---------------------|

Spamware peddler.

http://mass-mailer.net/advanced_features.php
--------------------------------------------------------------------------------
Web Master
NIkolska
Niolaev 54000
Ukraine

Registered through: GoDaddy.com

Domain Name: MASS-MAILER.NET

Created on: 26-Mar-02
Expires on: 26-Mar-04
Last Updated on: 27-Mar-03

Administrative Contact:
Master, Web info@internet-orange.com
Nikolska
Nikolaev 54000
Ukraine
+380677474302 Fax --

Domain servers in listed order:
NS1.ALETIA.COM
NS2.ALETIA.COM

Last Updated on: 17-Oct-03
Domain servers in listed order:
VS0.BALTHOST.EE
VS1.BALTHOST.EE
--------------------------------------------------------------------------------
--- contacting nameserver: vs1.balthost.ee [62.65.250.154]

mass-mailer.net MX 0 mass-mailer.net
mass-mailer.net A 62.65.252.68
mass-mailer.net NS vs0.balthost.ee
mass-mailer.net NS vs1.balthost.ee
mass-mailer.net SOA
origin = vs0.balthost.ee
mail addr = root@vm.balthost.ee
serial = 1066414746
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 3600000 (41 days 16 hours)
minimum ttl = 86400 ()
mass-mailer.net NS vs0.balthost.ee
mass-mailer.net NS vs1.balthost.ee
mass-mailer.net A 62.65.252.68
vs0.balthost.ee A 62.65.252.68
vs1.balthost.ee A 62.65.250.154

Old:
--- contacting nameserver: ns2.nocdirect.com [66.227.56.5]

mass-mailer.net SOA
origin = ns.nocdirect.com
mail addr = root@plutonium.nocdirect.com
serial = 1036897323
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 3600000 (41 days 16 hours)
minimum ttl = 86400 ()
mass-mailer.net NS ns2.nocdirect.com
mass-mailer.net NS ns.nocdirect.com
mass-mailer.net A 66.227.81.228
mass-mailer.net MX 0 mass-mailer.net
ns.nocdirect.com A 66.227.57.1
ns2.nocdirect.com A 66.227.56.5
--------------------------------------------------------------------------------
Domain: INTERNET-ORANGE.COM

Registrant/Owner: 000-OI13346
Team
Soviet 1
Nikolaev NK, 54000
UA

Administrative Contact: 000-OI13346
Orange Internet
Soviet 1
Nikolaev NK, 54000
UA
+38.0677474302
info@internet-orange.com

Created on 2001-02-02
Updated on 2003-02-01
Expires on 2004-02-02

Nameservers:
NS1.ALETIA.COM
NS2.ALETIA.COM

Updated on 2003-11-10
Nameservers:
NS2.IDGHOST.COM
NS1.IDGHOST.COM

Updated on 2004-02-16
Nameservers:
NS1.OBJECT-DB.COM
NS2.OBJECT-DB.COM
--------------------------------------------------------------------------------
--- contacting nameserver: ns1.aletia.com [66.227.56.34]

internet-orange.com MX 0 internet-orange.com
internet-orange.com SOA
origin = ns.nocdirect.com
mail addr = root@plutonium.nocdirect.com
serial = 1035553195
refresh = 28800 (8 hours)
retry = 7200 (2 hours)
expire = 3600000 (41 days 16 hours)
minimum ttl = 86400 ()
internet-orange.com NS ns2.nocdirect.com
internet-orange.com NS ns.nocdirect.com
internet-orange.com A 66.227.81.228
internet-orange.com A 66.227.81.228
ns.nocdirect.com A 66.227.57.1
ns2.nocdirect.com A 66.227.56.5
--------------------------------------------------------------------------------
inetnum: 62.65.252.64 - 62.65.252.71
netname: EE-BALTHOST
descr: Svetlana Davarasvili FIE
country: EE
admin-c: SR1412-RIPE
tech-c: SR1412-RIPE
status: ASSIGNED PA
notify: ripe@starman.ee
mnt-by: AS13272-MNT
changed: ripe@starman.ee 20030814
source: RIPE

route: 62.65.192.0/18
descr: Starman Internet AS
origin: AS13272
notify: ripe@starman.ee
mnt-by: AS13272-MNT
changed: ripe@starman.ee 20020620
source: RIPE

person: Sergei Resetnjak
address: Svetlana Davarasvili FIE
address: Veeru 4 - 95
address: 74111 Maardu
address: Estonia
phone: +37255983103
e-mail: clai_w@hotmail.com
nic-hdl: SR1412-RIPE
notify: ripe@starman.ee
changed: ripe@starman.ee 20030814
source: RIPE
--------------------------------------------------------------------------------

Can someone help me understand what is going on here. I assume someone has been using my domain to send spam. This all started about a week ago. A few days after it started I also started receiving 'undeliverable email' notices, probably 100 by now.

I have notified JaguarPC, but as yet without any resolution. Is there anything I can do to be able to send mail to AOL. This does impact my wife's home business a whole bunch.

[jason]

This probably doesn't mean that someone has been using your domain name to send spam. It means that someone has been using the server your site is hosted on to send spam. You see, all mail sent from a JPC server goes out from the same IP address. If someone signs up for an account with JPC and they start using that account to send spam, JPC usually picks up on it pretty quickly and suspends the account, but sometimes not before the blacklists decided to list the IP address.

AOL runs one of the more respectable blacklists, so it shouldn't be difficult for JPC to get your server back off of it. I'm sure you'll hear from them soon when this is corrected.

--Jason

[JPC-Les]

We are aware of two servers being blacklisted by AOL. As Jason mentioned they are pretty good about delistings and we expect to have the listings removed within a few days.

[twcinpa]

It's been about a week that I've been getting Mailer-Demon rejected mails. I just checked mail after a few hours and had over 65 such mails.

Is this mail going out on the JAG server using my domain or do they just like my domain name?

I opened a ticket about a week ago, but the problem seems to be growing.

The server is plutonium.

Tom

[jason]

Again, I have no idea how long AOL takes to remove an IP address from their cache, so I don't know if things are moving at a normal pace right now or if they are moving slow.

As far as what's going on, blacklisting is done by IP address, not domain name. Each server has an IP address, which is in a basic sense its Internet telephone number. An IP is blacklisted if a service sees that IP sending an unusually high quantity of messages or if it is sending mail that looks like spam (based on a predefined set of criteia). Unfortuantely all outbound traffic on a JPC server (or most other hosts' servers) is done through the server's main IP. Even if you have a dedicated IP address for your site, that IP is only used to get incomming traffic to your site, all outbound traffic goes through the server's main IP. Unfortunately that means that if there are 100 legit users on a server and one spammer all of the users have to suffer if that one bad apple gets blacklisted.

--Jason

[twcinpa]

Given that I'm receiving large amounts of 'bounced' emails, is it correct that the spammer is still spamming? Also, this mail comes back to my domain name, therefore is the spammer using my domain name. I understand the IP is blacklisted, but the bounced mail is returned to my catchall domain email address.

Tom

[jason]

Given that I'm receiving large amounts of 'bounced' emails, is it correct that the spammer is still spamming? Also, this mail comes back to my domain name, therefore is the spammer using my domain name. I understand the IP is blacklisted, but the bounced mail is returned to my catchall domain email address.

Tom

Unfortunately, when it comes to spam, there is no clear cut answer these days. There are several different reasons why you might be getting these bounces:

1. Someone is spoofing headers and using your email address to send spam to non-existant addresses, which is causing you to get the bounces.
2. Someone who has your address in their Outlook address book has a virus that is silently sending mail with spoofed headers featuring your domain anem to random addresses that don't exist and you are getting the bounces.
3. Someone who has your address in their address book has a virus that propagates itself by sending mail that looks like a bounce message that tries to trick the recipient to opening the virus-ridden file to see the details of why the message bounced (see this thread for more on that).

None of these issues should land your IP on a blacklist though, since the mail isn't actually originating from your server. I think there are two separate, unrelated, but equally annoying issues at play here: your server is blacklisted and someone is either sending you spam (as in case 3 above) or using your domain to send others spam.

Just like there is no simple answer to where these bounces are coming from, there is no simple solution, either. You could look at where the mail is originating and try to go after the source, but it is likely that there will be no common trends. Sometimes the best course of action to take on these things is to just wait it out. Sooner or ater the spammer will move on to a different domain. That's the answer no one wants to hear, but it is really the only advice there is.

You might want to enable spam assassin and diable catch all email so that you don't keep getting these things. It won't put a stop to them, but at least you won't have to look at them.

--Jason

[Connie]

Jason is correct as usual. In regard to sending e-mail set your e-mail client up to send through your ISP. I know It's a pain in the but, but it is sometimes necessary. 99.9% of the recipients will not know the difference.

I like to send through Jags servers because I use 2 different ISPs. I don't want to have that many alternate accounts set up. I don't wasn't to disconnect and reconnect every time I send an e-mail.

But never rely on your web host as the only way to send e-mail. So I have an alternate way to send e-mail if there are problems with sending through Jag.

[twcinpa]

Well, it's working that way with my ISP right now.

That's the way I've had it set up in the past, but about 18 months ago it seems places like AOL did not like that the return address and ISP address were different. A number of emails to good friends just disappeared. I had moved to another state and it was quite an annoyance.

Let's hope spammers find a way to self-destruct, but I suspect they really enjoy this.

Tom