[SPEWS] S543 Removal request
![[D]J's profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
[D]J
Hope some SPEWS editor or developer can read this and help me as I'm having
huge problems because of this.
Ok, I'm *NOT* a spammer but the IP address of my site happens to be just in
a range of banned IPs (what a luck) :( I e-mailed my hoster some days ago
asking to solve the issue and they replied me: "Hi Marco, the offending
servers were completely pulled off line yesterday and, as you can see,
Spamhaus alsoremoved the ban"
Great but, although this, my IP is still listed in SPEWS as shown here (
http://spews.org/html/S543.html ):
1, 216.55.132.0/24, aplus.net (Jonathan Cosie / neighborexpress.com)
This is a big problem for me as I have many services on my site which use
automated e-mail messages for registrations of new users, news, etc. and
most Italian e-mail providers use SPEWS level 1 as their anti-spam lists!
I've noticed that on your FAQs you say: "SPEWS is just an automated system,
if spam or spam involvement (hosting spammers, selling spamware) from your
IP address/range ceases, it will drop out of the list in time". Well, spam
from my hoster has ceased but the ban is still there. Can you please speed
up the removal process? Again, this ban is giving to my site huge
functionality troubles.... thank you very much!
--
Comments posted to news.admin.net-abuse.blocklisting
are solely the responsibility of their author. Please
read the news.admin.net-abuse.blocklisting FAQ at
http://www.blocklisting.com/faq.html before posting.
Tony Roza
>
> Great but, although this, my IP is still listed in SPEWS as shown here (
> http://spews.org/html/S543.html ):
>
> 1, 216.55.132.0/24, aplus.net (Jonathan Cosie / neighborexpress.com)
>
> This is a big problem for me as I have many services on my site which use
> automated e-mail messages for registrations of new users, news, etc. and
> most Italian e-mail providers use SPEWS level 1 as their anti-spam lists!
>
Hey, i am a *former* A+Net customer...
As of this morning, I noticed that you have been delisted.
http://spews.org/html/S543.html
0, 216.55.132.17, Jonathan Cosie / neighborexpress.com (aplus.net)
0, 216.55.132.21, Jonathan Cosie / mailne-ce2.neighborexpress.com
0, 216.55.132.0/24, aplus.net (Jonathan Cosie / neighborexpress.com)
Richard Johnson
wrote:
> 1, 216.55.132.0/24, aplus.net (Jonathan Cosie / neighborexpress.com)
> ...
> I've noticed that on your FAQs you say: "SPEWS is just an automated system,
> if spam or spam involvement (hosting spammers, selling spamware) from your
> IP address/range ceases, it will drop out of the list in time". Well, spam
> from my hoster has ceased but the ban is still there. Can you please speed
> up the removal process? Again, this ban is giving to my site huge
> functionality troubles.... thank you very much!
Given that your provider (aplus.net?) was slow to remove the spammer,
waiting until SPEWS got around to listing an entire /24 (or more), how
much rapid action do you really feel entitled to?
Those of us who use SPEWS to advise us on which IPs might be sending
spam tend to prefer SPEWS takes the time to verify that the spam has
actually stopped before they delist a range.
That said, SPEWS is almost certainly faster than your provider. If
your provider, as network block owner, posts a message similar to
yours, SPEWS may move more rapidly.
If your provider describes the steps they're taking to avoid or at
least more quickly remove any repeat of infestation by spammers,
especially professional spammers like Cosie, that might help as well.
Of course, I haven't checked to see that your provider (or you) aren't
just fibbing about them having completely removed Cosie... Yeah, that
kind of thing happens often enough that we have to be suspicious.
Good luck!
Richard
PS - The closest we come to listing the space you're in:
# theteenzone.com
200.80.136.0/22 554 blocked net 2002-09-18 200.80.137.52 theteenzone.com (attla.net.ar). See <http://www.river.com/ops/nospam/>
216.55.150.0/24 554 blocked net 2002-09-18 216.55.150.8 theteenzone.com (aplus.net). See <http://www.river.com/ops/nospam/>
216.55.128.0/24 554 blocked net 2002-09-18 216.55.128.5 theteenzone.com (aplus.net). See <http://www.river.com/ops/nospam/>
--
To reply via email, make sure you don't enter the whirlpool on river left.
My mailbox. My property. My personal space. My rules. Deal with it.
http://www.river.com/users/share/cluetrain/
phil-new...@ipal.net
| Hope some SPEWS editor or developer can read this and help me as I'm having
| huge problems because of this.
They may be reading. Based on past observations there's a fairly good
chance their either they are, or someone passing sumamrized information
to them is reading. But neither you nor I will know for sure because
they do not write back. Results are seen in listings, changed or not.
| Ok, I'm *NOT* a spammer but the IP address of my site happens to be just in
| a range of banned IPs (what a luck) :( I e-mailed my hoster some days ago
| asking to solve the issue and they replied me: "Hi Marco, the offending
| servers were completely pulled off line yesterday and, as you can see,
| Spamhaus alsoremoved the ban"
That sounds like great news. But since it is provider issue, it would be
best if THEY would do the posting here to report this.
| Great but, although this, my IP is still listed in SPEWS as shown here (
| http://spews.org/html/S543.html ):
|
| 1, 216.55.132.0/24, aplus.net (Jonathan Cosie / neighborexpress.com)
Once a spammer has his service shut off, it generally takes some time for
that fact to become obvious when such things are learned by just observing
what spamming takes place, and what other operations and activities the
spammers are doing. This particular spammer has a long history of spamming
(this is seen by the rather low SPEWS record number) and a lot of providers
(meaning he could hop around quite a bit, and just leave the service he
gets from your provider unused for a while). Spammers often do that hoping
they can get more penetration once they return to that service, figuring it
may be less blocked. SPEWS figures in several things to determine how long
to leave an idle listing in place, and this may be one of them (since I do
not run SPEWS nor know anyone who does, I don't have any source of info on
just how it really works ... I'm just trying to piece it together based on
a couple years of observing).
Posting that the spammer has been removed can help. If they have in fact
not been removed, when that is discovered, it would likely ruin your ability
to report any future removals. And since you aren't the party doing that
removal, you'd putting your own repuation on line based on what someone else
has told you. So really, it is best to have your provider do the posting
about the spammer being removed.
| This is a big problem for me as I have many services on my site which use
| automated e-mail messages for registrations of new users, news, etc. and
| most Italian e-mail providers use SPEWS level 1 as their anti-spam lists!
It is a big problem for lots of people, as we have seen from many people
reporting these situations here in the past. Are you sure your provider
knows how big of a problem this is?
It appears that there are two provider involved:
Cedant Web Hosting: 216.55.132.0/24
which gets its address space from:
Abacus America Inc.: 216.55.128.0/18
You have a serious problem approaching you. This is because the upstream
provider, Abacus America, has 4 of their own spammers that they are not
disconnecting:
216.55.128.42/32 ! [1] JoeFerrazzano, see http://spews.org/ask.cgi?S631
216.55.128.52/32 ! [1] safe-suit, see http://spews.org/ask.cgi?S1275
216.55.143.83/32 ! [1] geicentral, see http://spews.org/ask.cgi?S1122
216.55.144.7/32 ! [1] geicentral, see http://spews.org/ask.cgi?S1122
216.55.191.60/32 ! [1] Jeff Lejj/globalthenet/colstuf, see http://spews.org/ask.cgi?S2939
216.55.191.0/26 ! [1] Jeff Lejj/globalthenet/colstuf, see http://spews.org/ask.cgi?S2939
And it looks like at least one of them is starting to expand. That could
result in your address space being listed again in the future, not due to
your provider, Cedant Web Hosting, but due to the upstream provider.
You need to have your provider talk to their provider about this issue ASAP.
| I've noticed that on your FAQs you say: "SPEWS is just an automated system,
| if spam or spam involvement (hosting spammers, selling spamware) from your
| IP address/range ceases, it will drop out of the list in time". Well, spam
| from my hoster has ceased but the ban is still there. Can you please speed
| up the removal process? Again, this ban is giving to my site huge
| functionality troubles.... thank you very much!
Hopefully, by posting, it can be speeded up. But to be sure, you should
have your provider post that report. If they include specific details,
such as what customer it was (the customer may be someone else working for
the spammer, for example), and the date they were terminated, etc, it makes
the report more believable or acceptable and increases the chance of the
listing being removed sooner.
But beware that storm on the horizon.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
McWebber
>
> Hope some SPEWS editor or developer can read this and help me as I'm
having
> huge problems because of this.
> Ok, I'm *NOT* a spammer but the IP address of my site happens to be just
in
> a range of banned IPs (what a luck) :( I e-mailed my hoster some days ago
> asking to solve the issue and they replied me: "Hi Marco, the offending
> servers were completely pulled off line yesterday and, as you can see,
> Spamhaus alsoremoved the ban"
>
> Great but, although this, my IP is still listed in SPEWS as shown here (
> http://spews.org/html/S543.html ):
>
> 1, 216.55.132.0/24, aplus.net (Jonathan Cosie / neighborexpress.com)
>
Well, it's too bad it took a SPEWS listing to get your host's attention.
They never did anything when I sent in complaints.
neighborexpress.com does seem to have been removed from that block.
SPEWS appears to have removed the listing: Anyone still blocking must have
old data.
0, 216.55.132.17, Jonathan Cosie / neighborexpress.com (aplus.net)
0, 216.55.132.21, Jonathan Cosie / mailne-ce2.neighborexpress.com
0, 216.55.132.0/24, aplus.net (Jonathan Cosie / neighborexpress.com)
--
McWebber
"Richter points to the lack of legal action against his company as proof
that he's operating appropriately."
Information Week, November 10, 2003