All,
We are in the process of trying to help a sender to clean up their act and IP space, and in doing so, we came across a SURBL listing which we're trying to figure out.
The domain that is listed is ibwmail.com; the problem that we are having is that there is no website at all on that domain, nor can we find any spam - anywhere - mentioning the domain. The only clue that we can find is that there is a gambling site that is using the domain as their MX (now, you may be saying that this is a big clue - but given that this is a domain listing, not an IP/MX listing - the two taken together don't add up, and that makes the delisting request process difficult because, for example, there is no message containing the (non-existent) website to include as required in a SURBL delisting request).
This is a sender who is trying to reform their customers' practices, their space, etc... but it's awfully hard to whack anybody with a clue-by-four ("Bad sender! Bad, bad, bad!") when we can't find the puddle they stepped in (to torture a metaphor).
Any thoughts, clues, or pointers would be greatly appreciated!
Thanks!
Anne
Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Member, Cal. Bar Cyberspace Law Committee Member, Asilomar Microcomputer Workshop Committee Author: Section 6 of the Federal CAN-SPAM Act of 2003 Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
On 03/10/2015 10:50 AM, Anne P. Mitchell, Esq. wrote:
All,
We are in the process of trying to help a sender to clean up their act and IP space, and in doing so, we came across a SURBL listing which we're trying to figure out.
The domain that is listed is ibwmail.com; the problem that we are having is that there is no website at all on that domain, nor can we find any spam - anywhere - mentioning the domain. The only clue that we can find is that there is a gambling site that is using the domain as their MX (now, you may be saying that this is a big clue - but given that this is a domain listing, not an IP/MX listing - the two taken together don't add up, and that makes the delisting request process difficult because, for example, there is no message containing the (non-existent) website to include as required in a SURBL delisting request).
This is a sender who is trying to reform their customers' practices, their space, etc... but it's awfully hard to whack anybody with a clue-by-four ("Bad sender! Bad, bad, bad!") when we can't find the puddle they stepped in (to torture a metaphor).
Any thoughts, clues, or pointers would be greatly appreciated!
Thanks!
Anne
Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Member, Cal. Bar Cyberspace Law Committee Member, Asilomar Microcomputer Workshop Committee Author: Section 6 of the Federal CAN-SPAM Act of 2003 Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Ms Mitchell,
Below is the point of contact were were given after MXTools stopped offering SURBL.
support@securityzones.net
Hopefully as a SURBL vendor they can help your client get de-listed.
Good luck.
Below is the point of contact were were given after MXTools stopped offering SURBL.
support@securityzones.net
Hopefully as a SURBL vendor they can help your client get de-listed.
Thank you, Andy!
Anne
Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Member, Cal. Bar Cyberspace Law Committee Member, Asilomar Microcomputer Workshop Committee Author: Section 6 of the Federal CAN-SPAM Act of 2003 Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Hello Anne,
The proper procedure to request removal is to use the removal form:
http://www.surbl.org/surbl-analysis
If you are unable to use the removal form, then please use plain text email with all of the required removal information sent to whitelist@surbl.org (but the form is the preferred method)
I hope that helps.
Joe Wein SURBL
----- Original Message ----- From: "Anne P. Mitchell, Esq." amitchell@isipp.com To: "SURBL Discussion list" discuss@lists.surbl.org Sent: Thursday, March 12, 2015 02:24 Subject: Re: [SURBL-Discuss] Trying to Figure Something Out
Below is the point of contact were were given after MXTools stopped offering SURBL.
support@securityzones.net
Hopefully as a SURBL vendor they can help your client get de-listed.
Thank you, Andy!
Anne
Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Member, Cal. Bar Cyberspace Law Committee Member, Asilomar Microcomputer Workshop Committee Author: Section 6 of the Federal CAN-SPAM Act of 2003 Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Hi Joe!
The proper procedure to request removal is to use the removal form:
http://www.surbl.org/surbl-analysis
If you are unable to use the removal form, then please use plain text email with all of the required removal information sent to whitelist@surbl.org (but the form is the preferred method)
I hope that helps.
Joe Wein SURBL
Right...the problem is that the required removal information includes samples of email in which the listed URL (ibwmail.com) is part of the content, and there are no such emails; none sent by the entity in control of the domain, and none that we can find anywhere online.
That said, I note that the domain is now delisted - so, thank you, whomever facilitated that, although what I was actually looking for was information about why it was listed, so we could bash the senders over the head if need be. ;-)
Anne
FWIW, i see some chatter on an anti-spam discussion list dating back to March 2013 (happy anniversary) making note of the /24 surrounding these IPs as being highly questionable:
185.18.33.78.in-addr.arpa mailer1.ibwmail.com http://mailer1.ibwmail.com/. 186.18.33.78.in-addr.arpa mailer2.ibwmail.com http://mailer2.ibwmail.com/. 187.18.33.78.in-addr.arpa mailer5.thetradingfloor.co.uk http://mailer5.thetradingfloor.co.uk/. 188.18.33.78.in-addr.arpa mailer4.ibwmail.com http://mailer4.ibwmail.com/.
n
On Mar 10, 2015, at 11:50, Anne P. Mitchell, Esq. amitchell@isipp.com wrote:
The domain that is listed is ibwmail.com http://ibwmail.com/; the problem that we are having is that there is no website at all on that domain, nor can we find any spam - anywhere - mentioning the domain. The only clue that we can find is that there is a gambling site that is using the domain as their MX (now, you may be saying that this is a big clue - but given that this is a domain listing, not an IP/MX listing - the two taken together don't add up, and that makes the delisting request process difficult because, for example, there is no message containing the (non-existent) website to include as required in a SURBL delisting request).
This is a sender who is trying to reform their customers' practices, their space, etc... but it's awfully hard to whack anybody with a clue-by-four ("Bad sender! Bad, bad, bad!") when we can't find the puddle they stepped in (to torture a metaphor).
FWIW, i see some chatter on an anti-spam discussion list dating back to March 2013 (happy anniversary) making note of the /24 surrounding these IPs as being highly questionable:
185.18.33.78.in-addr.arpa mailer1.ibwmail.com http://mailer1.ibwmail.com/. 186.18.33.78.in-addr.arpa mailer2.ibwmail.com http://mailer2.ibwmail.com/. 187.18.33.78.in-addr.arpa mailer5.thetradingfloor.co.uk http://mailer5.thetradingfloor.co.uk/. 188.18.33.78.in-addr.arpa mailer4.ibwmail.com http://mailer4.ibwmail.com/.
Hrrrm...which list is this? I thought my personal archives were pretty comprehensive (although granted the mail search function has been awful since Yosemite).
But in any event, thank you!
Anne
Anne P. Mitchell, Attorney at Law CEO/President, Institute for Social Internet Public Policy Member, Cal. Bar Cyberspace Law Committee Member, Asilomar Microcomputer Workshop Committee Author: Section 6 of the Federal CAN-SPAM Act of 2003 Ret. Professor of Law, Lincoln Law School of San Jose Ret. Chair, Asilomar Microcomputer Workshop
-
Andy Dorman -
Anne P. Mitchell, Esq. -
Joe Wein -
Neil Schwartzman