[Scspamcop] Re: Network Solutions turned off my domain

[V Meyers]

"Mike Easter" <MikeE at ster.invalid> wrote in message
news:eumu00$hj2$1 at news.spamcop.net...
> V Meyers wrote:
> > Hello, Yesterday afternoon at about tea time, Network Solutions
> > locked my domain name.
>
> A domainname can be associated with a website.  A domainname can be
> associated with email addresses.  So far I can't tell just what is going
> on.  Locked up can mean that a domainname lost its nameservice so that
> it doesn't resolve for a website IP address or a MX IP address.
>
> > So with no DNS out in the world I started
> > getting calls that people were getting bounces that said "domain does
> > not exist".
>
> I think I'm going to guess that a website lost its nameservice.
>
> > I called Network Solutions of course, and the only information that I
> > have is that they received a 'report' from spamcop.net and that was
> > enough for them to disable my domain (this is for a long standing
> > local retail company).
>
> If we are talking about a website's IP not resolving from its name, the
> only kind of report NetSol could get from a spamcop reporter would be
> that the reporter reported a spam, the spam had a spamsource, and the
> spam had a spamvertiser, and the spamvertiser's IP address corresponded
> to netspace that NetSol provides webspace for, separate from NetSol's
> 'business' of providing domainnnames, and NetSol decided to turn off the
> nameservice instead of investigating whether or not some spamreporters
> report was accurate or not.

I have no 'services' with NetSol, just the domain registration. Cox is my
DNS

> > With no notice.  I have a sysadmin@ account a proper abuse@ account a
> > postmaster@ account, and they of course have my phone number and fax
> > number and street address for that matter.
>
> That doesn't actually have anything to do with the process by which
> spamcop reports to a provider about a spam.  The mechanism by which a
> reporter's report is reported to providers is that the registered
> reporter submits a presumed spam to the SpamCop parser, the parser
> 'digests' the alleged spam and determines its spamsource IP address and
> its spamvertiser IP address.  Then, it takes those IP addresses, no
> domainnames, and from the IP addresses determines who controls the
> netblock of the IP address.  It notifies the provider for the spamsource
> IP addressspace netblock and the provider for the spamvertiser IP
> addressspace netblock amd it also adds the spamsource IP, but not the
> spamvertiser IP to the spamcop blocklist.
>
> If some netspace provider overreacts to being notified of a spamcop
> report without making an independent evaluation of the report, and if
> some netspace provider kills some domainname's name resolution without
> making some independent determination of wrongdoing by the client, then
> the netspace provider isn't doing a very good job of providing service
> to its customer.

I think this is beyond overreacting, to turn of my domain without prior
notice for unknown reasons, that obviously was not looked into.

> > And of course no one can tell me what this is in this 'report' until
> > Monday.
>
> NetSol is supposed to have professionals sitting at the abuse desk
> evaluating any reports of spam or spam support.

Apparently the "policy enforcement team" is in charge of these reports and
the supervisor I spoke with told me that no one else has access to these
records, and it would be investigated in a 'few days'.
It seems to me it should have been investigated -before- my account was
locked.
And that if there was enough 'evidence' to turn off my account, it should be
available to me right now so I can investigate it and take corrective
measures if necessary, and that I should have been informed of the pending
lock of my account.

> > I thought it would have been nice to have known that this was going on
> > before the phones started ringing and I am now off line for 3 days...
> > They pulled my domain first and are 'going to investigate' to see if
> > the addresses were spoofed (I am confident that these did not come
> > from any of my systems).  It seems to me someone should look to see
> > if the emails are fraudulent -before- you turn off a respected
> > companies email service and web site for 2 or 3 days (that is what I
> > was told is normal without the weekend).
>
> That's what you should be saying to NetSol.

Oh, I assure you I did say that to NetSol, I have talked with them 6 times
now and they just keep telling me that the "policy enforcement team" is not
in until Monday, and that they are the only ones privy to this information.

> > Does spamcop.net send notices to abuse@ or postmaster@ as well as ISP
> > or are there cases where it goes directly to Network Solutions
> > without notifying anyone else.
>
> SpamCop's actions are based on IP addresses, not domainnames.  You
> haven't even named a domainname, much less an IP address.

The IP address is 68.15.233.248 the domain is pjmorgan.com
I ran it through http://www.web-max.ca/tools/ (and others) and it was
(Friday afternoon) and is still all green!

>
> How are we going to talk about what is going on without naming the
> affected site or IP address?
>
> > And is there anyway to tell previous entries ? I checked my IPs with
> > every blacklist I could find and it did not show up (my business T1
> > account, my ISP email server, and my ISP web server). I have searched
> > everything I can find with my domain name and specifically my local
> > IP (if I had a trojan or something) but no listings anywhere!!!
>
> If you think you are going to get any help or commentary from anyone
> else around here, you are going to have to start naming something
> specific, like a domainname or an IP address or what NetSol said that
> your [whatever] was accused of.
>
> -- 
> Mike Easter
> kibitzer, not SC admin

All of the information that I have is that Network Solutions told me that
they disabled my domain name because of a report from spamcop. And for the
safety of the internet they immediately suspended my account until they
could investigate further. And that the "policy enforcement team" is
closed until Monday morning they were unable to provide me with the 'report'
(I could not believe it either). So I have absolutely no idea of what the
actual circumstances are at this time, except for the fact that my domain is
locked.