[Scspamcop] Re: Network Solutions turned off my domain

Mike Easter MikeE at ster.invalid
Sun Apr 1 15:29:26 EDT 2007 

V Meyers wrote:
> "Mike Easter"

>> The website was http://www.pjmorgan.com/ -- it is not currently
>> possible to tell what that site's IP was.
>
> http://205.178.132.70/ (it is a name based server so this will not
> return anything)
> This is a Cox hosted server

Not really.  That IP you gave lives in here:

whois -h whois.arin.net 205.178.132.70 ...

OrgName:    InQuent Technologies Inc.
NetRange:   205.178.128.0 - 205.178.191.255
RTechEmail:  mark.salerno at inquent.com

>> /If/ your website had been at 68.15.233.248 - which condition is not
>> possible to tell at this stage, the normal spamcop parsing algorithm
>> would not have notified NetSol about that site being spamvertised,
>> because netsol does not control that IP.
>
> The web site has always been at 205.178.132.70

Netsol does not control that IP either, see above.  If spamcop were
going to notify about that IP, it would notify abuse at inquent.com -- not
cox or netsol.

>> SC's system does not notify a domainname registrar.  SC's system
>> notifies the provider for the IP's block, which in this case if that

>> If there is some other IP involved with your site or email, then
>> that is another matter.
>
> Just Cox Communications. I have my 1 ip address above, my web site is
> at 205.178.132.70 and my email server is hosted with Cox also, and my
> mail seems to send from dukecmmtao01.coxmail.com = 68.99.120.68

The website IP as given isn't cox.  How the mail is handled may be that
the incoming is handled by an MX in one IP block and the outgoing could
be handled in another IP block and with a different name.

> I just talked to NetSol again, they now say they are going to start
> 'looking into this' Monday morning and that it should not take more
> than a "-FEW DAYS-" to investigate... I went off line without notice
> mid afternoon Friday the 30th, and I still do not even know what I am
> in trouble for..

It is very common for providers to 'deal with' a presumed spammer
without talking to them, because spammers always lie -- so the provider
doesn't even ask anything.  They just terminate the service while they
figure things out.  Sometimes that is a very stupid behavior based on
some very stupid mistake.  Sometimes it is based on some kind of
insecurity of the client -- the client was spamsourcing or even
spamvertising because their IP was being 'usurped' by the spammer.

-- 
Mike Easter
kibitzer, not SC admin

More information about the SCspamcop mailing list