Related posts:

When we are blocking mail from our servers our system sends a response back that contains the sender IP address and a link to a form to request an allow or an exception.

When the sender fills out the form and sends us the bounce message an actual human reviews the request. – we  do not auto allow – a human actually researches the sender request to see what the issue is.

1) Why was the IP address originally blocked

2) Then we check public blocklists to see if there are other problems or host reputation issues.

Sometimes we discover that an IP block was on a range that an old hosting provider stopped monitoring and sold accounts to spammers for cheap and the whole range got polluted with spammers. When the hosting provider went out of business and the IP range went to a new service provider there is a mess to clean up and we will typically get a flurry of allow requests.

Named Based Virtual Hosting (click for Wikipedia definistion)

Virtual web hosting is often used on large scale in companies whose business model is to provide low cost website hosting for customers. The vast majority of web hosting service customer websites worldwide are hosted on shared servers, using virtual hosting technology.

The Spammers count on the non-spammers to do the dirty work

Name-based virtual hosting uses the host name presented by the client. This saves IP addresses and the associated administrative overhead but the protocol being served must supply the host name at an appropriate point.

Our goal is to be responsive

Most people do not read the content of the bounce message so frequently the sender has phoned one of our customers because they can not send them email. Our customers direct them to one of the forms for submitting the bounce message.

Today we had one of those – only this was slightly different.

The sender was sending from a gmail account and was not getting a bounce back message.

We do not block gmail accounts as a rule because they are fairly responsive with shutting down spammers on their network.

After many communications to track down what was going on it turned out the sender has a site hosted on HostGator.
They had their email client configured to authenticate through a hostgator account and even when the send sent an email to a gmail account a warning was displayed indicating it was not actually coming from the senders gmail account –

They were sending mail from a server that had 157 domains hosted on it. I notified the sender and sent her a list of the domains and she contacted her host and now that IP address only lists 2 domains hostgator.com and www.hostgator.com

host hostgator.com
hostgator.com has address 50.23.69.98
hostgator.com mail is handled by 10 mail.hostgator.com
whois 50.23.69.98
[Querying whois.arin.net]
[Redirected to rwhois.softlayer.com:4321]
[Querying rwhois.softlayer.com]
[rwhois.softlayer.com]
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)
PTR 50.97.99.189 50.97.99.189-static.reverse.softlayer.com

argh – softlayer and the websitewelcome folks

They have a terrible reputation for being a spam farm!
http://www.spamhaus.org/sbl/listings/softlayer.com

They can not even defend themselves on their own site – see the comments below their article.
http://blog.softlayer.com/2012/tips-from-the-abuse-department-know-spam-stop-spam/

here is the subnet:

50.97.99.184 vps645.hostgator.com.99.97.50.in-addr.arpa
50.97.99.185 vps644.hostgator.com.99.97.50.in-addr.arpa
50.97.99.186 vps643.hostgator.com.99.97.50.in-addr.arpa
50.97.99.187 vps642.hostgator.com.99.97.50.in-addr.arpa
50.97.99.188 vps641.hostgator.com
50.97.99.189 50.97.99.189-static.reverse.softlayer.com
50.97.99.190 chevrolet.websitewelcome.com
50.97.99.191 50.97.99.191-static.reverse.softlayer.com

But wait there is MORE…. read this!

Share This

Share this post with your friends!