- Internet Names for Business Inc. – Hostopia – megamailservers, softlayer and aplus.net do not respond to abuse complaints.
- Logs from megamailservers 184.108.40.206 and 220.127.116.11
When we are blocking mail from our servers our system sends a response back that contains the sender IP address and a link to a form to request an allow or an exception.
When the sender fills out the form and sends us the bounce message an actual human reviews the request. – we do not auto allow – a human actually researches the sender request to see what the issue is.
1) Why was the IP address originally blocked
2) Then we check public blocklists to see if there are other problems or host reputation issues.
Sometimes we discover that an IP block was on a range that an old hosting provider stopped monitoring and sold accounts to spammers for cheap and the whole range got polluted with spammers. When the hosting provider went out of business and the IP range went to a new service provider there is a mess to clean up and we will typically get a flurry of allow requests.
Virtual web hosting is often used on large scale in companies whose business model is to provide low cost website hosting for customers. The vast majority of web hosting service customer websites worldwide are hosted on shared servers, using virtual hosting technology.
The Spammers count on the non-spammers to do the dirty work
Name-based virtual hosting uses the host name presented by the client. This saves IP addresses and the associated administrative overhead but the protocol being served must supply the host name at an appropriate point.
Our goal is to be responsive
Most people do not read the content of the bounce message so frequently the sender has phoned one of our customers because they can not send them email. Our customers direct them to one of the forms for submitting the bounce message.
Today we had one of those – only this was slightly different.
The sender was sending from a gmail account and was not getting a bounce back message.
We do not block gmail accounts as a rule because they are fairly responsive with shutting down spammers on their network.
After many communications to track down what was going on it turned out the sender has a site hosted on HostGator.
They had their email client configured to authenticate through a hostgator account and even when the send sent an email to a gmail account a warning was displayed indicating it was not actually coming from the senders gmail account –
They were sending mail from a server that had 157 domains hosted on it. I notified the sender and sent her a list of the domains and she contacted her host and now that IP address only lists 2 domains hostgator.com and www.hostgator.com
hostgator.com has address 18.104.22.168
hostgator.com mail is handled by 10 mail.hostgator.com
[Redirected to rwhois.softlayer.com:4321]
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-22.214.171.124)
PTR 126.96.36.199 188.8.131.52-static.reverse.softlayer.com
argh – softlayer and the websitewelcome folks
They have a terrible reputation for being a spam farm!
They can not even defend themselves on their own site – see the comments below their article.
here is the subnet: