cancel
Showing results for 
Search instead for 
Did you mean: 

My email is being returned marked as Spam, on the Spamhaus Server

Lionel
Hooked
Posts: 5
Thanks: 1
Registered: ‎01-11-2017

My email is being returned marked as Spam, on the Spamhaus Server

I am having emails today being bounced back to me, gone to the Spamhaus site and getting this message -

 

"Blocklist Removal Center"

 

"91.109.11.103 is listed in the XBL"

Can anyone explain how I go about having this IP removed from this list?

 

Thanks

 

 

I'm afraid I wasn't able to deliver your message to the following addresses.


This is a permanent error; I've given up. Sorry it didn't work out.


Connected to 104.47.8.33 but sender was rejected.


Remote host said: 550 5.7.1 Service unavailable, Client host [91.109.11.103] blocked using Spamhaus. To request removal from this list see http://www.spamhaus.org/lookup.lasso (AS3130). [AM5EUR03FT004.eop-EUR03.prod.protection.outlook.com]

 

 

 

8 REPLIES
Lionel
Hooked
Posts: 5
Thanks: 1
Registered: ‎01-11-2017

Re: My email is being returned marked as Spam, on the Spamhaus Server

All my email today is being bounced back to me. Just had another 5 failure notices like this........

 

 

 

"I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.


Connected to 94.136.40.151 but sender was rejected.
Remote host said: 550-ATLAS(2503): 91.109.11.103 is blacklisted and not authenticated. Please
550-request delisting via the following link:
550 https://www.spamhaus.org/query/ip/91.109.11.103."

 

 

Community Gaffer
Community Gaffer
Posts: 13,495
Thanks: 1,220
Fixes: 96
Registered: ‎04-04-2007

Re: My email is being returned marked as Spam, on the Spamhaus Server

That IP belongs to Webfusion, not Plusnet. Are you sending from a non-Plusnet email address? If so, you need to have a word with your email host.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

Lionel
Hooked
Posts: 5
Thanks: 1
Registered: ‎01-11-2017

Re: My email is being returned marked as Spam, on the Spamhaus Server

OK - thank you.

I will check with email provider.

Plusnet appeared in part of the bounced message so I was not sure where the problem lies.



--- Below this line is a copy of the message.

Return-Path: <MY EMAILADRESS>
Received: (qmail 9176 invoked from network); 1 Nov 2017 14:13:30 +0000
Received: from myusername.plus.com (HELO mac-c82a14332280.lan) (84.92.210.50)
by tattoo.co.uk with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 1 Nov 2017 14:13:30 +0000



Superuser
Superuser
Posts: 9,815
Thanks: 1,189
Fixes: 68
Registered: ‎06-04-2007

Re: My email is being returned marked as Spam, on the Spamhaus Server

Your Plusnet address appears in the returned message because the email is being sent with that as the "sender" address (probably copied from the From header). Your Internet connection is from Plusnet. However emails are being sent using 123-reg/Webfusion services meaning they are responsible for any spam marking of your messages.

David
Lionel
Hooked
Posts: 5
Thanks: 1
Registered: ‎01-11-2017

Re: My email is being returned marked as Spam, on the Spamhaus Server

Thank you.

I am talking to 123 Reg Support.

They suggest is the MX record settings, but when I checked, they are already set to what 123 Reg told me they should be set to.

I have been getting a lot of emails bounced back to me that I have not sent, with random names@mydomain.co.uk.

A Hundred at least last week, probably five hundred through last month.

 

So someone is creating fake emails for my domain, I thought that this may be part of the problem that my domain is on a blacklist.

Most are marked 

 

MAILER-DAEMON@mydomain.co.uk and say that the message contains a virus.

 

 

 

 

 

 

 

 

 

Superuser
Superuser
Posts: 12,772
Thanks: 4,031
Fixes: 26
Registered: ‎22-08-2007

Re: My email is being returned marked as Spam, on the Spamhaus Server

Email address spoofing is rife see https://en.wikipedia.org/wiki/Email_spoofing

Cleaning up from here is not going to be painless - if your DNS provider supports TXT records (Plusnet does not) you can start to mitigate things by creating a SPF record which informs any MTA which seeks to check which SMTP servers are authorised to send email on behalf of your domain.

Are you running your own email server?

You should use some appropriate technology to do a good scan of your PC to check for virus and malware infection.

Lionel
Hooked
Posts: 5
Thanks: 1
Registered: ‎01-11-2017

Re: My email is being returned marked as Spam, on the Spamhaus Server

Thank for you comment.

 

Running own server.

My server I.P. is listed as OK on MX Toolbox.

 

My domain is not listed on Spamhaus

 

 

The server team are looking into removing their IP from the blacklist.

The IP that is showing as blacklisted is the service provider main IP address, that shows as blacklisted on CBL. Host karma Black and Spamhaus ZEN.

 

My server IP is not listed anywhere when I search MX  Toolbox.

 

It's all a bit confusing, I am trying to understand how all this works.

 

 

 

 

 

 

 

 

 

 

 

 

Browni
Aspiring Hero
Posts: 2,291
Thanks: 787
Fixes: 46
Registered: ‎02-03-2016

Re: My email is being returned marked as Spam, on the Spamhaus Server

It may not be listed on MXtoolbox but it is listed on CBL.

91.109.11.103 is listed

This IP address was detected and listed 53 times in the past 28 days, and 0 times in the past 24 hours. The most recent detection was at Sun Oct 22 08:45:00 2017 UTC +/- 5 minutes

This IP is infected (or NATting for a computer that is infected) with an botnet that is emitting email spam. The infection is probably darkmailer2.

This is a spambot that attempts to break into other systems using stolen or compromised credentials and sends VERY VERY large volumes of spam.

Most forms of this botnet are called "Stealrat".

The infected machine is probably Linux, FreeBSD or some other form of UNIX, but sometimes Windows machines are infected.

This is real. This MUST BE FIXED before we delist this IP. We have zero tolerance for reinfections.

 

I must have been really bad in a previous life as this was my 3rd ISP in a row that used lithium.
Now you're stuck with me because my new ISP doesn't run a forum Cheesy