Spam tsunami

pvmb · ‎12-02-2014

@M-M wrote:

Yes and enmail.co should have blocked it as a it comes from a blacklisted mailserver instead it forwards to plusnet. Plusnet should blacklist enmail.co servers, which I did i.e. reported to spamhaus.

But who says it is coming from a blacklisted "mailserver"? It's apparently coming from an IP address, in a domain belonging to Uzbektelecom. It is for them to deal with spammers originating within their control. You could try contacting them directly.

% Abuse contact for '198.163.193.0 - 198.163.193.255' is 'email@bkm.uz'

Also note the sender is using a spoofed, possibly valid, Plusnet email address. It seems impractical for a mailer to block every single IP address spam has ever been sent from - even if practicable it could end up with very many individuals unable to send out any emails! This is surely done on a domain basis. Which brings us back to the topic of people on Plusnet accounts unable to send messages to other people.

Received: from [198.163.193.190] (unknown [198.163.193.190])
by mail.enmail.co (Postfix) with ESMTP id DC570C0049
for <user@lastname.plus.com>; Sun, 3 May 2026 07:51:17 +0000 (UTC)
Authentication-Results: mail.enmail.co;
dkim=none;
spf=softfail (mail.enmail.co: 198.163.193.190 is neither permitted nor denied by domain of user@lastname.plus.com) smtp.mailfrom=user@lastname.plus.com;
dmarc=fail reason="No valid SPF, No valid DKIM" header.from=plus.com (policy=none)
Received: from wurggqe ([60.220.73.164]) by 15751.com with MailEnable ESMTP; Sun, 3 May 2026 12:51:27 +0500
Received: (qmail 54451 invoked by uid 544); 3 May 2026 12:51:25 +0500
From: user@lastname.plus.com
To: user@lastname.plus.com

I assume it is being correctly identified as "Spam" by the Greenby system?

M-M · ‎07-05-2022

If you do a DNS blacklist check against the mailserver IP you will see it is listed in the XBL and CSS blacklist as well assome other lists as a server distributing SPAM and exploits.

Checking: 198.163.193.190 []
-------------------------
[LISTED] 198.163.193.190 on zen.spamhaus.org → 127.0.0.11 (PBL (Policy Block List))
[LISTED] 198.163.193.190 on zen.spamhaus.org → 127.0.0.4 (XBL (Exploits Block List))
[LISTED] 198.163.193.190 on zen.spamhaus.org → 127.0.0.3 (CSS (Spamhaus CSS))
[OK] 198.163.193.190 not listed on bl.spamcop.net
[OK] 198.163.193.190 not listed on b.barracudacentral.org
[OK] 198.163.193.190 not listed on dnsbl.sorbs.net
[LISTED] 198.163.193.190 on cbl.abuseat.org → 127.0.0.2
[OK] 198.163.193.190 not listed on psbl.surriel.com
[LISTED] 198.163.193.190 on dnsbl-1.uceprotect.net → 127.0.0.2

Most ISPs rely on such blacklist to stop the distribution of SPAM. enmail.co i.e. Greenby does not.

Markus

Townman · ‎22-08-2007

Images awaiting approval for this thread disclose personal information (email addresses). Personally I am not inclined to release them - one for @James_B

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

If this post helped, please click the Thumbs Up and if it fixed your issue, please click the This fixed my problem green button below.

James_B · ‎10-09-2024

That's absolutely the right thing to do, @Townman

Please remember not to share personal information in this public forum folks.

James

john_chandler · ‎09-06-2020

I've started getting the exact same spam message as of today - deleted 12 so far this morning, but they keep coming in.

Spam tsunami

Re: Spam tsunami

Re: Spam tsunami

Re: Spam tsunami

In another browser tab, login into the Plusnet user portal BEFORE clicking the fault & ticket links

Re: Spam tsunami

Re: Spam tsunami