Solved

are my clients spamming

Posted on 2011-03-11
11
983 Views
Last Modified: 2012-05-11
I am a web designer who offers hosting to my clients, all the accounts are on a shared server at hosygator. Recently some of my clients cannot receive my emails, and I am not spamming. Could the problem be related to  the domains on my shared account (I host about 20 domains with email addresses, and my domain is in the same account.) This is all getting so complicated, I just wanted to help out my clients and only charge them $5 a month to host their small business sites with very little traffic.
0
Comment
Question by:handsun123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 

Author Comment

by:handsun123
ID: 35107453
saw the typo - hostgator!
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 35107605
Hi handsun123,

Unfortunately if one of your clients was spamming, then it is possible that your whole mail server could be blacklisted.

However, if it is not set-up properly (using an SPF record for instance) it could also be greylisted.

You could use a tool to see if you are on blacklists:-

http://www.mxtoolbox.com/blacklists.aspx

Is there a particular domain that these users are on?  For instance Yahoo is quite quick to Greylist if not set-up properly....
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 35107615
Might be worth talking to the IT people at places where your mail is not getting through to see why.

There are also diagnostics on the site I linked to to look at the set-up and identify problems:-

http://www.mxtoolbox.com/diagnostic.aspx
http://www.mxtoolbox.com/spf.aspx

You should have an SPF record and reverse DNS configured for instance.....
0
Veeam gives away 10 full conference passes

Veeam is a VMworld 2017 US & Europe Platinum Sponsor. Enter the raffle to get the full conference pass. Pass includes the admission to all general and breakout sessions, VMware Hands-On Labs, Solutions Exchange, exclusive giveaways and the great VMworld Customer Appreciation Part

 

Author Comment

by:handsun123
ID: 35107728
I had already run the first check and did the ping email and got this response, (Unknown)   was your outbound IP address.

but then I checked your second comment, on the first link the list for my domain is all "ok" with 3 timeouts,

and the spf lookup
      a            Pass      Match if IP has a DNS 'A' record in given domain
+      mx            Pass      Match if IP is one of the MX hosts for given domain name
+      include      websitewelcome.com      Pass      The specified other domain is searched for an 'allow'.
~      all            SoftFail      Always matches. It goes at the end of your record.

The IT person at the business who cannot get my emails has not returned my call for over two weeks, so I am trying to take matters into my own hands because I saw a second email bounce back from another client a few days ago, first time ever: this was the message: (strange thing this had nothing to do with gmail?) (I put the XXXX in)

Hi. This is the qmail-send program at gateway16.websitewelcome.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<XXXXXX@deccahomes.com>:
72.47.228.252 failed after I sent the message.
Remote host said: 550-Possible email abuse detected.  Please see
550 http://kb.mediatemple.net/questions/1685 for details.

0
 
LVL 10

Expert Comment

by:scriven_j
ID: 35107946
qmail, not gmail!  This is an MTA (Mail Transport Agent) used for delivering Emails.  Nothing to do with Google!

Did you check the blacklist link I put in the first Email?

Although from looking at the link included in that response, it could just be mail that LOOKS suspicious.

I would follow the instructions included in the response to see if you can get the mail included.

http://kb.mediatemple.net/questions/1685

If you have Gmail (or similar) yourself, it might be worth sending yourself a message and then checking the header which will have information about what happened when it was SPAM checked.

If you post the mail header here, we can have a look at it.....
0
 

Author Comment

by:handsun123
ID: 35108175
  First of all THANK you so much for your honest and sincere help, second, I xxx'd out the first names just for security issues, probably already showing everything anyway with the numbers but what the heck, if I can clear this problem up here is the header in my gmail account (silly of me q for g!)                                                                                                                                                                                                                                                            
Delivered-To: xxxxxa@gmail.com
Received: by 10.231.19.4 with SMTP id y4cs26688iba;
        Fri, 11 Mar 2011 04:50:44 -0800 (PST)
Received: by 10.52.100.70 with SMTP id ew6mr6777558vdb.95.1299847844330;
        Fri, 11 Mar 2011 04:50:44 -0800 (PST)
Return-Path: <xxxxx@iwebresults.com>
Received: from gateway12.websitewelcome.com ([69.93.82.6])
        by mx.google.com with SMTP id dw3si5444769vbb.9.2011.03.11.04.50.42;
        Fri, 11 Mar 2011 04:50:43 -0800 (PST)
Received-SPF: pass (google.com: domain of xxxxx@iwebresults.com designates 69.93.82.6 as permitted sender) client-ip=69.93.82.6;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of xxxxx@iwebresults.com designates 69.93.82.6 as permitted sender) smtp.mail=xxxxx@iwebresults.com
Received: (qmail 26614 invoked from network); 11 Mar 2011 12:49:14 -0000
Received: from gator793.hostgator.com (174.120.1.2)
  by gateway12.websitewelcome.com with SMTP; 11 Mar 2011 12:49:14 -0000
Received: from [75.91.89.212] (port=51950 helo=[192.168.254.102])
      by gator793.hostgator.com with esmtpsa (TLSv1:AES256-SHA:256)
      (Exim 4.69)
      (envelope-from <xxxxx@iwebresults.com>)
      id 1Py1nm-00008J-8E
      for xxxxxxx@gmail.com; Fri, 11 Mar 2011 06:50:42 -0600
Message-ID: <4D7A1A9F.1060304@iwebresults.com>
Date: Fri, 11 Mar 2011 07:50:39 -0500
From:xxxxxxn <xxxxx@iwebresults.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9
MIME-Version: 1.0
To: xxxxxa@gmail.com
Subject: checking
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator793.hostgator.com
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - iwebresults.com
X-Source:
X-Source-Args:
X-Source-Dir:

0
 
LVL 10

Expert Comment

by:scriven_j
ID: 35108973
OK - I got the IP address from that header and ran it through the Blacklist checker and it shows as being on a couple of blacklists.

http://www.mxtoolbox.com/SuperTool.aspx?action=blacklist%3a69.93.82.6

Here are the blacklist positives:-

http://www.sorbs.net/lookup.shtml?69.93.82.6
http://www.spamcannibal.org/cannibal.cgi?page=lookup&lookup=69.93.82.6

If you follow those links, they should give you information about getting them removed, however, if the source of the problem is not identified / resolved, you will find that you just get blacklisted again.

I would talk to Hostgator about how to identify which domains the Spam is originating from.  I would probably start with a letter to all your clients though outlining the problem and informing them that this affects all your clients and that you are investigating the problem.  This might be enough to scare them into stopping.
0
 
LVL 10

Accepted Solution

by:
scriven_j earned 500 total points
ID: 35109016
A bit more from the above links:-

SORBS.NET

Problem Entries, (listings will cause email problems.)
2 "Spam" entries [Latest: 09:53:08 25 Aug 2010 GMT+10].    
 
Spam Cannibal

Received: from gateway12.websitewelcome.com
(gateway12.websitewelcome.com [69.93.82.6])
  by ns2.bizsystems.net with ESMTP id n72DAInA032457
  for <insulin-pumpers@bzs.org>; Sun, 02 Aug 2009 06:10:39 -0700
(PDT)
Received: (qmail 31795 invoked from network); 2 Aug 2009 13:17:47 -
0000
Received: from eldorado.websitewelcome.com (70.87.136.162)
  by gateway12.websitewelcome.com with SMTP; 2 Aug 2009 13:17:47 -
0000
Received: from fotoaz by eldorado.websitewelcome.com with local (Exim
4.69)
      (envelope-from <fotoaz@eldorado.websitewelcome.com>)
      id 1MXapN-0005rE-Fm
      for insulin-pumpers@bzs.org; Sun, 02 Aug 2009 08:10:17 -0500
To: insulin-pumpers@bzs.org
Subject:
X-PHP-Script: www.foto.azecard.php for 91.121.104.89
Date: Sun, 2 Aug 2009 08:10:17 -0500
From: MaryamParker <insulin-pumpers@bzs.org>
Message-ID: <aef7096f4d667aced6729810c9829c43@www.foto.az>
X-Priority: 3
X-Mailer: PHPMailer [version 1.72]
MIME-Version: 1.0
Content-Type: multipart/alternative;
      boundary="b1_aef7096f4d667aced6729810c9829c43"
X-AntiAbuse: This header was added to track abuse, please include it
with any abuse report
X-AntiAbuse: Primary Hostname - eldorado.websitewelcome.com
X-AntiAbuse: Original Domain - bzs.org
X-AntiAbuse: Originator/Caller UID/GID - [32903 1405] / [47 12]
X-AntiAbuse: Sender Address Domain - eldorado.websitewelcome.com

http://www.foto.az/gallery/displayecard.php?data=YTo5OntzOjI6InJuIjtzO
jEyOiJNYXJ5YW1QYXJrZXIiO3M6Mjoic24iO3M6MTI6Ik1hcnlhbVBhcmtlciI7czoyOiJ
zZSI7czoyMzoiaW5zdWxpbi1wdW1wZXJzQGJ6cy5vcmciO3M6MToicCI7czo1ODoiaHR0c
DovL3d3dy5mb3RvLmF6L2dhbGxlcnkvYWxidW1zL3VzZXJwaWNzL25vcm1hbF9zbmVxLmp
wZyI7czoxOiJnIjtzOjE1OiJzZGVhbXVKWG1ScU1BcUsiO3M6MToibSI7czo2NzA6ImNvb
W1lbnQyLCBbdXJsPWh0dHA6Ly93d3cudHJpLXRyYXZlbC5jb20vVHJhdmVsIFRpcHMtcGF
nZXMvY2hhdDE3Lmh0bWxdaHR0cDovL3d3dy50cmktdHJhdmVsLmNvbS9UcmF2ZWwgVGlwc
y1wYWdlcy9jaGF0MTcuaHRtbFsvdXJsXSwgIDpPTywgW3VybD1odHRwOi8vd3d3LmJvb3R


There might be something here that gives you a clue....
0
 

Author Closing Comment

by:handsun123
ID: 35109238
Thanks again so much I will look into the complaints, I do not recognize anything in the email, but I might need to host my own domain in a separate account just to be sure my clients actions do not affect me. Oh more trouble that I would like to deal with at this point in time!
0
 
LVL 10

Expert Comment

by:scriven_j
ID: 35109577
If you don't recognise anything in those headers, I would definitely run it past Hostgator, it might be another one of their users or something they are able to help you with.  Once the problem is identified / resolved you can ask to be removed from blacklists.  I would exhaust those options before doing anything drastic as it looks like the Spam in question was quite old (9 months ago) and so it might be worth asking to be removed anyway as this is quite old and might be something historic.
0
 

Author Comment

by:handsun123
ID: 35111061
I will call hostgator, thanks again!
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question