Did the SpamCop Blacklist (SCBL) block your email?

Frustrating, I know.

The SpamCop Reputation Block List (bl.spamcop.net)  lists IP addresses reported by SpamCop users.    SpamCop uses also uses spamtraps.  Spamtraps are email addresses that spammers have harvested or created, but the owner of these email addresses never used, so any email sent to them is spam.

You may say:

I did not send any spam.

Well, perhaps you did not but your server did.

If your server’s IP is on the SpamCop block list, your server is sending spam — usually large amounts of spam.  False positive rates on SpamCop are low thanks to a reputation system they use to list IPs.  Generally, if your IP is on their list, you have a spam problem.

Ready to remove your IP from the SpamCop Blacklist?  Here’s how:

    1. Check your IP at SpamCop.net.
    2. Discover why your IP is on the block list.
    3. Complete the SpamCop Blacklist Removal Form.
    4. Verify Blacklist Removal.
    5. Summary
TL;DR
Make sure your server is not sending spam, that you authenticate your email, and then submit the SpamCop Blacklist Removal Form.

1. SpamCop Blacklist Check

Typically, you will first discover you are on the block list by receiving a bounce with an error similar to this:

2020-01-30 09:57:10 H=o897.em.app.postmates.com [167.89.54.194]:18898 I=[198.15.70.42]:25 X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no F=<bounces+3633940-e5d9-admin=attorneysrealty.com@em.app.postmates.com> rejected RCPT <some@somehwere.com>: "JunkMail rejected - o897.em.app.postmates.com [167.89.54.194]:18898 is in an RBL: 
Blocked - see https://www.spamcop.net/bl.shtml?167.89.54.194"

The exact error in the email bounce varies as the recipient’s server can set custom messages, but usually, you will see a reference to the http://www.spamcop.net/ site.

To confirm your IP is on the blocklist, you need to run a SpamCop Blacklist check.  If your IP is on the list, you will see the following:

spamcop blacklist

 

2.  SpamCop’s cause of listing

Unlike some RBLs, SpamCop will tell you why you are listed.

In the example above, SpamCop lists:

  • System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)
  • SpamCop users have reported system as a source of spam less than 10 times in the past week

The #1 reason for SpamCop blacklisting your server is a security breach, either a compromised user account or web application that is sending spam.

The primary sources of the spam are:

  • Compromised user accounts.
  • Insecure contact forms.
  • Compromised web applications.

Compromised users accounts usually send 1000’s of emails.  By reviewing your email logs or mail statistics, you can easily find the user.   One quick way to find the user is to look for a large number of logins to the SMTP server.   The login string differs between servers, but if you search for the string, you can usually quickly spot the compromised user.  The compromised user will have 100’s if not 1000’s of logins from varying IPs.

While security has improved, web contact forms remain a constant source of spam.  Some forms allow passing of the recipient email via the URL, these forms are prime targets for spammers.

Web application exploits can be more difficult to track down. Malware scanners and web server log analysis usually reveal the source.  Some systems, such as cPanel, will add useful information to the email headers.  So if you can find a bounced email, inspecting the headers may allow you to identify the exploit.

3. SpamCop Blacklist Removal Form

Fixing the source of the spam is the hard part, unlike the Gmail blacklist, SpamCop’s removal process is quick and easy.

Automatic Removal

In fact, SpamCop will automatically remove your server’s IP if there are no ongoing reports of spam.  In the lookup report, they will tell you how long before your IP will drop off the list.  The time depends on the volume and timing of spam reports.

Express Delisting

Unless your system has a very low sending reputation, you can request an express blacklist removal.  To do so, just check the box on the form after you lookup your IP address:

spamcop blacklist removal

 

Just submit the form and you IP will be removed.

Problematic IPs

If your IP or your IP range frequently triggers the SpamCop Blacklist,  you will not be able to expedite removal.  You must stop the spam and wait for the listing to expire.   If waiting does not resolve the issue, you can dispute the listing by contacting SpamCop.

4. Verify SpamCop Blacklist Removal

Send an email — that’s the easiest way to check for removal.
You can run the SpamCop Blacklist check tools again. The tool should show your IP is not listed.

spamcop blacklist check

5. Summary

Removing your IP address from the SpamCop blacklist is easy, but if you fail to stop the spam, your IP will be relisted.  If re-listed multiple times, you may find it difficult to get your IP removed.

Blacklisted elsewhere?  See our email blacklist removal posts on for details on how to remove your server IPs from other email block list.

Menu
add_action('init', 'use_jquery_from_google');