Robert Coulson
ID Login: Robpats
password Gopats7777777
patsfan515@yahoo.com  only thing that needs to be real.
4000 West Mcnab Rd
Fort Lauderdale
State Florida
Zip 33306
County Broward
954-317-299
business phone use lawyer number
Cell 954-317-2996
Security Question: Favorite teacher
Security answer: Green
 

 

 


I have sent follow ups to consumers who have opted into receive informaiton . I have no idea why i am has been marked as a spam etc. We kindly review our mail server logs and didn't find any spam or hack clues. We perforemed antivirus scan and security review. Please either send some my spam mails examples or delist us."

I appreciate that fact that you brought this to our attention. We had looked into this problem and we found a virus that was sending email from the site. We spent some pain staking time removing the virus from this site and we also set up a fire wall. This problem should never happen again. In fact this site is rarely used to send email at all. The mail server is set up to communicate with our clients. Luckily the virus was not passed to any of our clients. We were not initially aware how venerable the server was until now. We have taken all the necessary actions to see that this does not happen again in the future. I respectfully request any direction from your company that will help us get removed from your blacklist in a timely manner. Once again we appreciate the fact that you pointed out the virus on our server before more damage has been done.

Warmest regards,


Hello staff,

My name is Natalee and I am in charge of the Milford Medical Center Patient communication center. I noticed that for some reason our ips have a bad reputation. Here are the ips I am referring to 68.71.48.148, 68.71.48.149, 68.71.48.150. I am not sure how or why this has happened no one in this department/the entire medical staff sends any kind of spam. The ips are set up purely to contact our patients. I am sure that this has happened in error. If you have any questions please contact me. Please let me know what my next step is to resolve this matter. Thank you very much and happy holidays.


Use if server shows spam for more than a year.

Hello staff,

My name is Rob. You like me, are probably very busy and do not have time for spam related issues. I have had this server for a few years now and it has definitely been a learning process. A few months back I realized that I had what is called an open relay. I was not really sure how that meant, because I am not that tech savvy and I had someone set up my mail server. I did however find where the security section was and was able to close the relay. I thought that this would end all problems. It has been several months since the relay was closed and this week I noticed that my emails were not receiving until days later. I was wondering what would cause the delay. I thought it was just an internet thing. Finally I looked at the mail server and there was a ton of email in the mail server queue. I deleted the mail that was in the queue and it would just populate again and again. This happened for hours until there was no more mail in the queue. Again I was naive to think that I solved the problem. But the next day I saw more mail in the queue. I changed the email address after noticing the hacker was using an info@ address. I changed it to information so no more of the spam could be sent from info. I changed the passwords to the server and email addresses. The problem still continued. Finally, my host suggested that I switch to mail-enable so I discontinued the SMTP service in the old mail server. Mailenable seems to be much more secure and I have not seen any forced email in almost a week now. I was waiting to write to your team, until I knew the problem had stopped. I did not want to get delisted only to find that the problem continued. I can say with confidence that there are no backdoors in the new software and that I have not seen any email being sent from the new mail server. I would like to take this time to delist my ip. I will be following the server daily now. If I see anything in the mail queue that is not mine I will immediately shut down the SMTP process and make sure things are secure prior to enabling it again. I appreciate your time and consideration.

Warm regards,

 

I just logged into this portal to ask you about a bunch of folders I found on the desktop. Did your staff get on my server. The only person besides myself that knows about my password was one of your techs. I have nothing to do with the spam email. NOTHING AT!! This worries me. I just barely got this server and people have been putting files on it and now I am reading a message from you explaining my server is sending spam. Oh my what a mess. Now I wish I looked at the folders on desktop before I deleted them. I will say I did hesitate because I was afraid it may have been server updates/software your team put on desktop. If it was from your team I apologize but I got rid of the files. I need IIS set up but before I upload any of my webpages I need to make sure that this server is secure. I am changing the passwords. Tomorrow I will look for and run anti-malware programs on the server. Would it be easier to just set up a installation of the operating system?

 

I definitely did not send spam. I didn't even send email. I want to make sure that I this does not happen again so I can asking for you help. Can you tell me how this might be possible? Last month we noticed that our mail server had an open relay, so we closed it and things seemed like they were fine for weeks. Today I found out that we were listedl I logged onto the server and the first thing that I noticed was a popup that said malicious software was removed. After that I opened the mail server only to find the relay open again. Could there be a program that can get into my mail server and change settings. I certainly hope not. I have no experience with hackers or hijackers so many your team can help. For now I am going to change my passwords. Please share with me any security measures that you may think will help

Thank you for your email. I am not sure what to make of all the mumble jumble. I am not very technical and I do not know what all the crazy text means. I did notice that our domain name appeared in the elaborate code. Why is our domain name there? Can you help me? I got another email today regarding the same type of subject. I know for a fact that we have not used the email yet. How is it possible that it would be sending spam. How do I stop this from happening. We are building our brand and the last thing I want to see is our domain names related to spam. Our reputation is important to us. My web tech was going to put up our websites very soon. He is presently on vacation but should be back Tuesday. I don’t know what to do until then. Please, Please, Please help me. It is just me here and I don’t know how to stop what is going on. I appreciate any advice you can give me. Thanks again.

Tara

 

You have no idea how aggravated I am at this point. My webmaster is almost done with our page and we were about to put it up on the server. We may have to get a new server. Do I have to change the passwords every day? That will certainly be annoying. I also noticed when I logged onto the server and the first thing that I noticed was a popup that said malicious software was removed. Is this your software? Could it have handled the problem? I have no experience with hackers or hijackers so maybe your team can help. For now I am going to change my passwords again and perhaps every Monday.

I am at a loss for words. If somebody told me before I rented a server that I would have to go through this I would never have believed them. I personally had no idea how damaging a server could be to a company. I am wondering if I signed up for more than I can handle with this server and I am strongly considering just canceling. Is it possible that this might not happen with another server company or is this standard for all companies? I am forwarding this email to my tech guy in hope that he may have some insight to stop this insanity. I appreciate all of the help your team provided. In the mean time we are changing all of the passwords. I read online that Bruteforce attacks and exploit of server vulnerabilities is a common issue. How can this be stopped? Please share with me any security measures that you may think will help.

Thank you for this email. It is definitely important to find these problems sooner than later. I have no problem submitting delisting info to the sites below. But I am more concerned that this is becoming a problem. I want to make sure that I do not have to do this again. Can you tell me how this might be possible? Last month we noticed that our mail server had an open relay, so we closed it and things seemed like they were fine for weeks. Today I received your email below and after reading the email I logged onto the server and the first thing that I noticed was a popup that said malicious software was removed. After that I opened the mail server only to find the relay open again. Could there be a program that can get into my mail server and change settings. I certainly hope not. I have no experience with hackers or hijackers so many your team can help. For now I am going to change my passwords. Please share with me any security measures that you may think will help. Here is the status of the ips.

I was told that this problems stopped. You have no idea how aggravated I am at this point. My webmaster is almost done with our page and we were about to put it up on the server. We may have to get a new server. We changed the passwords and the problems stopped. Do I have to change the passwords every day? That will certainly be annoying. I also noticed when I logged onto the server and the first thing that I noticed was a popup that said malicious software was removed. Is this your software? Could it have handled the problem? I have no experience with hackers or hijackers so maybe your team can help. For now I am going to change my passwords again and perhaps every Monday. It seemed to have helped a bit last time. Please share with me any security measures that you may think will help.

Hello Sir/Madam,

I appreciate that fact that you brought this to our attention. We had looked into this problem and we found a virus that was sending email from the site. We spent some pain staking time removing the virus from this site and we also set up a fire wall. This problem should never happen again. In fact this site is rarely used to send email at all. The mail server is set up to communicate with our clients. Luckily the virus was not passed to any of our clients. We were not initially aware how venerable the server was until now. We have taken all the necessary actions to see that this does not happen again in the future. I respectfully request any direction from your company that will help us get removed from your blacklist in a timely manner. Once again we appreciate the fact that you pointed out the virus on our server before more damage has been done.

Warmest regards,

Hello abuse department,

I will be happy to provide you with a date and time stamp from which each spam complaint originated. I just need the email address of the spam complaint. I maintain my business professionally and I am in full compliance with the 2003 can spam act and all acceptable use policies.

You will not find any files on our site that violates anything listed in your terms and agreements. We do not have gambling/pornography material. All of our creatives have an electronic and postal opt-out to be removed from the list. We only send email to those who have requested it or is our clients.

We support all spam laws including the 2,003 can-spam act. We are also members of the anti-spam group. We send all of our email through a universal optout system. www.thedonotemaillist.org (this is the internets version of the do not call list.

For the most part the server is used for hosting images or web content. We do not use this server to mail much email. We have had this server for years. This is the first time we have had any problems relating with this server.

There has been no violation of the can-spam act or spam etiquette. We provided our client a means to email to our opt-in list and that is their only involvement. Further more the list that we mailed was sent to a DOUBLE opt-in list and had proper opt-out procedure postal and electronic. I think that the only appropriate process would be the provision of the email addresses from the complaints. From there I can send you evidence on my end that the email was not unsolicited. Otherwise this is a one sided process. With today’s fast passed web and short memories ISP’s make it easier for people to complain that to opt-out of the list. Please let me know the next appropriate steps necessary to close the cases that resulted form my email and resolve this issue. Thank you, I do appreciate all of your assistance. Please get back to me soon so we can clear this up. Thank you very much

First go to the SORBS website at http://www.de.sorbs.net/lookup.shtml and check to see if your email server is listed in the database.
If it's listed send an email to keysreq@sorbs.net, make sure your email contains the following information.
**NOTE** All email must be sent from the black listed email server.

From: <postmaster@YourBlacklistedDomain>
Subject: Key request.

keys for ip: Your.Email.IP.Address

After SORBS sends you a reply with your de-listing key you must send another email in the following format.
To: < retest@stealth.sorbs.net>
From: <postmaster@YourBlacklistedDomain>
Subject: Paste Your De-Listing Key Here
 

http://dnsbl.invaluement.com/lookup/

IBM DNS Blacklist
 

  TRUNCATE

 

 

 


click remove IP

enter ip:

Click here link.

ENTER CAPTCHA AND CLICK REMOVE.

 


support@sorbs.net

Do not waste your good message on the first try to get removed. Send them a quick and simple message saying you found the problem with the server and the spam will no longer continue. Then send them the red rebuttal above.  The reason I say this, if you have sent a lot of spam it will only get rejected via an automated system that will ask you to send another email explaining why you should get removed. It will look like this.

Network 69.64.72.175/32: This host has not been previously delisted but has more than 10 previous listings

We are setting this ticket to 'Rejected', as an action is required
in your part before we can update our lists regarding the IP address(es)
you wrote to us about.
 
Action required: As you are requesting a delisting of an IP/Network
that has either sent spam recently or has sent so much spam that it
exceeds our preset thresholds you must reply to this message justifying
your cause and why you think you should be delisted.
Someone will then review your case and reply accordingly.
 
Thank you
Son of Robbie the Robot on behalf of SORBS Support
SORBS Support

 





You will get an email with a link. Click on the link. From there enter the created user name and password.  When logged in click on http://support.sorbs.net/ it will take you to the following page

 

Enter your login information again and click on new ticket.

click on delist and ip.

enter IP and hit continue

Click on proceed.

Click on get help/support.

Enter Reason for delisting.

For SORBS delisting .
Please register at SORBS here http://www.sorbs.net/lookup.shtml?69.64.72.56 .
Then login to site http://www.sorbs.net from the RDP session at server and send delist request.
1. You have to register at http://www.sorbs.net  first . 2. send me your sorbs account credential and i'll send delist request

[8/18/2017 2:24:10 PM] J. Foster P.: sorbs wants to know
Autonomous Systems Number
[8/18/2017 2:24:19 PM] J. Foster P.: not sure what to enter in that spot
[8/18/2017 2:25:37 PM] Rasil Minigaliev: Not sure what it is. You can use any fake data at registration. Only email address should be real .

A refusal looks like this.

This host has not been previously delisted but has more than 10 previous listings

We are setting this ticket to 'Rejected', as an action is required
in your part before we can update our lists regarding the IP address(es)
you wrote to us about.

Action required: As you are requesting a delisting of an IP/Network
that has either sent spam recently or has sent so much spam that it
exceeds our preset thresholds you must reply to this message justifying
your cause and why you think you should be delisted.

Someone will then review your case and reply accordingly.


Thank you

Son of Robbie the Robot on behalf of SORBS Support
SORBS Support

 

This blacklist does not offer any form of manual request to delist. Your IP Address will either automatically expire from listing after a given timeframe, or after time expires from the last receipt of spam into their spamtraps from your IP Address.

FREE OF CHARGE REMOVAL:
There is no need for you to request removal, if you do not want to pay.

Every IP address temporary listed as Level 1 expires automatically 7 days after the last spam email from it hits our SPAMTRAPS.
This means your IP address will be removed, lesson learned, no more spam from your computer.

PAY FOR IMMEDIATE REMOVAL:
If you do not want to wait 7 days, or it is more cost effective for you, request for a paid “immediate removal” service can be made.
The fee for this is per IP address. Payments are only accepted by Paypal or Moneybookers.
Removal will be done manually as soon as your payment is confirmed.
Click here if you want to request a paid removal.

You need to get your host to take care of this if it is not level 1. Send the the red rebuttal above.

 



you just have to wait, it's entirely automatic. Did you fix the problem with misdirected bounces?
Easiest, submit your info and they send you a ticket code. deputies@admin.SpamCop.net.
In your email to them, be sure to include:

A. The IP address that is currently listed.

B. A note to the effect that this is, in fact, a
double opt-in list.

C. Whatever data you have about your subscribers that
you could provide to them to get the block lifted.
While they will not usually give you the email
address of the complainer, they do occasionally
contact the complainer to ask for the email
address that received the offending message.

D. If you have that subscriber's specific opt-in
information, having pieced together the
subscribing email address from clues left in the
original message, send it along, as well.

== > Prevent Being Blind-sided by a SpamCop Listing

Have yourself added as an interested 3rd party to the reporting
scheme so that you receive the same reports your ISP receives,
at the same time. Have your techies do that at:
http://spamcop.net/fom-serve/cache/94.html

Or write to deputies@admin.spamcop.net, and ask them to do it
for you.
 

very important for delivery to gmail to unblock from gmail https://support.google.com/mail/contact/msgdelivery

 

TOOLS
https://www.whatsmydns.net/#TXT/ycapartners.info
https://mxtoolbox.com/diagnostic.aspx to test email.
https://www.mail-tester.com/ to test spammyness and delivery
https://mxtoolbox.com/blacklists.aspx to test for blacklists
https://www.spfwizard.net/ to test spf 

DNS/HOST
http://1and1.com 
https://www.namecheap.com/?gclid=Cj0KCQjwjN7YBRCOARIsAFCb934Ruqfr2G0zOPYu6qMl_p3MuafF9_O8x9i-C88ltnXuSzX5v7NoLEAaAqrDEALw_wcB  
https://www.gotonames.com/login 
www.Register.com
www.godaddy.com
Notepad
HOST
Codero         services/my services/right magnifying glass options under server/ primary dns middle of page, secondary bottom         
Globotech

DKIM

Merak does not support as i said it's all related to your old server . 1. It's doesn't support ssl properly, 2, It doesn't support DKIM .

 

SPF
https://www.spfwizard.net/
These are the ips 69.64.65.159
69.64.65.252
69.64.65.200
69.64.65.44
Is there a txt generator or something like that I can use to know the code for my servers?
v=spf1 a mx ip4:69.64.65.159 ip4:69.64.65.252 ip4:69.64.65.200 ip4:69.64.65.44 ~all

[8/22/2017 5:41:50 PM] Rasil Minigaliev: You can use something like this site for SPF ercords https://www.spfwizard.net/
[8/22/2017 5:42:44 PM] J. Foster P.: can you tell me what the code for my next group of ips would be?
[8/22/2017 5:43:14 PM] Rasil Minigaliev: you could use all this ips if you not sure
[8/22/2017 5:44:35 PM] Rasil Minigaliev: v=spf1 a mx ip4:69.64.65.159 ip4:69.64.65.252 ip4:69.64.65.200 ip4:69.64.65.200 ~all

SSL/TLS
Hello . Finally i 've findout the issue .
Since your mailserver version is pretty old some how TLS part is corrupted. You have installed merak 8 version and current version is 11. https://www.mail-tester.com/web-tzsoe
Dkim signing also doesn't supported by your server version.
 

[8/22/2017 5:00:37 PM] Rasil Minigaliev: Since your mailserver version is pretty old some how TLS part is corrupted.
[8/22/2017 5:01:35 PM] J. Foster P.: Yes but how did you fix it?
[8/22/2017 5:01:49 PM | Edited 5:00:21 PM] Rasil Minigaliev: disabled TLS at mail sever.

On merak there is still a check box under enable ssl/tls
where did you disable it?

 

1.I've sent delist request to barracusa.

3. Seems record " "v=spf1 a mx ip4: 69.64.72.175 ~all"" still appears . Please remove it .

https://www.whatsmydns.net/#TXT/ycapartners.info

 

[8/22/2017 4:39:13 PM] Rasil Minigaliev: EACH domain you use should have SPF record ! But the domain travelsalediv1.info you used at su0817-eartho-87-a campain have wrong SPF .
[8/22/2017 4:39:49 PM] J. Foster P.: I will enter what ever you tell me
[8/22/2017 4:40:17 PM] Rasil Minigaliev: use same SPF as for ycapartners.info
[8/22/2017 4:41:08 PM] Rasil Minigaliev: v=spf1 a mx ip4:69.64.72.175 ip4:69.64.72.56 ~all

 

 

[8/22/2017 6:25:54 PM] J. Foster P.: Select a queue for your new ticket

DUHL
Dynamic IP Listing and Delisting Request Queue
DUHL Nominations
Nominations for DUHL listings go here, they are move in the Additions queue when investigated and approved.
General
Support Requests Submitted via Webform where user doesn't know the correct queue.
Spam Database
Spam DB Delisting requests
Support
SORBS Enduser Support
[8/22/2017 6:31:56 PM] J. Foster P.: the text record for travelsalesdiv1 still says v=spf1 include:spf.efwd.registrar-servers.com ~all. Is this correct?
[8/22/2017 6:36:40 PM] Rasil Minigaliev: Spam Database
Spam DB Delisting requests

 



Use different name and email for this one

[19.08.2017 3:01:29] Rasil Minigaliev: good
[8/22/2017 6:59:22 PM] J. Foster P.: that is what I wrote for the 2nd email. What was the content of the initial email?

 

what does this mean -2.43 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50%
-1.729 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)it's contentbased analyzers
https://wiki.apache.org/spamassassin/Rules/RAZOR2_CHECK