Robert Coulson
ID Login: Robpats
password Gopats7777777
patsfan515@yahoo.com
only thing that needs to be real.
4000 West Mcnab Rd
Fort Lauderdale
State Florida
Zip 33306
County Broward
954-317-299
business phone use lawyer number
Cell 954-317-2996
Security Question: Favorite teacher
Security answer: Green
I have sent follow ups to consumers who have opted into
receive informaiton . I have no idea why i am has been marked as a spam etc. We
kindly review our mail server logs and didn't find any spam or hack clues. We
perforemed antivirus scan and security review. Please either send some my spam
mails examples or delist us."
I appreciate that fact that you brought this to our
attention. We had looked into this problem and we found a virus that was sending
email from the site. We spent some pain staking time removing the virus from
this site and we also set up a fire wall. This problem should never happen
again. In fact this site is rarely used to send email at all. The mail server is
set up to communicate with our clients. Luckily the virus was not passed to any
of our clients. We were not initially aware how venerable the server was until
now. We have taken all the necessary actions to see that this does not happen
again in the future. I respectfully request any direction from your company that
will help us get removed from your blacklist in a timely manner. Once again we
appreciate the fact that you pointed out the virus on our server before more
damage has been done.
Warmest regards,
Hello staff,
My name is Natalee and I am in charge of the Milford Medical Center Patient
communication center. I noticed that for some reason our ips have a bad
reputation. Here are the ips I am referring to 68.71.48.148, 68.71.48.149,
68.71.48.150. I am not sure how or why this has happened no one in this
department/the entire medical staff sends any kind of spam. The ips are set up
purely to contact our patients. I am sure that this has happened in error. If
you have any questions please contact me. Please let me know what my next step
is to resolve this matter. Thank you very much and happy holidays.
Use if server shows spam for more than a year.
Hello staff,
My name is Rob. You like me, are probably very busy and do not have time for
spam related issues. I have had this server for a few years now and it has
definitely been a learning process. A few months back I realized that I had what
is called an open relay. I was not really sure how that meant, because I am not
that tech savvy and I had someone set up my mail server. I did however find
where the security section was and was able to close the relay. I thought that
this would end all problems. It has been several months since the relay was
closed and this week I noticed that my emails were not receiving until days
later. I was wondering what would cause the delay. I thought it was just an
internet thing. Finally I looked at the mail server and there was a ton of email
in the mail server queue. I deleted the mail that was in the queue and it would
just populate again and again. This happened for hours until there was no more
mail in the queue. Again I was naive to think that I solved the problem. But the
next day I saw more mail in the queue. I changed the email address after
noticing the hacker was using an info@ address. I changed it to information so
no more of the spam could be sent from info. I changed the passwords to the
server and email addresses. The problem still continued. Finally, my host
suggested that I switch to mail-enable so I discontinued the SMTP service in the
old mail server. Mailenable seems to be much more secure and I have not seen any
forced email in almost a week now. I was waiting to write to your team, until I
knew the problem had stopped. I did not want to get delisted only to find that
the problem continued. I can say with confidence that there are no backdoors in
the new software and that I have not seen any email being sent from the new mail
server. I would like to take this time to delist my ip. I will be following the
server daily now. If I see anything in the mail queue that is not mine I will
immediately shut down the SMTP process and make sure things are secure prior to
enabling it again. I appreciate your time and consideration.
Warm regards,
I just logged into this portal to ask you about a bunch of folders I found on the desktop. Did your staff get on my server. The only person besides myself that knows about my password was one of your techs. I have nothing to do with the spam email. NOTHING AT!! This worries me. I just barely got this server and people have been putting files on it and now I am reading a message from you explaining my server is sending spam. Oh my what a mess. Now I wish I looked at the folders on desktop before I deleted them. I will say I did hesitate because I was afraid it may have been server updates/software your team put on desktop. If it was from your team I apologize but I got rid of the files. I need IIS set up but before I upload any of my webpages I need to make sure that this server is secure. I am changing the passwords. Tomorrow I will look for and run anti-malware programs on the server. Would it be easier to just set up a installation of the operating system?
I definitely did not send spam. I didn't even send email. I want to make sure that I this does not happen again so I can asking for you help. Can you tell me how this might be possible? Last month we noticed that our mail server had an open relay, so we closed it and things seemed like they were fine for weeks. Today I found out that we were listedl I logged onto the server and the first thing that I noticed was a popup that said malicious software was removed. After that I opened the mail server only to find the relay open again. Could there be a program that can get into my mail server and change settings. I certainly hope not. I have no experience with hackers or hijackers so many your team can help. For now I am going to change my passwords. Please share with me any security measures that you may think will help
Thank you for your email. I am not sure what to make of
all the mumble jumble. I am not very technical and I do not know what all the
crazy text means. I did notice that our domain name appeared in the elaborate
code. Why is our domain name there? Can you help me? I got another email today
regarding the same type of subject. I know for a fact that we have not used the
email yet. How is it possible that it would be sending spam. How do I stop this
from happening. We are building our brand and the last thing I want to see is
our domain names related to spam. Our reputation is important to us. My web tech
was going to put up our websites very soon. He is presently on vacation but
should be back Tuesday. I don’t know what to do until then. Please, Please,
Please help me. It is just me here and I don’t know how to stop what is going
on. I appreciate any advice you can give me. Thanks again.
Tara
You have no idea how aggravated I am at this point. My
webmaster is almost done with our page and we were about to put it up on the
server. We may have to get a new server. Do I have to change the passwords every
day? That will certainly be annoying. I also noticed when I logged onto the
server and the first thing that I noticed was a popup that said malicious
software was removed. Is this your software? Could it have handled the problem?
I have no experience with hackers or hijackers so maybe your team can help. For
now I am going to change my passwords again and perhaps every Monday.
I am at a loss for words. If somebody told me before I rented a server that I
would have to go through this I would never have believed them. I personally had
no idea how damaging a server could be to a company. I am wondering if I signed
up for more than I can handle with this server and I am strongly considering
just canceling. Is it possible that this might not happen with another server
company or is this standard for all companies? I am forwarding this email to my
tech guy in hope that he may have some insight to stop this insanity. I
appreciate all of the help your team provided. In the mean time we are changing
all of the passwords. I read online that Bruteforce attacks and exploit of
server vulnerabilities is a common issue. How can this be stopped? Please share
with me any security measures that you may think will help.
Thank you for this email. It is definitely important to find these problems sooner than later. I have no problem submitting delisting info to the sites below. But I am more concerned that this is becoming a problem. I want to make sure that I do not have to do this again. Can you tell me how this might be possible? Last month we noticed that our mail server had an open relay, so we closed it and things seemed like they were fine for weeks. Today I received your email below and after reading the email I logged onto the server and the first thing that I noticed was a popup that said malicious software was removed. After that I opened the mail server only to find the relay open again. Could there be a program that can get into my mail server and change settings. I certainly hope not. I have no experience with hackers or hijackers so many your team can help. For now I am going to change my passwords. Please share with me any security measures that you may think will help. Here is the status of the ips.
I was told that this problems stopped. You have no idea how aggravated I am at this point. My webmaster is almost done with our page and we were about to put it up on the server. We may have to get a new server. We changed the passwords and the problems stopped. Do I have to change the passwords every day? That will certainly be annoying. I also noticed when I logged onto the server and the first thing that I noticed was a popup that said malicious software was removed. Is this your software? Could it have handled the problem? I have no experience with hackers or hijackers so maybe your team can help. For now I am going to change my passwords again and perhaps every Monday. It seemed to have helped a bit last time. Please share with me any security measures that you may think will help.
Hello Sir/Madam,
I appreciate that fact that you brought this to our attention. We had looked
into this problem and we found a virus that was sending email from the site. We
spent some pain staking time removing the virus from this site and we also set
up a fire wall. This problem should never happen again. In fact this site is
rarely used to send email at all. The mail server is set up to communicate with
our clients. Luckily the virus was not passed to any of our clients. We were not
initially aware how venerable the server was until now. We have taken all the
necessary actions to see that this does not happen again in the future. I
respectfully request any direction from your company that will help us get
removed from your blacklist in a timely manner. Once again we appreciate the
fact that you pointed out the virus on our server before more damage has been
done.
Warmest regards,
Hello abuse department,
I will be happy to provide you with a date and time stamp from which each spam
complaint originated. I just need the email address of the spam complaint. I
maintain my business professionally and I am in full compliance with the 2003
can spam act and all acceptable use policies.
You will not find any files on our site that violates anything listed in your
terms and agreements. We do not have gambling/pornography material. All of our
creatives have an electronic and postal opt-out to be removed from the list. We
only send email to those who have requested it or is our clients.
We support all spam laws including the 2,003 can-spam act. We are also members
of the anti-spam group. We send all of our email through a universal optout
system. www.thedonotemaillist.org (this is the internets version of the do not
call list.
For the most part the server is used for hosting images or web content. We do
not use this server to mail much email. We have had this server for years. This
is the first time we have had any problems relating with this server.
There has been no violation of the can-spam act or spam etiquette. We provided
our client a means to email to our opt-in list and that is their only
involvement. Further more the list that we mailed was sent to a DOUBLE opt-in
list and had proper opt-out procedure postal and electronic. I think that the
only appropriate process would be the provision of the email addresses from the
complaints. From there I can send you evidence on my end that the email was not
unsolicited. Otherwise this is a one sided process. With today’s fast passed web
and short memories ISP’s make it easier for people to complain that to opt-out
of the list. Please let me know the next appropriate steps necessary to close
the cases that resulted form my email and resolve this issue. Thank you, I do
appreciate all of your assistance. Please get back to me soon so we can clear
this up. Thank you very much
First go to the SORBS website at http://www.de.sorbs.net/lookup.shtml and
check to see if your email server is listed in the database.
If it's listed send an email to keysreq@sorbs.net, make sure your email contains
the following information.
**NOTE** All email must be sent from the black listed email server.
From: <postmaster@YourBlacklistedDomain>
Subject: Key request.
keys for ip: Your.Email.IP.Address
After SORBS sends you a reply with your de-listing key you must send another
email in the following format.
To: < retest@stealth.sorbs.net>
From: <postmaster@YourBlacklistedDomain>
Subject: Paste Your De-Listing Key Here
http://dnsbl.invaluement.com/lookup/
IBM DNS Blacklist
TRUNCATE |
click remove IP
enter ip:
Click here link.
ENTER CAPTCHA AND CLICK REMOVE.
Do not waste your good message on the first try to get removed. Send them a quick and simple message saying you found the problem with the server and the spam will no longer continue. Then send them the red rebuttal above. The reason I say this, if you have sent a lot of spam it will only get rejected via an automated system that will ask you to send another email explaining why you should get removed. It will look like this.
You will get an email with a link. Click on the link. From there enter the
created user name and password. When logged in click on
http://support.sorbs.net/
it will take you to the following page
Enter your login information again and click on new ticket.
click on delist and ip.
enter IP and hit continue
Click on proceed.
Click on get help/support.
Enter Reason for delisting.
For SORBS delisting .
Please register at SORBS here
http://www.sorbs.net/lookup.shtml?69.64.72.56 .
Then login to site http://www.sorbs.net from the RDP session at server and send
delist request.
1. You have to register at http://www.sorbs.net
first . 2. send me your sorbs account credential and i'll send delist request
[8/18/2017 2:24:10 PM] J. Foster P.: sorbs wants to know
Autonomous Systems Number
[8/18/2017 2:24:19 PM] J. Foster P.: not sure what to enter in that spot
[8/18/2017 2:25:37 PM] Rasil Minigaliev: Not sure what it is. You can use any
fake data at registration. Only email address should be real .
A refusal looks like this.
This host has not been previously delisted but has more than 10 previous
listings
We are setting this ticket to 'Rejected', as an action is required
in your part before we can update our lists regarding the IP address(es)
you wrote to us about.
Action required: As you are requesting a delisting of an IP/Network
that has either sent spam recently or has sent so much spam that it
exceeds our preset thresholds you must reply to this message justifying
your cause and why you think you should be delisted.
Someone will then review your case and reply accordingly.
Thank you
Son of Robbie the Robot on behalf of SORBS Support
SORBS Support
This blacklist does not offer any form of manual request to delist. Your IP Address will either automatically expire from listing after a given timeframe, or after time expires from the last receipt of spam into their spamtraps from your IP Address.
FREE OF CHARGE REMOVAL:
There is no need for you to request removal, if you do not want to pay.
Every IP address temporary listed as Level 1 expires automatically 7
days after the last spam email from it hits our SPAMTRAPS.
This means your IP address will be removed, lesson learned, no more spam from
your computer.
PAY FOR IMMEDIATE REMOVAL:
If you do not want to wait 7 days, or it is more cost effective for you, request
for a paid “immediate removal” service can be made.
The fee for this is per IP
address. Payments are only accepted by Paypal or Moneybookers.
Removal will be done manually as soon as your payment is confirmed.
Click here if you want to
request a paid removal.
You need to get your host to take care of this if it is not level 1. Send the
the red rebuttal above.
you just have to wait, it's entirely automatic. Did you fix the problem with
misdirected bounces?
Easiest, submit your info and they send you a ticket code.
deputies@admin.SpamCop.net.
In your email to them, be sure to include:
A. The IP address that is currently listed.
B. A note to the effect that this is, in fact, a
double opt-in list.
C. Whatever data you have about your subscribers that
you could provide to them to get the block lifted.
While they will not usually give you the email
address of the complainer, they do occasionally
contact the complainer to ask for the email
address that received the offending message.
D. If you have that subscriber's specific opt-in
information, having pieced together the
subscribing email address from clues left in the
original message, send it along, as well.
== > Prevent Being Blind-sided by a SpamCop Listing
Have yourself added as an interested 3rd party to the reporting
scheme so that you receive the same reports your ISP receives,
at the same time. Have your techies do that at:
http://spamcop.net/fom-serve/cache/94.html
Or write to deputies@admin.spamcop.net, and ask them to do it
for you.
very important for delivery to gmail to unblock from gmail https://support.google.com/mail/contact/msgdelivery
TOOLS
https://www.whatsmydns.net/#TXT/ycapartners.info
https://mxtoolbox.com/diagnostic.aspx to test email.
https://www.mail-tester.com/ to test
spammyness and delivery
https://mxtoolbox.com/blacklists.aspx to test for blacklists
https://www.spfwizard.net/ to test spf
DNS/HOST
http://1and1.com
https://www.namecheap.com/?gclid=Cj0KCQjwjN7YBRCOARIsAFCb934Ruqfr2G0zOPYu6qMl_p3MuafF9_O8x9i-C88ltnXuSzX5v7NoLEAaAqrDEALw_wcB
https://www.gotonames.com/login
www.Register.com
www.godaddy.com
Notepad
HOST
Codero
services/my services/right magnifying glass options under server/ primary dns
middle of page, secondary bottom
Globotech
DKIM
Merak does not support as i said it's all related to your old server . 1. It's doesn't support ssl properly, 2, It doesn't support DKIM .
SPF
https://www.spfwizard.net/
These are the ips 69.64.65.159
69.64.65.252
69.64.65.200
69.64.65.44
Is there a txt generator or something like that I can use to know the code for
my servers?
v=spf1 a mx ip4:69.64.65.159 ip4:69.64.65.252 ip4:69.64.65.200
ip4:69.64.65.44 ~all
[8/22/2017 5:41:50 PM] Rasil Minigaliev: You can use something like this site
for SPF ercords https://www.spfwizard.net/
[8/22/2017 5:42:44 PM] J. Foster P.: can you tell me what the code for my next
group of ips would be?
[8/22/2017 5:43:14 PM] Rasil Minigaliev: you could use all this ips if you not
sure
[8/22/2017 5:44:35 PM] Rasil Minigaliev: v=spf1 a mx ip4:69.64.65.159
ip4:69.64.65.252 ip4:69.64.65.200 ip4:69.64.65.200 ~all
SSL/TLS
Hello . Finally i 've findout the issue .
Since your mailserver version is pretty old some how TLS part is corrupted. You
have installed merak 8 version and current version is 11. https://www.mail-tester.com/web-tzsoe
Dkim signing also doesn't supported by your server version.
[8/22/2017 5:00:37 PM] Rasil Minigaliev: Since your mailserver version is
pretty old some how TLS part is corrupted.
[8/22/2017 5:01:35 PM] J. Foster P.: Yes but how did you fix it?
[8/22/2017 5:01:49 PM | Edited 5:00:21 PM] Rasil Minigaliev: disabled TLS at
mail sever.
On merak there is still a check box under enable ssl/tls
where did you disable it?
1.I've sent delist request to barracusa.
3. Seems record " "v=spf1 a mx ip4: 69.64.72.175 ~all"" still appears . Please
remove it .
https://www.whatsmydns.net/#TXT/ycapartners.info
[8/22/2017 4:39:13 PM] Rasil Minigaliev: EACH domain you use should have SPF
record ! But the domain travelsalediv1.info you used at su0817-eartho-87-a
campain have wrong SPF .
[8/22/2017 4:39:49 PM] J. Foster P.: I will enter what ever you tell me
[8/22/2017 4:40:17 PM] Rasil Minigaliev: use same SPF as for ycapartners.info
[8/22/2017 4:41:08 PM] Rasil Minigaliev: v=spf1 a mx ip4:69.64.72.175
ip4:69.64.72.56 ~all
[8/22/2017 6:25:54 PM] J. Foster P.: Select a queue for your new ticket
DUHL
Dynamic IP Listing and Delisting Request Queue
DUHL Nominations
Nominations for DUHL listings go here, they are move in the Additions queue when
investigated and approved.
General
Support Requests Submitted via Webform where user doesn't know the correct
queue.
Spam Database
Spam DB Delisting requests
Support
SORBS Enduser Support
[8/22/2017 6:31:56 PM] J. Foster P.: the text record for travelsalesdiv1 still
says v=spf1 include:spf.efwd.registrar-servers.com ~all. Is this correct?
[8/22/2017 6:36:40 PM] Rasil Minigaliev: Spam Database
Spam DB Delisting requests
Use different name and email for this one
[19.08.2017 3:01:29] Rasil Minigaliev: good
[8/22/2017 6:59:22 PM] J. Foster P.: that is what I wrote for the 2nd email.
What was the content of the initial email?
what does this mean -2.43 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8
confidence level above 50%
-1.729 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)it's contentbased
analyzers
https://wiki.apache.org/spamassassin/Rules/RAZOR2_CHECK