"Yukihiro Matsumoto" <matz / ruby-lang.org> wrote in message 
news:1139959143.551422.16561.nullmailer / x31.priv.netlab.jp...
> Hi,
>
> In message "Re: ruby-lang emails getting blocked"
>    on Wed, 15 Feb 2006 05:16:00 +0900, tsumeruby / tsumelabs.com writes:
>
> |On Wednesday 15 February 2006 05:06 am, Caleb Tennis wrote:
> |> http://www.spamcop.net/bl.shtml?210.163.138.100
> |
> |http://www.spamcop.net/w3m?action=blcheck&ip=210.163.138.100
> |
> |I don't understand, unless someone was using a faked address and actually 
> hit
> |one of the spam traps, how could this happen?
>
> I don't know.  If anyone has any idea, please tell me.  We do want to
> resolve the issue.
>
> matz.

Spammer use random faked return (from) addresses in junk mail headers.  If 
an email with one of the spam trap address as the from was bounced by the 
ruby-lang.org server, spamcops process would see the [bounce] message as 
originating from ruby-lang.org.  I believe the process is totally automated, 
so no human checks to see if the message was a bounce.

Given spamcop's stance on mail management, RFC's, and bounce messages, even 
if that is the case, spamcop would probably still list the server as a spam 
source, because it is sending 'backscatter' spam (the bounce).  IIRC one of 
the RFCs says a delayed bounce using the from address in the message headers 
is not approprite.  It must be bounced during the initial transfer, to the 
originating IP.
See http://www.spamcop.net/fom-serve/cache/329.html for their information on 
auto-responders and bounces

Undeliverable messages should be bounced early like that, but a list server 
that is sending confirmation / authentication messages can get caught in 
some combinations.

Of course as Tsume said, it could be someone attempting to signup from the 
web page using one of the spam trap addresses, and the legitimate 
confirmation request email getting the server listed.  That combination can 
be elimiated if you can use a different server for sending the confirmation 
messages from the one used to send the mailing list messages.  The 
confirmation server would get listed, but the list server would still be 
clear.

I have not been an active user of spamcop for some time.  They used to have 
reasonably helpful people on their own news server.  They do (did) tend to 
be a bit sarcastic with any sort of rant about why 'my' server should never 
have been listed, and 'orders' to get it delisted NOW, or anything they 
viewed as a spammer trying to find a way to 'work' the system.

A polite request for information about the emails that triggered the listing 
(source headers, maybe content, but not the spam trap address), with the 
information from the spamcop block list entry, that you are running a 
mailing list, and expressing a desire to find out what is wrong with 'your' 
system / process could be productive.  Maybe suggest that your signup 
verification may have been the cause.
See http://www.spamcop.net/help.shtml for links to thier NNTP servers. 
Probably the main SpamCop (general) news group is best to start.

-- 
Phil
remove all of the (at)'s to send email