US Telco Support > AT&T > AT&T Southeast > BellSouth E-mail server Blacklisted?

reply to Gizguy

Re: BellSouth E-mail server Blacklisted?

imf21aec.mail.bellsouth.net [205.152.59.69] and imf24aec.mail.bellsouth.net [205.152.59.72] are outgoing mail servers used by bellsouth customers. The do not have MX records because they do not receive mail for the bellsouth.net domain.

The two mail servers that currently do receive mail for the bellsouth.net domain are:

mx01.mail.bellsouth.net [205.152.58.33] and
mx00.mail.bellsouth.net [205.152.58.32]. These are the actual MX records for bellsouth.net.

There are dozens, if not hundreds of blacklists in use out there. And they use varying criteria for inclusion of IP addresses.

For example, every single residential bellsouth.net IP address (both dialup and DSL) is in the DUL blacklist. These inclusions have nothing to do with any evidence of any spam being sent. The logic for this list is that running mail servers on these IPs is not allowed by the ISP, so any mail coming directly from them is likely problematic. Bellsouth's use of port 25 filtering has largely reduced the usefulness of this portion of the DUL.

Some sites reject mail because the IP sending it reverses to a hostname that does not also have an MX record. This is poor practice since many large ISPs operate as described above and their sending mail server hosts do not have MX records. A site rejecting mail this way would reject 100% of all the mail sent by bellsouth's customers.

And some sites reject mail based on actual spam content, or receiving mail at unknown and unpublished addresses. This could be the result of brute force address guessing commonly used to send spam.

And there are many, many other rationales/designs for blacklists.

thanks

reply to graysonf
I am completely confused which is not all that unusual but maybe you can help me understand.

Please read through what I write carefully because I don't know the right language to try to explain what I'm confused about and I need help talking to the help desk.

What is the difference between the IP address and the server address? I thought that the IP address was what your computer showed to the public as your IP address.

All I know is that until I got accidentally moved to having a dynamic IP address I had no trouble sending email to anyone. Now that my IP address is dynamic, it's a crapshoot as to whether or not I can send email. When I power off the router from time to time (electrical storms, etc.), I am given an IP address at random by bellsouth.

If my emails start getting bounced back to me because the IP I am using is listed in nsorbs, etc.,(like last night), I know that the IP I have been dynamically assigned has been reported by someone as coming from a spammer. I then have to power off my router and power it back on and try sending the same emails again. If the IP I am assigned after powering back on is one that is "good", the email will go, if it is one that has been abused in the past by someone spamming and has been reported to nsorbs,etc., I have to keep powering off the router and powering it back on until I get a good one.

I believe it is my computer IP that is being rejected by the recipient's ISP because in the headers, the numbers listed as being rejected are exactly the numbers of the IP I've been dynamically assigned by bellsouth.

So what I think is happening here is that it is my computer's assigned IP address that is being rejected, and perhaps that is a bellsouth 'server' and I just don't know the correct lingo. That is what worries me. When I talk to the help desk, are they going to understand what I'm saying is the problem? Can you request a specific static IP address? And if so, how can you know one to ask for that has NOT been used in the past by a spammer?

When I call the help desk to get put back on static, how can I ensure that I get my old IP address back (the good one that never got emails bounced back) or one that has not previously been abused by someone?

I have been a member of spamcop for years and go through energetic spurts of turning every single spam in for a day or two before I just get too worn out so I am familiar with the problems associated with spam. I understand why some addresses are blocked by nsorbs and the other organizations like them and I don't have a problem with that. What I think is that before some glitch occurred in the BLS system that caused my account to revert back to 'dynamically assigned IP' I never had any problems sending emails. Now I do. I want my old static IP address back that was what I think of as "clean" in the sense that it hadn't been used by spammers and I never had trouble sending email to people.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com

Your problem is not related to your IP address because you are not allowed to send mail directly from your IP address to any mail server other than mail.bellsouth.net, and the mail being rejected isn't coming from mail.bellsouth.net.

Okay, I'm going to cut and paste the entire header here and maybe you can help me understand what you are saying. The sending IP address that is listed as being rejected was my public IP address at that time dynamically assigned to me (205.152.59.67). Here is the entire header:

Recipient:
Reason: 5.5.1 Rejected, sending IP address 205.152.59.67 is blocked. Details: IP 205.152.59.67 is blacklisted (code 6), info at »blacklist.kpn-cert.nl/bailout

Reporting-MTA: dns; imf19aec.mail.bellsouth.net
Arrival-Date: Thu, 22 Dec 2005 23:43:01 -0500
Received-From-MTA: dns; ibm60aec.bellsouth.net (208.63.194.66)

Final-Recipient: RFC822;
Action: failed
Status: 5.1.1
Remote-MTA: dns; mailhost.hetnet.nl (195.121.6.164)
Diagnostic-Code: smtp; 550 5.5.1 Rejected, sending IP address 205.152.59.67 is blocked. Details: IP 205.152.59.67 is blacklisted (code 6), info at »blacklist.kpn-cert.nl/bailout
Received: from ibm60aec.bellsouth.net ([208.63.194.66])
by imf19aec.mail.bellsouth.net with ESMTP
id
for ; Thu, 22 Dec 2005 23:43:01 -0500
Received: from Karen.sip.bhm.bellsouth.net
([208.63.194.66]) by ibm60aec.bellsouth.net with ESMTP
id
for ; Thu, 22 Dec 2005 23:43:00 -0500
Message-Id:
X-Sender: harperbooks@mail.bhm.bellsouth.net
X-Mailer: QUALCOMM Windows Eudora Version 6.1.2.0
Date: Thu, 22 Dec 2005 22:42:21 -0600
To: "Ben Blomsma"
From: Karen Harper
Subject: Re: Item #6584916504
In-Reply-To:
References:
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="=====================_83387859==.ALT"

reply to bathswife
Are you running your own mail server? From home? On your residential account? I am not familiar with the Bellsouth AUP/TOS, but, personally, I have no problem if you are doing that.

If you are doing that, then you must know a little bit about mail servers, domains, DNS records, MX records, etc. If you are not doing that, then how do you send email? Having your computer's IP address in DNSBLs is only an issue if you are running a mail server from that computer; otherwise, you are using somebody else's SMTP server for your outbound email, and it will be their server's IP address, not yours, which is subject to listing by DNSBLs.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

reply to bathswife
205.152.59.67 is/was not your public IP address. It belongs to one of bellsouth's outgoing mail servers:

Name: imf19aec.mail.bellsouth.net
Address: 205.152.59.67

Your public IP address that was in effect when you sent the mail appears to be:

Name: adsl-63-194-66.bhm.bellsouth.net
Address: 208.63.194.66

This address was not the one used for the basis of the rejection, 205.152.59.67 was.

reply to NormanS

reply to bathswife
You pasted the header from the rejected mail. In that header was the Received: header inserted by the bellsouth mail server that handled your message. That Received header contained your IP address, 208.63.194.66. A reverse lookup of that IP yields adsl-63-194-66.bhm.bellsouth.net.

One very simple way to determine your current IP address is to surf to this link:

»checkip.dyndns.org/

I don't see how it's possible you had an IP address that belongs to a bellsouth.net mail server.

reply to graysonf
Isn't this fun..... two hours after I sent my 12:25pm email a reject message was received - once again reporting the Bellsouth outgoing email with ip address of 205.152.59.69 as the cause of the rejection. Perhaps it takes some time for '»www.us.sorbs.net ' to update the removal of this IP address from '»www.mxtoolbox.com ' , or maybe sorbs.net is rejecting the mail for another reason. In all fairness, it may just be a problem between BellSouth and the receiving email system since all of my other POP mail is not rejecting.

Again as I posted earlier, when I send an POP email to this one recipient from the same PC, with same DSL IP address, but I send it using a non-BellSouth email ID through Google's GMAIL smtp server (outgoing port of 465) the message is not rejected. Similarly if I send the mail using the smtp server of the web hosting company I use (not using port 25) it gets through fine.

So it appears to be a problem within the BellSouth Email system - which many on this forum have reported as being very weak. It even failed when I sent the message using BellSouth's Webmail.

Please note, that regardless of what email address I use (BellSouth, or my personal domain address), the mail rejects for this one recipient only when I use the BellSouth.Net (port 25) mail server. I'm not going to lose any sleep over this as I am now sending all of my POP email via Google's SMTP server and/or my web hosting server. However, if BellSouth ever prevents me from using these alternatives, then I guess I'll switch to an alternative broadband provider.

reply to NormanS
Okay, great diagram and information. At least there is a glimmer of hope that I might understand all of this because I have a place to start.

I can see I am going to have to start reading a bunch of technical stuff to try to understand and you all have been very helpful. I appreciate that.

Yes, it was a bad analogy and really all I was pointing out is that I get more spam now than I ever did before and that turning spammers in hasn't decreased the number of spams I receive every day.

Now that I realize that my ip address doesn't make any difference I am wondering why change it to a static ip address at all.

I have a lot to think about and really, thanks to everybody who has tried to explain all this to me. I'm not a stupid person but understanding this sort of thing is sort of like looking at a map and having a feel for directions and that is a talent I am unfortunately without.
--
jbooksNOSPAM@bellsouth.netremove the "nospam" from the email to email me.mhttp://www.johnsonsusedbooks.com

reply to graysonf

reply to bathswife

reply to Gizguy