Shaw is Suddenly Blocking Emails - Emails Not Being Received

jc2
Grasshopper

A family member called me to say shaw.ca is blocking emails from them.  This just started happening today.  Prior to today, I had no problems receiving emails from this sender.

Error msg below.  Can someone at Shaw fix this pls?

  • This is an automatically generated message. French will follow.
    The message was not delivered to one or more addresses. The error details are attached.
    ______________________________________________________________
    Ceci est un message généré automatiquement.
    Le courriel n'a pas été envoyé à un ou plusieurs destinataires. Les détails du problème sont en pièce jointe.

    Recipient: 
    Reason: 5.7.1 Mail from IP 184.150.200.79 was rejected due to listing in Spamhaus XBL.
    For details please see http://www.spamhaus.org/query/bl?ip=184.150.200.79

 

Labels (1)
7 Replies

The IP is being blocked by a spam list that Shaw uses, it...

rstra
Grand Master

The IP is being blocked by a spam list that Shaw uses, it is up to the owner of the IP to get it removed. Follow the link you provided, there are some good instructions on what your family member needs to do next.

Reply
Loading...

-- is correct, but Shaw cannot fix it, since the "bad" I...

mdk
Legendary Grand Master

@jc2 -- @rstra is correct, but Shaw cannot fix it, since the "bad" IP-address is allocated to BELL:

Address:  184.150.200.77 / Name:    pop.owm.bell.net
Address:  184.150.200.78 / Name:    webmail.owm.bell.net
Address:  184.150.200.79 / Name:    belmont79srvr.owm.bell.net
Address:  184.150.200.80 / Name:    belmont80srvr.owm.bell.net

Address:  184.150.200.82 / Name:    mxmta.owm.bell.net
Address:  184.150.200.83 / Name:    smtp.owm.bell.net
Address:  184.150.200.84 / Name:    belmont84srvr.owm.bell.net
Address:  184.150.200.85 / Name:    belmont85srvr.owm.bell.net
Address:  184.150.200.86 / Name:    belmont86srvr.owm.bell.net
Address:  184.150.200.87 / Name:    belmont87srvr.owm.bell.net
Address:  184.150.200.88 / Name:    belmont88srvr.owm.bell.net
Address:  184.150.200.89 / Name:    belmont89srvr.owm.bell.net

My guess is that a "spammer" has compromised the E-mail ID belonging to a customer of BELL, and that ID is sending so much "spam" E-mail that the "SpamHaus" web-site has black-listed, at least temporarily, the IP-address of one of BELL's mail-servers.  Ouch!

Does the "family member" have a HOTMAIL or YAHOO or GMAIL ID that they can temporarily use, to contact you -- bypassing that specific BELL server ?

Update: according to the URL you provided, the black-list entry has been removed.

 

0 Kudos
Reply
Loading...

:  As of this morning, the problem seems to have correcte...

jc2
Grasshopper

@mdk:  As of this morning, the problem seems to have corrected itself.  @rstra: the family member didn't change anything.

I find the whole thing bizarre. Spamhaus (aka the Spamhaus Project) is a volunteer-driven organization whose goal is to impede spammers (and lists IP addresses associated with the infamous German CyberBunker). Don't know why that email address suddenly ended up on Spamhaus-- blacklist. 

@mdk : I find your statement alarming: My guess is that a "spammer" has compromised the E-mail ID belonging to a customer

Good grief.. should she (the sender) be worried?

0 Kudos
Reply
Loading...

Could be a virus or Trojan on the computer.

rstra
Grand Master

Could be a virus or Trojan on the computer. 

Reply
Loading...

-- Don't know why that email address suddenly ended up on...

mdk
Legendary Grand Master

@jc2 -- Don't know why that email address suddenly ended up on Spamhaus' blacklist. 

My guess is that a "spammer" has compromised the E-mail ID belonging to a customer of BELL, and that compromised ID is sending so much "spam" E-mail, with the spammer connecting to Bell's WebMail service for that ID, that "SpamHaus" black-listed the IP-address of one of BELL's mail-servers. 

I find your statement alarming

Correct. It was meant to be alarming. Spammers are "bad actors" on the Internet. They want to send huge quantities of E-mail, but not to send through their personal Internet Service Provider, to avoid their I.S.P. from terminating their services.

One recent technique is to find hyperlinks to "subscribe" a "victim" to a mailing-list. The mailing-list software sends a message to the ID of the "victim" (namely me), welcoming me to the mailing-list, but instead of the my personal first-name and last-name appearing in the message, those "name" values are hyperlinks to a web-site controlled by the spammer, e.g.,

  Dear http://www.bad-site-one.xxx http://www.compromised-site.org/hacked-page -- welcome to the MMMMMMMM mailing-list.

Late last week, some spammer constructed E-mail messages, putting my personal E-mail ID into the "FROM:" field of their hundreds of "spam" messages. Since then, I have been received many your E-mail could not be delivered for 3 days messages, even though I did not send any message.  Sigh.

should the sender be worried?

Yes.  In this case, all persons authorized to use Bell's WebMail would be getting the same "blocked" message, not just your relative.

Further, if Bell finds your relative's ID inside the "spam" message, Bell may suspend/cancel your relative's Internet access, if Bell does not understand that some other customer of Bell has had their ID/password compromised, and that your relative is "innocent".

 

0 Kudos
Reply
Loading...

How do I allow jbfrench@french-associates.com to send and...

kelly_denis
Grasshopper

How do I allow jbfrench@french-associates.com to send and receive emails?

0 Kudos
Reply
Loading...

-- E-mail addressed to any ID within that domain is sent...

mdk
Legendary Grand Master

@kelly_denis -- E-mail addressed to any ID within that domain is sent to one of two "mail-exchanger" sites:

french-associates.com   MX preference = 0, mail exchanger = frenchassociates-com01e.mail.protection.outlook.com
french-associates.com   MX preference = 255, mail exchanger = ms73868978.msv1.invalid

Name:    frenchassociates-com01e.mail.protection.outlook.com
Addresses:  104.47.56.138 &  104.47.57.138

where:

Name:    mail-dm6nam110138.inbound.protection.outlook.com
Address:  104.47.57.138

Name:    mail-co1nam110138.inbound.protection.outlook.com
Address:  104.47.56.138

When you send E-mail from your Shaw ID, you send to "smtp.shaw.ca" as the "outgoing mail-server".

So, Shaw's mail-server tries to connect to one of those IP-addresses, to deliver your message. Both those sites are within the Microsoft network of mail-servers.  Presumably, those mail-servers are working fine.

However, if neither of those two IP-addresses respond, your mail-server tries to connect to that other mail-exchanger. But, since there is no IP-address for "ms73868978.msv1.invalid", your mail-server will queue your message, and should try again, maybe 15 to 30 minutes later, to deliver your message. Your mail-server may repeatedly try for three days, before declaring your message as "undeliverable".

It is really strange that the second "mail-exchanger" record deliberately cites an invalid host-name. That record should be removed.

Now, for E-mail originating from that domain, addressed to you.

I cannot determine the host-name or IP-address of the mail-exchanger that an ID at french-associates.com would use to send E-mail to you. Compare to not knowing which Canada Post drop-box that somebody used to submit a letter into Canada Post's mail-distribution system. So, I cannot help you determine why they cannot send E-mail to you.

Can you provide more information on what you have tried, and any error-messages or "non-delivery reports" you have received?

 

0 Kudos
Reply
Loading...