We had two users fall for a phishing email recently, and of course the result was
that he gave his user/pass to a spammer. We caught one of them in time, but the
other got out many thousands of spam the other night before being discovered.
I am in the process of cleaning this up. Spamcop and others were good about
delisting us promptly. Others will within the next day.
However, "Senderbase", apparently used in Cisco's Ironport, will let you look up
your IP and tell you that your reputation is "poor", but offers no way to get
delisted. It refers you to Spamcop, which I imagine they rely on for listings,
but not delistings.
For now, I'm re--routing per domain to a second server, but I'd appreciate any
tips if there are any. Seems a lot of .edu's use senderbase.
We weren't listed in the PSBL. First thing I did was a few multi-DNSBL lookups
and only found a couple of obscure (to me) ones, which I immediately filled out
Interestingly, comcast.net was BLing us, complete with URL to do apply for
delisting. I did, and got a response that we weren't listed. I don't date take
down re-routing just yet.... :-/
I mean this in the kindest way, and hope I am not suggesting something you've already tried, but I sent email with an explanation to email@example.com and had success in removing an IP address for a mailing list that I manage. It got listed when we switched servers, because it went from zero emails to 800-900...
It took about 24 hours to get it straightened out.
Hope that helps.
In sort, wait... Once you're de-listed from SpamCop (which is owned by
IronPort and plays a non-trivial part in their SenderBase scoring) you
should find that your reputation increases fairly quickly - normally within
24 hours presuming that the spam has actually stopped.
Thanks for the tip (BTW, top-post haters, I didn't start it!). I was quickly
delisted by SpamCop, but here is their response: