Hello list,
We are seeing some "mean" behaviour when sending an e-mail to any e-mail address ending in @bluewein.ch. Note the difference between bluewin and bluewein...
As soon as an e-mail is sent from our relay to this domain, we get listed on the UCEProtect-Level1 blocklist. Yes, we can discuss whether or not this is a serious blacklist, but some mail providers actually use this service and then block our legit e-mails.
Now to this domain. On HTTP all seems in order, the domain is redirected to bluewin.ch. But SMTP points to a separate mail server: mail.ict-olten.ch. Behind ict-olten.ch seems to be nobody (no website, no other results so far after a bit of research).
Does anyone here in the list have information about the behaviour of this domain and who is responsible for it? Obviously a typo "bluewein" instead of "bluewin" happens pretty fast when users are registering and it's already the second or third time within a month that we get blacklisted due to a typo from users.
thanks for any hints and cheers, ck
Hi Claudio
For me it looks like, that the domain ‘bluewein.ch’ is not in control of Swisscom, but it is in control of the person who most likely also controls ‘ict-olten.ch’ and ‘cuida.ch’. You could try to contact Datawire AG, as the IP address of the ‘mailserver’ ‘mail.ict-olten.ch’ is hosted by them… maybe prepare a message and ask them friendly to forward it to their customer. That would be my approach.
Anyway, keep us posted if you find out anything else!
BR Matias
Von: "swinog@lists.swinog.ch" swinog@lists.swinog.ch Antworten an: Claudio Kuenzler ck@claudiokuenzler.com Datum: Donnerstag, 14. Juli 2022 um 17:58 An: "swinog@lists.swinog.ch" swinog@lists.swinog.ch Betreff: [swinog] bluewein.ch - automatic spamtrap?
Hello list,
We are seeing some "mean" behaviour when sending an e-mail to any e-mail address ending in @bluewein.chhttp://bluewein.ch. Note the difference between bluewin and bluewein...
As soon as an e-mail is sent from our relay to this domain, we get listed on the UCEProtect-Level1 blocklist. Yes, we can discuss whether or not this is a serious blacklist, but some mail providers actually use this service and then block our legit e-mails.
Now to this domain. On HTTP all seems in order, the domain is redirected to bluewin.chhttp://bluewin.ch. But SMTP points to a separate mail server: mail.ict-olten.chhttp://mail.ict-olten.ch. Behind ict-olten.chhttp://ict-olten.ch seems to be nobody (no website, no other results so far after a bit of research).
Does anyone here in the list have information about the behaviour of this domain and who is responsible for it? Obviously a typo "bluewein" instead of "bluewin" happens pretty fast when users are registering and it's already the second or third time within a month that we get blacklisted due to a typo from users.
thanks for any hints and cheers, ck
On Thu, Jul 14, 2022 at 5:26 PM Matias Meier meier@matias.ch wrote:
For me it looks like, that the domain ‘bluewein.ch’ is not in control of Swisscom, but it is in control of the person who most likely also controls ‘ ict-olten.ch’ and ‘cuida.ch’.
You could try to contact Datawire AG, as the IP address of the ‘mailserver’ ‘mail.ict-olten.ch’ is hosted by them… maybe prepare a message and ask them friendly to forward it to their customer. That would be my approach.
Thanks for all the responses and ideas!
So the research and journey has begun with Datawire. May it hopefully end in success. I shall inform you all again, whether or not I've become wiser.
On Fri, Jul 15, 2022 at 7:15 AM Claudio Kuenzler ck@claudiokuenzler.com wrote:
Thanks for all the responses and ideas!
So the research and journey has begun with Datawire. May it hopefully end in success. I shall inform you all again, whether or not I've become wiser.
To prove how fast such a typo happens, take my e-mail as example. The spamtrap domain in question is actually "bluwein.ch" and not "bluewein.ch". :-/ Datawire is off the hooks. Turning around the wheel and going North, towards the lands of Hetzner.
On Fri, Jul 15, 2022 at 7:33 AM Claudio Kuenzler ck@claudiokuenzler.com wrote:
Datawire is off the hooks. Turning around the wheel and going North, towards the lands of Hetzner.
The MX-Record of bluwein.ch resolves to sendmailtoserver.bluwein.ch, which sometimes answers with a A record pointing to Hetzner, sometimes with a different A record pointing to I-Netpartner in Germany. I didn't receive a confirmation that they forwarded my complaint/contact request to their customer. From I-Netpartner however I received a call today. The domain "bluwein.ch" is indeed registered to the owners of the UCEProtect DNSBL and has been for many years. According to the infos I obtained, UCEProtect sometimes buys previously used domains, turns off any MX record for one year and then switch on the MX records again. All received mail is then immediately flagged as spam because "only spam systems would send e-mails to a previously unavailable domain".
Whether or not this domain is used for "catching typo errors" is speculation. I personally think the domain name is way too close to the widely used bluewin.ch domain. When I look at our relay, we see all kinds of typo errors relating to bluewin.ch, e.g. buewin.ch, bluwiin.ch and many more variations.
We have now internally resolved this blacklisting problem by adjusting our mail relay's (Postfix) transport rule, bouncing all e-mails destined to bluwein.ch:
# Do not send mails to the following domains bluwein.ch error:Admiral Ackbar knows this is a trap
Maybe this solution comes in handy for others going down the same path.
Am 14.07.2022 um 16:57 schrieb Claudio Kuenzler via swinog swinog@lists.swinog.ch:
Hello list,
We are seeing some "mean" behaviour when sending an e-mail to any e-mail address ending in @bluewein.ch http://bluewein.ch/. Note the difference between bluewin and bluewein...
As soon as an e-mail is sent from our relay to this domain, we get listed on the UCEProtect-Level1 blocklist. Yes, we can discuss whether or not this is a serious blacklist, but some mail providers actually use this service and then block our legit e-mails.
Now to this domain. On HTTP all seems in order, the domain is redirected to bluewin.ch http://bluewin.ch/. But SMTP points to a separate mail server: mail.ict-olten.ch http://mail.ict-olten.ch/. Behind ict-olten.ch http://ict-olten.ch/ seems to be nobody (no website, no other results so far after a bit of research).
Does anyone here in the list have information about the behaviour of this domain and who is responsible for it? Obviously a typo "bluewein" instead of "bluewin" happens pretty fast when users are registering and it's already the second or third time within a month that we get blacklisted due to a typo from users.
thanks for any hints and cheers, ck _______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-leave@lists.swinog.ch
Maybe this guy:
https://www.moneyhouse.ch/de/company/graeppi-ict-projects-7019018421
„Mr ICT Projects, would you stand up, please?“
;-)
Rainer
-
Claudio Kuenzler -
Matias Meier -
Rainer Duffner