On Tue, Aug 25, 2009 at 7:35 AM, Clifford Beckett<[log in to unmask]> wrote: > Hello Network admins. > I have a user who is receiving email error messages indicating a "BANNED > CONTENTS ALERT" from <[log in to unmask]> on emails that claim > to be sent by this user but were not. Who should I talk to about this > problem? Our email is primarily handled through the Engineering email > server. The error message includes this information > > First upstream SMTP client IP address: [61.47.11.234] unknown > According to a 'Received:' trace, the message originated at: [61.47.11.234], > egr.msu.edu (unknown [61.47.11.234]) According to whois, 61.47.11.234 is owned by pacnet. inetnum: 61.47.0.0 - 61.47.127.255 netname: PACNET remarks: Spam and Security: [log in to unmask] You could try emailing [log in to unmask] although responses vary from 'useful' to 'no one reads it'. You may also contact [log in to unmask] and report your problem there. Are all the messages coming from 61.47.11.234? If so they could likely do something about it (block it, greylist it, etc...) smtp3.pacific.net.th is 203.121.130.116 (which is also ip-space leased to pacnet). I can't find any spf records for them so its hard to say where mail is *supposed* to come from; however smtp-outs for most places need to have reverse dns (and 61.47.11.234 doesn't) because MTAs are often picky (and no reverse DNS often means a residential account which is likely to be a spambot). > > Thanks > Cliff > > -- > Clifford L. Beckett office: 517-355-4659 > Electronic System Designer cell: 517-449-8226 > A411 E. Fee fax: 517-353-0789 > OMM Department email: [log in to unmask] > Michigan State University web: www.obl.msu.edu > East Lansing MI, 48824 >