Helping people with computers... one answer at a time.

One approach to prevent spam is blocking email from the IP address of known spammers. Like any spam fighting technique, there are false positives.

Three of my friends have Hotmail accounts. I am not a spammer nor do I send unsolicited info to these friends. I recently received a note that "The following message was undeliverable". "A block has been placed against your IP address because we have received complaints concerning mail coming from that IP address". I have talked to my friends and they have no explanation for what has transpired. What can I do to resolve this matter? I would be glad to provide the e-mail addresses of these friends if that would be helpful. We are all confused by this turn of events.

Blocks against IP addresses are actually fairly rare when it comes to normal consumer internet connections, but they do happen.

One of the reasons that they're rare is that they're also somewhat error prone, as you've seen.

We'll look at what Hotmail (or any ISP that does this) might be thinking, and what your alternatives are.

As you probably know, every computer is identified on its network with an IP, or Internet Protocol, address. In theory, then, by knowing the IP address of a computer you can block communications from that computer by blocking anything that comes from the IP address that it's been assigned.

"In theory ... you can block communications from that computer by blocking anything that comes from the IP address that it's been assigned."

There are several problems with this approach.

The most common is that it really only works with computers that are connected directly to the internet. In many situations, from the simple router at home, to a more complex local network at corporations, school districts and others, a large number of computers will be connected to a local network that is connected to the internet through some other device. That device, typically a router, will have an IP address on the internet, but all the computers "behind it" will not; while they will have IP addresses on their local area network, those addresses will never appear on the internet. All internet traffic appears as if it came from the IP address assigned to the router.

Thus blocking that IP address - the only internet visible IP address, that of the router - will actually block all the computers on the local area network behind it.

You can typically tell if your computer is behind a router: your computer's IP address will begin with 10., 172.16. through 172.31., or 192.168. These are considered "non-routable" addresses and can never appear on the internet, only on local area networks. In these cases, your internet IP address will actually be the IP address assigned to your router, and will be shared with all the other computers behind the router with you.

The other common problem is that IP addresses change.

"Dynamic" IP addresses are assigned to your computer or your router when you turn on your modem, dial up or otherwise make your network connection. They can even change while you are connected.

Dynamic IP addresses are in fact the most common for consumer internet services such as dialup, DSL, cable and others. While what are called "static" IP addresses - IP addresses that do not change - are available, they're typically extra cost, and in all honesty not needed by most folks.

This affects you as the scenario plays out like this: Person A connects to the internet using the same Internet Service Provider or ISP that you do. They are assigned a dynamic IP address and start spamming. One or more of the recipients of that spam then say "enough is enough", and block the IP address. Person A eventually goes away, disconnecting from the internet and the ISP, freeing up the IP address that they had been using for reuse.

You come along, connect to the internet, are randomly assigned that IP address that had been previously used by the spammer, and ... you're blocked. You've inherited that spammer's reputation.

The third scenario is even a little worse: you actually are the spammer. Not intentionally, but by accident, perhaps.

In this scenario, your machine - or a machine behind the same router as your machine - has become infected with a "spam bot" virus. These bots are used by spammers to cause their email to be sent from machines around the network rather than a single easily blocked source. If your machine gets infected and starts sending out spam without your knowledge, your IP address can quickly become blocked.

And since "your IP" is actually your internet IP address shared with all of the machines that might be behind your router, if any of those machines become infected bots then a block on your IP address would affect all the machines.

You might be asking "if there are so many problems, why block IP addresses at all?" For one reason, email services are desperate to block spam - so desperate that the occasional "false positive" is considered an acceptable risk. For another reason, IP address blocking does work for certain classes of spammers: those that are sending from a single - often compromised - server that is connected directly to the internet. This later scenario used to be the most common by far, and the effectiveness of IP blocking to thwart them has lead to the rise of distributed bot nets that are so much more difficult to block.

So, what do you do with this happens to you?

I'd recommend the following:

  • Perform an up-to-date malware scan to make sure that your machine is not infected with a bot. This won't get your IP address un-blocked, but it will prevent you from continuing to contribute to a problem if you are infected.

  • Reboot your router or other internet-connected device - sometimes, though not always, this will cause your ISP to assign you a new IP address. The longer you can leave it off the more likely it is that you'll get a new IP address; overnight might be well worth a try.

  • Wait. IP addresses do get taken off the block lists as well, though it can some times take a very long time.

  • Send from a different source. This is a case where one of the free online services like Gmail or even Hotmail can make sense: create an account and use that account to send to your friends. Your friends email service will see your email coming from Hotmail or Gmail, not from your IP address.

Article C3942 - December 4, 2009 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

7 Comments
Mark
December 4, 2009 1:14 PM

This is a problem that many email providers are having with the sending of email to MS email addresses. It is a problem I've had with my GMX email provider also. MS is overly diligent to block certain email domains as spam and it often takes months to work out this problem. If your friends switch from using an MS email address for receiving email, this problem will be solved.

I received the same message with my email being blocked by MS. It wasn't my IP that had the problem but the IP of my email provider. After months of posting on Live Mail's forum, I wrote to Mary Jo Foley of ZDNet and she posted the details of the problem on ZDNet and phoned MS and the problem was worked out. What is your email provider? It would be interestion to see if other users of this service are blocked also.

Leo, you used to work for MS. Do you have some connection with the company to help with these problems?

I do not. Even when I was there, Hotmail was kind of off in it's own little corner.
Leo
05-Dec-2009

cnmoore
December 8, 2009 10:12 AM

We run an anti-malware forum on a dedicated server. People can 'watch' topics and receive emails from us when a new reply is posted. Lately Yahoo, Comcast, and Verizon have been sporadically blocking our emails. I believe this is because our host has started relaying our mail out through different mail servers. Some services do look at the source IP, and since the IP is not ours, Yahoo et al think it might be spam. It was bad enough when our own server sent the mail - I had to periodically write to providers to explain that we were not spammers and that our notifications were important to our members. But now that our host is relaying our emails I despair. Opened a support ticket but still waiting on that..

The blocking is basically incompetent of those providers, I believe. Somewhere in the depths of an email packet the IP of the actual originator (us) can be found and that is what they should be checking.

We try to get all our members to use Gmail for their registered email address. Gmail always delivers our mail and has (in my opinion) the best anti-spam service around.

Johnathon (JJ) Johnson
December 8, 2009 10:22 AM

Along with those excellent suggestions, I have had luck with calling the blocking IPS, in this case AOL, and going through a procedure to remove the block.

In the case of the router, couldn't a person call their ISP and ask them to manually change your IP?

Gordon Shumway
December 8, 2009 12:01 PM

The same thing happened to me in oktober 2008.
After I left an urgent message at
https://feedback.live.com/default.aspx?productkey=wlmail
I explained that:
1 - I am not a spammer.
2 - My PC is well configured (anti virus, firewall, etc) (I'm an IT professional).
3 - My PC is not part of a botnet.
4 - And last I asked if they could tell me which familymember (mail address) blocked me? It must have been done by mistake.
The block was soon lifted.

Mark
December 8, 2009 2:13 PM

As I said, it's usually not your IP that's blocked as you are most likely going through an email provider and not sending from your own website or IP address. But it's the IP of your email provider being blocked, so you have to get your email provider to work it out with Hotmail, Livemail, AOL or whoever is blocking your emails.

Brad
December 8, 2009 4:52 PM

An addition to the 'recommend to do' list?

Contact your ISP about it. They may know of an existing 'black listing' from a specific blocking entity.

That's been the case with my ISP more than once.

John Neeting
December 9, 2009 7:52 PM

I recognized this problem eons ago and NEVER use my ISP 'hard' address. Public e-mail servers [ hotmail ] can be easily changed if it is compromised but your OWN 'hard' address off the ISP you use, cannot.
You can get a new URL but not a new e-mail address easily.

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.