Removal Instructions

How to get your IP address
removed from the OPS^SM,
in four easy steps.

1
Why is my IP address on your list?
IP addresses are added to our list because they are insecure 'open proxies' that have been used to transmit spam. This means that spammers are using the machine running at your IP address to transmit spam.

For a copy of the spam, and other information about the listing, click here.

Please note that we are not calling you spammers. We are not alleging that you are the source of the spam in question.

2
What is an open proxy?
OPS^SM uses the terms "open proxy, insecure proxy" interchangeably. All of these terms refer to the fact that the machine at the listed IP address is capable of transmitting mail from nonusers to other nonusers. The main difference between an open relay and an open proxy is in the application used. Open relays typically refer to an SMTP service on the listed IP address that is not properly secured to prevent unauthorized users from sending mail via the SMTP server. An open proxy can be a mis-configured HTTP proxy, squid proxy, SOCKS proxy, or any number of software applications that are desinged for use as a proxy service. In the case that there is an open proxy, anyone can connect to the proxy service, and then use that service to connect to the mail server of the intended recipient of the spam being sent. The only trace of the source of the spam is the IP address of the open proxy that was used. Proxy software comes in a variety of forms, and proxies can run on almost an port on your machine.

A common example of an open proxy is a residential broadband customer that wants to share their broadband connection with multiple machines. They may setup a proxy software package, such as Wingate, WinRoute, or Analog X, in the hopes of sharing their connection with their own machines. Often, they are unaware of the security holes they may open while trying to configure the software to share their connection, and may leave an open HTTP proxy on port 80 that can be used by anyone, not just their own machine on their own internal network.

A second example may be a small company using proxy services to route all their intranet traffic out to the Internet via a specific machine. If they are not careful to go back and secure this proxy, they may leave this machine vulnerable to be used as an open proxy to transmit spam.

There are also viruses and trojans that can be used to install open proxy software on an unsuspecting user's computer.
Spammers regularly hunt for and exploit these types of servers in order to try to disguise the true origin of their unwanted email. If your server is on our OPS^SM list, then it's likely that spammers have indeed located and exploited your insecure server, for this very reason.

3
Fixing the server to stop proxying spam.
We'd ask that you please secure your machine to stop proxying spam. After you do so, we'll be happy to remove it from our list. In most cases, this is very easy -- it probably only involves a checkmark on a preferences screen or replacing an old, outdated configuration file.

Information on how to secure your server should be sought from your software/support vendor, your internet service provider, or your upstream.

If you contact the OPS^SM for configuration assistance, we're probably going to give you the same information contained here in step number three. It's not that we don't want to help you, it's just that there are too many proxy packages in the world for the OPS^SM staff to be experts at all (or any) of them.

4
After the server is fixed, fill out a remove request form.
After you've fixed your server, please click here to reach our remove request form. After you fill out that form, we'll promptly retest and remove your server from our list, assuming that it is no longer an open proxy.

The remove request form is located at http://www3.mail-abuse.org/cgi-bin/nph-ops-remove

If the server's not fixed, it really won't do you a lot of good to fill out the form. You'll just get a reply back that says "Sorry, the server still appears open, so we can't remove it from our list." We can't remove sites from our list until they are fixed to stop proxying spam. The OPS^SM is a quarantine list used to keep spam-proxying IP addresses from transmitting more spam until they're secured. See the FAQ page for more information.

Click here to return to the main menu.

[ MAPS^SM LLC | RSS^SM | RBL^SM | DUL^SM | NML^SM | TSI ] [ Contact Us ] Updated 4/15/2003.

1	Why is my IP address on your list? IP addresses are added to our list because they are insecure 'open proxies' that have been used to transmit spam. This means that spammers are using the machine running at your IP address to transmit spam. For a copy of the spam, and other information about the listing, click here. Please note that we are not calling you spammers. We are not alleging that you are the source of the spam in question.
2	What is an open proxy? OPS^SM uses the terms "open proxy, insecure proxy" interchangeably. All of these terms refer to the fact that the machine at the listed IP address is capable of transmitting mail from nonusers to other nonusers. The main difference between an open relay and an open proxy is in the application used. Open relays typically refer to an SMTP service on the listed IP address that is not properly secured to prevent unauthorized users from sending mail via the SMTP server. An open proxy can be a mis-configured HTTP proxy, squid proxy, SOCKS proxy, or any number of software applications that are desinged for use as a proxy service. In the case that there is an open proxy, anyone can connect to the proxy service, and then use that service to connect to the mail server of the intended recipient of the spam being sent. The only trace of the source of the spam is the IP address of the open proxy that was used. Proxy software comes in a variety of forms, and proxies can run on almost an port on your machine. A common example of an open proxy is a residential broadband customer that wants to share their broadband connection with multiple machines. They may setup a proxy software package, such as Wingate, WinRoute, or Analog X, in the hopes of sharing their connection with their own machines. Often, they are unaware of the security holes they may open while trying to configure the software to share their connection, and may leave an open HTTP proxy on port 80 that can be used by anyone, not just their own machine on their own internal network. A second example may be a small company using proxy services to route all their intranet traffic out to the Internet via a specific machine. If they are not careful to go back and secure this proxy, they may leave this machine vulnerable to be used as an open proxy to transmit spam. There are also viruses and trojans that can be used to install open proxy software on an unsuspecting user's computer. Spammers regularly hunt for and exploit these types of servers in order to try to disguise the true origin of their unwanted email. If your server is on our OPS^SM list, then it's likely that spammers have indeed located and exploited your insecure server, for this very reason.
3	Fixing the server to stop proxying spam. We'd ask that you please secure your machine to stop proxying spam. After you do so, we'll be happy to remove it from our list. In most cases, this is very easy -- it probably only involves a checkmark on a preferences screen or replacing an old, outdated configuration file. Information on how to secure your server should be sought from your software/support vendor, your internet service provider, or your upstream. If you contact the OPS^SM for configuration assistance, we're probably going to give you the same information contained here in step number three. It's not that we don't want to help you, it's just that there are too many proxy packages in the world for the OPS^SM staff to be experts at all (or any) of them.
4	After the server is fixed, fill out a remove request form. After you've fixed your server, please click here to reach our remove request form. After you fill out that form, we'll promptly retest and remove your server from our list, assuming that it is no longer an open proxy. The remove request form is located at http://www3.mail-abuse.org/cgi-bin/nph-ops-remove If the server's not fixed, it really won't do you a lot of good to fill out the form. You'll just get a reply back that says "Sorry, the server still appears open, so we can't remove it from our list." We can't remove sites from our list until they are fixed to stop proxying spam. The OPS^SM is a quarantine list used to keep spam-proxying IP addresses from transmitting more spam until they're secured. See the FAQ page for more information.