In brief Cisco's anti-spam service SpamCop failed to renew spamcop.net over weekend, causing it to lapse, which resulted in countless messages being falsely labeled and rejected as spam around the world.
From what we can tell, this is what happened. When the domain name expired, *.spamcop.net resolved to a domain parking service's IP address. The way that SpamCop's DNS-based blocking list works is that if you, for example, want to check that an email sent from a system with the IP address 1.2.3.4 is legit, you run a DNS query on 4.3.2.1.bl.spamcop.net. If SpamCop returns a valid DNS entry for that lookup, then it's an IP address known to have sent out spam in the past and should be treated with suspicion.
Thus, after the domain name expired, every single *.bl.spamcop.net lookup would succeed, as it's pointing to a parking ..
Support the originator by clicking the read the rest link below.
