Jump to content

[Resolved] Reports disabled


elind

Recommended Posts

There's a real bit of a problem with the way this discussion is going.

First of all, what is now AT&T isn't exactly what most people thing it is. The referenced conversation piece about "sending direct to the customer" may or may not mean what it sounds like. The abuse[at]att.net covers a whole lot of territory, not all of it actually managed directly by what is known as AT&T .... There's a whole slew of companies leasing bandwidth and infrastructure from what is called AT&T.

For example, an IP address actually managed by MediaCom shows a spam reporting address of abuse[at]att.net ... and in that case, att.net would forward that complaint "direct to their customer" .... mediacom .... This is not "the spammer" .... yet, it definitely fits into the previous description offered.

'General consensus' is probably all over the map. It's been a long time since I've seen or even heard of real retribution from a spam complaint, and I send most of mine out manually, as the SpamCop.net parseing/reporting things doesn't go far enough to make me happy. Like zillions of other people, yes, I've had an address wrapped in a forged From" line and had to work through all that massive load of bad incoming stff, but .. this is hardly seen as a retribution tactic ... so many people never heard of SpamCop.net or knew how to complain about spam to beging with, but thay get hammered by the same spammer abuse scenario ....

I was searching for "reports disabled" when I noticed this thread. What is the significance of a reported spam that comes back from spamcop with "reports disabled" for.......?

Link to comment
Share on other sites

I was searching for "reports disabled" when I noticed this thread. What is the significance of a reported spam that comes back from spamcop with "reports disabled" for.......?
This query moved to its own topic.

Good question, elind. I note that 198.31.62.123 mta.email.myfamily.com with a reporting address of abuse[at]doubleclick.net recently "graduated" from

Reports disabled for abuse[at]doubleclick.net
to
No valid email addresses found, sorry!

* There are several possible reasons for this: The site involved may not want reports from SpamCop.

* SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing.

* SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address.

* There may be no working email address to receive reports.

... which may have some relevance. Hopefully someone with better knowledge can give a definitive answer. Can you provide your own example?
Link to comment
Share on other sites

Doubleclick?

Blocking the following works good for us :D :

63.160.54.0-63.160.54.255 63.160.54.0/24 doubleclick NET-63-160-54-0-1

63.166.98.0-63.166.98.255 63.166.98.0/24 doubleclick NET-63-166-98-0-1

63.168.198.0-63.168.198.127 63.168.198.0/25 doubleclick NET-63-168-198-0-1

65.167.64.0-65.167.67.255 65.167.64.0/22 doubleclick NET-65-167-64-0-1

128.11.60.64-128.11.60.127 128.11.60.64/26 doubleclick NET-128-11-60-64-1

128.11.92.0-128.11.92.255 128.11.92.0/24 doubleclick NET-128-11-92-0-1

198.31.62.0-198.31.63.255 198.31.62.0/23 doubleclick NET-198-31-62-0-1

204.178.112.160-204.178.112.191 204.178.112.160/27 doubleclick NET-204-178-112-160-1

206.65.181.104-206.65.181.111 206.65.181.104/29 doubleclick NET-206-65-181-104-1

208.10.202.0-208.10.202.255 208.10.202.0/24 doubleclick NET-208-10-202-0-1

208.32.211.0-208.32.211.255 208.32.211.0/24 doubleclick NET-208-32-211-0-1

209.47.11.0-209.47.11.255 209.47.11.0/24 doubleclick NET-209-47-11-0-1

209.62.176.0-209.62.191.255 209.62.176.0/20 doubleclick NET-209-62-176-0-1

216.73.80.0-216.73.95.255 216.73.80.0/20 doubleclick NET-216-73-80-0-1

Link to comment
Share on other sites

I note that 198.31.62.123 mta.email.myfamily.com with a reporting address of abuse[at]doubleclick.net recently "graduated" from "Reports disabled for abuse[at]doubleclick.net" to "No valid email addresses found, sorry!"
I think that the only thing that has changed is the way SpamCop describes the situation. We set SpamCop to not send reports to abuse[at]doubleclick.net quite some time ago.

If you look at the whole report on the IP, you see both statements. First SpamCop tells you that "reports have been disabled," and then in the "Statistics" section, SpamCop says it can't find a reporting address for the IP. That's because the only address SpamCop can find is abuse[at]doubleclick.net and it has been disabled, so there isn't any place to send a report about the IP.

- Don -

Parsing input: 198.31.62.123

host 198.31.62.123 = mta.email.myfamily.com (cached)

[report history]

Routing details for 198.31.62.123

Cached whois for 198.31.62.123 : abuse[at]doubleclick.net

Using abuse net on abuse[at]doubleclick.net

abuse net doubleclick.net = abuse[at]doubleclick.net

Using best contacts abuse[at]doubleclick.net

Reports disabled for abuse[at]doubleclick.net

Using abuse#doubleclick.net[at]devnull.spamcop.net for statistical tracking.

Statistics:

198.31.62.123 not listed in bl.spamcop.net

More Information..

198.31.62.123 listed in dnsbl.njabl.org ( 127.0.0.4 )

198.31.62.123 listed in dnsbl.njabl.org ( 127.0.0.4 )

198.31.62.123 not listed in cbl.abuseat.org

198.31.62.123 not listed in dnsbl.sorbs.net

198.31.62.123 not listed in relays.ordb.org.

No valid email addresses found, sorry!

Link to comment
Share on other sites

This query moved to its own topic.

Good question, elind. I note that 198.31.62.123 mta.email.myfamily.com with a reporting address of abuse[at]doubleclick.net recently "graduated" from to ... which may have some relevance. Hopefully someone with better knowledge can give a definitive answer. Can you provide your own example?

This was the latest one I saw, but they appear quite often. I just haven't paid much attention 'till now.

This domain seems to be real, and they have email published, so why are reports disabled?

Reports disabled for abuse[at]guilfordcommunications.com

Using abuse#guilfordcommunications.com[at]devnull.spamcop.net for statistical tracking.

Link to comment
Share on other sites

It's an administrative decision on our part. There are many possible reasons.

For example, if we think the abuse desk is giving our reports to the sender so he can remove the complainers from his mailing list, we would stop sending reports.

A sender removing complainers from a list?? Has that ever happened? Surely if spammers wanted to do that they would either implement a true "remove" option or put a unique code in their garbage text so as to automatically identify spam reporters.

Could it be that some ISPs have threatened spamcop with legal action and it's easier to disable reports for a few than deal with the headache?

Link to comment
Share on other sites

Could it be that some ISPs have threatened spamcop with legal action and it's easier to disable reports for a few than deal with the headache?
SC reports are a courtesy, no organization has to receive them that doesn't want them - though that's what abuse addresses are for. Any legal action is going to be about listing on the blocklist - a further (but certainly not inevitable) stage in the process - see What is the SpamCop Blocking List (SCBL)?. SpamCop has been sued in the past and certainly could be again, which is why there's a link called "Donate to SpamCop's Legal Defense fund" on the www.spamcop.net front page. Offset against actual legal action there would be, one expects, be huge numbers of threats. What would be the actual basis of such action? SC doesn't block anyone. The use of the blocklist is in the hands of the user (spam receiver) ISP who presumably has the right to exercise control over the messages accepted. The listing of an IP address in the SCBL is as a result of that IP address sending what is seen to be spam.

The effectiveness of the SCBL depends on SC successfully resisting spammer attempts to discredit, limit or disable it. Those attempts will undoubtedly be many and varied and sure, there are vulnerabilities. Bottom line, I can't see a mere threat doing anything in that context, if there were a successful action, I can't see it being secret - the spammers would be crowing (though the terms of settlement of an action might be confidential - there's been one of those - (PDF) IronPort Systems Settles Litigation with Optinrealbig.com). Make your own assessment but as Don has said, there can be all sorts of reasons - and I don't think the threat of a lawsuit is one of them.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...