SC is using l.okuyene#suburbantelecom.com[at]devnull.spamcop.net for reports to 41.191.108.130 WHois seems to indicate abusepoc[at]afrinic.net (afrinic also shows o.adeyemi[at]suburbantelecom.com as well as l.okuyene) and traceroute shows the upstream provider reporting address as abuse[at]ntt.net. All the above appear to work.
$ whois 41.191.108.130
OrgName: African Network Information Center
OrgID: AFRINIC
Address: 03B3 - 3rd Floor - Ebene Cyber Tower
Address: Cyber City
Address: Ebene
Address: Mauritius
City: Ebene
StateProv:
PostalCode: 0001
Country: MU
ReferralServer: whois://whois.afrinic.net
NetRange: 41.0.0.0 - 41.255.255.255
CIDR: 41.0.0.0/8
NetName: NET41
NetHandle: NET-41-0-0-0-1
Parent:
NetType: Allocated to AfriNIC
NameServer: NS1.AFRINIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: NS2.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
Comment:
RegDate: 2005-04-12
Updated: 2009-05-27
OrgAbuseHandle: GENER11-ARIN
OrgAbuseName: Generic POC
OrgAbusePhone: +230 4666616
OrgAbuseEmail: abusepoc[at]afrinic.net
OrgTechHandle: GENER11-ARIN
OrgTechName: Generic POC
OrgTechPhone: +230 4666616
OrgTechEmail: abusepoc[at]afrinic.net
# ARIN WHOIS database, last updated 2009-06-12 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Data copied in email to deputies relaying the request. I can see/confirm most of the above (lookup I use doesn't show OrgAbuseEmail address but that's not a problem).
Ellen advises she has the abuse.net reporting addresses for for suburbantelecom.com in place (http://www.spamcop.net/sc?track=41.191.108.130), the IP address 41.191.108.130 has been listed on the SCbl since June 12 and is listed in other BLs currently.
QUOTE(Farelf @ Jun 15 2009, 11:08 AM) 
Ellen advises she has the abuse.net reporting addresses for for suburbantelecom.com. ...
Why abuse.net? Why not the whois data? The FAQ Help for abuse-desks and administrators contains the section How do I register an abuse@ email address?. ISPs wanting to do something about spam are encouraged in that FAQ to register their abuse addresses with abuse.net and obviously SC acknowledges that (apparent) commitment. Ideally the addresses at the two places would agree however ISPs often don't have direct access to their network whois data. Outside of that, SC reporting is alert to ISP and network requests - either to (permanently) desist from sending reports or, sometimes, to send to a special 'SpamCop' reporting address. But that's another story, as is the stopping of reports to bouncing addresses or those where the evidence is that the ISP is co-operating with the spammer.
I looked up the abuse.net addresses for suburbantelecom.com and neither one of the addresses (the ones mentioned by the OP) is on the abuse.net list.
Not that it really matters since, apparently, suburbantelecom.com has been unresponsive to spamcop reports and is listed on several bls. That's usually the case whenever an abuse address goes to devnull. Long ago, on the ngs, IIRC, when it looked as though reports were going to a spammer or cooperating ISP, Ellen would change the report address to devnull.
FME, spamcop is very cooperative about sending spamcop reports to those who want them at the address they want. OTOH, spamcop is also very sensitive about not sending reports to those who ignore them or use them to listwash or request no reports.
A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email. Since the majority of reports seem to go to unresponsive destinations and seem to be 'unwanted', perhaps there is something in what he says. However, there have been enough people here who complain that they never got a report (because the listing resulted from spamtrap hits), that apparently reports do go to enough people who appreciate knowing there is a problem, that it is good to continue.
Miss Betsy
Not that it really matters since, apparently, suburbantelecom.com has been unresponsive to spamcop reports and is listed on several bls. That's usually the case whenever an abuse address goes to devnull. Long ago, on the ngs, IIRC, when it looked as though reports were going to a spammer or cooperating ISP, Ellen would change the report address to devnull.
FME, spamcop is very cooperative about sending spamcop reports to those who want them at the address they want. OTOH, spamcop is also very sensitive about not sending reports to those who ignore them or use them to listwash or request no reports.
A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email. Since the majority of reports seem to go to unresponsive destinations and seem to be 'unwanted', perhaps there is something in what he says. However, there have been enough people here who complain that they never got a report (because the listing resulted from spamtrap hits), that apparently reports do go to enough people who appreciate knowing there is a problem, that it is good to continue.
Miss Betsy
QUOTE(Miss Betsy @ Jun 15 2009, 05:40 AM)
<snip>
A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email.
<snip>
...For private e-mail accounts, true but not for accounts set up specifically to report abuse! To my knowledge, SpamCop only offers to send reports to abuse accounts, accounts set up on abuse.net for reporting abuse or private accounts that have requested reports. And, of course, the responsibility for avoiding any unsolicited e-mail is ours as SpamCop users, not SpamCop's!
A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email.
<snip>
Early on in my spam-hunting days, like many folks who come to this forum, I used to obsess about finding every possible reporting address and making sure they all got used. Reporting was the sword of the righteous, and would instantly slay the wicked, and all that. I'm a little more nuanced (if not necessarily mature) these days, and I realize that some people want to get the reports (and will probably use them), while others don't want them (and certainly won't do anything with them if I send them anyway).
Still, I figure that anyone who publishes an abuse contact in a WHOIS record is essentially soliciting abuse-related mail to this address. Same goes in spades for someone who publishes an address with abuse.net. Both the ARIN and RIPE models for IP-WHOIS data allow specific abuse reporting contacts to be included, and if they are they ought to be used for such.
-- rick
Still, I figure that anyone who publishes an abuse contact in a WHOIS record is essentially soliciting abuse-related mail to this address. Same goes in spades for someone who publishes an address with abuse.net. Both the ARIN and RIPE models for IP-WHOIS data allow specific abuse reporting contacts to be included, and if they are they ought to be used for such.
-- rick
QUOTE(rconner @ Jun 16 2009, 11:30 AM)
... I figure that anyone who publishes an abuse contact in a WHOIS record is essentially soliciting abuse-related mail to this address. Same goes in spades for someone who publishes an address with abuse.net. Both the ARIN and RIPE models for IP-WHOIS data allow specific abuse reporting contacts to be included, and if they are they ought to be used for such.
Absolutely Rick, well (even beautifully) put 
. But, for their own reasons, SC does not send notifies where they are not wanted and/or, coming back to the case in point, we see time and again there are abuse addresses that consistently bounce SC notification reports or, for whatever other reason (including uncaring or complicit ISPs 'gaming' the notification process), are dev-nulled by the deputies. Add to that the fact that there are potentially either/both IP Whois and abuse.net sources which may not be the same and that the parser sometimes struggles to extract addresses from some of the sources and we have a reasonably complex situation. Throw in the considerations of judging when it might be appropriate to involve up-stream providers and the determination of their addresses ... none of which you need to be told about, since you've detailed that whole address discovery process most admirably at http://www.rickconner.net/spamweb/pop-find-mail-owners.htmlBut just why the deputies might accept the O/P's recommendations on one occasion but come up with an alternative on another might be a source of puzzlement. If not to the O/P, then to others reading here. Hopefully some of that is addressed in this topic where such was the case - and such seekers of knowledge would be well advised to check out that link at your spamweb site - though I would have to recognize that nothing can be written which quite bridges the gap of experience when it comes to replicating the judgment of SC staff such as Ellen and Don. But they NEED suggestions such as those flagged by the O/P to know to look at possible shortcomings in the notify report routing. IMO
QUOTE(Farelf @ Jun 14 2009, 10:40 PM)
Why not the whois data?
If we're talking about abusepoc[at]afrinic.net, SpamCop won't send reports to them because Afrinic is a network regulatory authority. It is not an Internet provider.- Don -
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.