• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About luk3

  • Rank
  1. Yep sort of. I created a account in 2013 with a private gmail email address. After that, I subscribed to daily reports via email for several networks and email service providers, which you can set up under the "preference" tab: Each email lists spam sources (trap hits or user complaints) for the networks. E.g. report email #1 on maybe 14 November: Nov 7 21h/7 1 2 3 4 blocklisted Another report email two days later: Nov 7 13h/9 1 0 2 1 blocklisted To read the reports properly, I assume that you can order by report date. then group by ip and starting date (= incident id), cumulate the trap hits and complaints per id, use the last entry per id, and use period between startdate (Nov 7) and last duration (+9 days and 13 hours) as the timespan during which SpamCop registers an IP address as a potential spam source. I then take the sum of IPs per day as an indicator for the spamminess of the network over time. I dunno if this approach is valid (apart from varying number of IPs over time). And I also noted that IPs sometimes seem to be blocklisted due to trap hits, sometimes not. As I found no further documentation, I thought the forum can maybe shed some light on it.
  2. Thanks @lisati and @Lking for your prompt response & sorry that I did not express myself very well. I guess the reporting date was misleading. My question is not about a new blocklisting issue that has to be solved. Instead, it is about how to read the email reports, which you can subscribe to at Request Aggregate Reports Please specify which IP(IPv4: dotted quad, IPv6: colon-separated hex) ranges you would like to receive reports about; enter ranges as one of the following: CIDR (IP/mask) or Range (IP1 - IP2) or Single ip (IP) or Lookup mailservers by domain [ ... ] Aggregate reports will be sent only if there is spam: [ ] Never [ ] Hourly [X] Daily At least I believe this is the form. The subscription is several years old and I can't recall where on I did it. Anyway, I wanted to analyse the hundreds of historic reports for intelligence purposes, now. However, while doing so I stumbled over the interpretation issue that I described above. Thanks again & kind regards.
  3. I am subscribed to "SpamCop Summary Reports", which are sent by "SpamCop robot". An email looks like this: [ SpamCop Summary Report ] -- See footer for key to columns and notes about this report -- IP_Address Start/Length Trap User Mole Simp Comments RDNS Summary: Nov 7 21h/7 1 2 3 4 blocklisted [...] -- Key to Columns -- IP Address: The numeric address. Start: The first date (within the past week) that spam was reported to have originated from the IP address. Length: The duration of the incident in # of days Trap: Messages received at traps. User: Messages reported by registered users. Mole: Messages reported by registered users who prefer to remain anonymous. Simp: Simple reports - messages submitted by unregistered users. Comments: Notes reflect blocking-list status and issue-resolved status. RDNS: Reverse dns name of ip address (must pass forward and reverse) -- Summary Report Notes -- o All times are GMT, exact time of incident withheld. o Time of this report is: Wed Nov 15 13:01:51 2017 [...] How do I interpret the summary data - especially with regards to Start (Nov 7) and Length (21h/7)? Has the IP been blocklisted for 7 days and 21 hours and is it still blocklisted? During what time period occured the 1 trap hit, 2 registered user reports, 3 mole reports, and 4 simple reports? I've always wondered that. After looking into the FAQ and searching the forum, I am still a bit puzzled. Thanks & regards!