luk3

Members
  • Content count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About luk3

  • Rank
    Newbie
  1. Yep sort of. I created a spamcop.net account in 2013 with a private gmail email address. After that, I subscribed to daily reports via email for several networks and email service providers, which you can set up under the "preference" tab: https://www.spamcop.net/mcgi?action=showispprefs. Each email lists spam sources (trap hits or user complaints) for the networks. E.g. report email #1 on maybe 14 November: 205.201.130.123 Nov 7 21h/7 1 2 3 4 mail123.wdc02.mwdlv.net. blocklisted Another report email two days later: 205.201.130.123 Nov 7 13h/9 1 0 2 1 mail123.wdc02.mwdlv.net. blocklisted To read the reports properly, I assume that you can order by report date. then group by ip and starting date (= incident id), cumulate the trap hits and complaints per id, use the last entry per id, and use period between startdate (Nov 7) and last duration (+9 days and 13 hours) as the timespan during which SpamCop registers an IP address as a potential spam source. I then take the sum of IPs per day as an indicator for the spamminess of the network over time. I dunno if this approach is valid (apart from varying number of IPs over time). And I also noted that IPs sometimes seem to be blocklisted due to trap hits, sometimes not. As I found no further documentation, I thought the forum can maybe shed some light on it.
  2. Thanks @lisati and @Lking for your prompt response & sorry that I did not express myself very well. I guess the reporting date was misleading. My question is not about a new blocklisting issue that has to be solved. Instead, it is about how to read the email reports, which you can subscribe to at https://www.spamcop.net/mcgi?action=reqroute: Request Aggregate Reports Please specify which IP(IPv4: dotted quad, IPv6: colon-separated hex) ranges you would like to receive reports about; enter ranges as one of the following: CIDR (IP/mask) or Range (IP1 - IP2) or Single ip (IP) or Lookup mailservers by domain [205.201.1.1 ... ] Aggregate reports will be sent only if there is spam: [ ] Never [ ] Hourly [X] Daily At least I believe this is the form. The subscription is several years old and I can't recall where on spamcop.net I did it. Anyway, I wanted to analyse the hundreds of historic reports for intelligence purposes, now. However, while doing so I stumbled over the interpretation issue that I described above. Thanks again & kind regards.
  3. I am subscribed to "SpamCop Summary Reports", which are sent by "SpamCop robot". An email looks like this: [ SpamCop Summary Report ] -- See footer for key to columns and notes about this report -- IP_Address Start/Length Trap User Mole Simp Comments RDNS Summary: 205.201.130.123 Nov 7 21h/7 1 2 3 4 mail123.wdc02.mwdlv.net. blocklisted [...] -- Key to Columns -- IP Address: The numeric address. Start: The first date (within the past week) that spam was reported to have originated from the IP address. Length: The duration of the incident in # of days Trap: Messages received at traps. User: Messages reported by registered users. Mole: Messages reported by registered users who prefer to remain anonymous. Simp: Simple reports - messages submitted by unregistered users. Comments: Notes reflect blocking-list status and issue-resolved status. RDNS: Reverse dns name of ip address (must pass forward and reverse) -- Summary Report Notes -- o All times are GMT, exact time of incident withheld. o Time of this report is: Wed Nov 15 13:01:51 2017 [...] How do I interpret the summary data - especially with regards to Start (Nov 7) and Length (21h/7)? Has the IP been blocklisted for 7 days and 21 hours and is it still blocklisted? During what time period occured the 1 trap hit, 2 registered user reports, 3 mole reports, and 4 simple reports? I've always wondered that. After looking into the FAQ and searching the forum, I am still a bit puzzled. Thanks & regards!