Jump to content

Snowbat

Membera
  • Content Count

    166
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Snowbat

  • Rank
    Advanced Member

Profile Information

  • Gender
    Male
  1. Both Postfix and Sendmail insert text in parentheses at that point so I doubt that it's non-compliant. SpamCop's code to identify a valid IPv4 address is clearly flawed/incomplete though.
  2. Could be. While reporting some spam to Microsoft myself, if it's hosted on Azure, I get a reply saying they've forwarded it to their CERT team for review and action but if it's a 365/Exchange Online tenant, they tell me to report it to junk@office365.microsoft.com myself. Needless to say, I don't bother. A trillion dollar tech company should be able to forward their own e-mail internally or organize their ARIN WHOIS entries to point to the correct abuse reporting mailboxes.
  3. 168.61.0.0 - 168.63.255.255 is a Microsoft netblock. Why isn't SpamCop reporting this to abuse@microsoft.com? > Using rdns to route to correct Microsoft department Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft. https://www.spamcop.net/sc?id=z6688120180z0a1b0241c33ca6804206730ae435f1fbz Tracking message source: 168.61.170.142: Routing details for 168.61.170.142 [refresh/show] Cached whois for 168.61.170.142 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 168.61.170.142 = nago8.subnovoavisos.com. (cached) abuse net nago8.subnovoavisos.com = postmaster@nago8.subnovoavisos.com, postmaster@subnovoavisos.com
  4. 52.145.0.0 - 52.191.255.255 is a Microsoft netblock. Why is SpamCop not reporting this to abuse@microsoft? https://www.spamcop.net/sc?id=z6688108903z76b3e0f67ee7620d683a17e0735c5873z Tracking message source: 52.175.53.32: Routing details for 52.175.53.32 [refresh/show] Cached whois for 52.175.53.32 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.175.53.32 = w1.subnovoavisos.com. (cached) abuse net w1.subnovoavisos.com = postmaster@w1.subnovoavisos.com, postmaster@subnovoavisos.com > Using rdns to route to correct Microsoft department Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft.
  5. 52.132.0.0 - 52.143.255.255 is a Microsoft netblock. Why is SpamCop not reporting this to abuse@microsoft? > Using rdns to route to correct Microsoft department Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft.
  6. '51.120.0.0 - 51.120.255.255' is Microsoft but Spamcop reports 51.120.93.44 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6684582776z5cbae5f333ad4fcd75bb14237027b98dz Tracking message source: 51.120.93.44: Routing details for 51.120.93.44 [refresh/show] Cached whois for 51.120.93.44 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 51.120.93.44 = apps03.assistaemcasa.org. (cached) abuse net assistaemcasa.org = postmaster@assistaemcasa.org
  7. 40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.78.83.67 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6642045732zc34f39654039de5566045cb551a1d653z Tracking message source: 40.78.83.67: Routing details for 40.78.83.67 [refresh/show] Cached whois for 40.78.83.67 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 40.78.83.67 = fim5.lotesecasasparafamilia.com. (cached) abuse net fim5.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@fim5.lotesecasasparafamilia.com
  8. 13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.76.230.92 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6641771792z5771a00ed9c2fa22af1c6b531b432316zTracking message source: 13.76.230.92: Routing details for 13.76.230.92 [refresh/show] Cached whois for 13.76.230.92 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 13.76.230.92 = dizer6.lotesecasasparafamilia.com. (cached) abuse net dizer6.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@dizer6.lotesecasasparafamilia.com Message is 5 hours old
  9. 52.224.0.0-52.255.255.255 is Microsoft but Spamcop reports 52.243.34.34 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6640814149z1c2164e3e761afd7d9d053e0ead1aef0z Tracking message source: 52.243.34.34: Routing details for 52.243.34.34 [refresh/show] Cached whois for 52.243.34.34 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.243.34.34 = id1.saudoemprimeirolugarfiqueemcasavendofilmes.com. (cached) abuse net id1.saudoemprimeirolugarfiqueemcasavendofilmes.com = postmaster@saudoemprimeirolugarfiqueemcasavendofilmes.com, postmaster@id1.saudoemprimeirolugarfiqueemcasavendofilmes.com
  10. 13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.67.72.254 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6638070882z5bc61e892de0d6008e2b49d86b5592d4z Tracking message source: 13.67.72.254: Routing details for 13.67.72.254 [refresh/show] Cached whois for 13.67.72.254 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 13.67.72.254 = toca8.familiadesucessocsgoooooo.com. (cached) abuse net toca8.familiadesucessocsgoooooo.com = postmaster@familiadesucessocsgoooooo.com, postmaster@toca8.familiadesucessocsgoooooo.com
  11. 52.132.0.0 - 52.143.255.255 is Microsoft but Spamcop reports 52.138.55.160 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6637276977z8c88d696b11a340247839b0d7a9a2c90z Tracking message source: 52.138.55.160: Routing details for 52.138.55.160 [refresh/show] Cached whois for 52.138.55.160 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.138.55.160 = user15.pj-santanderesfera.com. (cached) abuse net pj-santanderesfera.com = postmaster@pj-santanderesfera.com
  12. For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here? Two days ago, I deleted and reran mailhosts for this service but the problem persists. https://www.spamcop.net/sc?id=z6378762559z9e42c80ad962a6642989b272eaee79eaz https://www.spamcop.net/sc?id=z6378762599z963fee002594ef1c3daff0952e466158z https://www.spamcop.net/sc?id=z6378762629z8baabe40e498cbe86c2260097091518bz https://www.spamcop.net/sc?id=z6378762639ze0cd6e76c908a12c1c8ca5553f342b84z https://www.spamcop.net/sc?id=z6378762644z410c37853971273a9de5f9f27ce6f8e3z https://www.spamcop.net/sc?id=z6378762902z2657a78dda3fef60e268f0981100b651z https://www.spamcop.net/sc?id=z6378762909z6c9d303ab453ac2154f15c00a5679f5az https://www.spamcop.net/sc?id=z6378762912z9d3975fe9be4f7d1c6aae30513c8722fz https://www.spamcop.net/sc?id=z6378762954zc9ad3fff16b35c0f4944d00e3fb863eez https://www.spamcop.net/sc?id=z6378763074z9b67a7250f57077a54fbe03e9fcd595az https://www.spamcop.net/sc?id=z6378763254zb4b48a0dd4f105809f20ede6ecdbf006z https://www.spamcop.net/sc?id=z6378763258z72c3b5dd2ea8860af33f5d3c0257f0c6z https://www.spamcop.net/sc?id=z6378763636z034beb54ac57c50dbf09508daa7ff4c5z https://www.spamcop.net/sc?id=z6378763925z449957c88a851d16252cee9de803b257z https://www.spamcop.net/sc?id=z6378951357z10d1d3e42ae81a1447647881d0d9e017z https://www.spamcop.net/sc?id=z6378951360zf352675756ac2d94503af4b8d321969bz https://www.spamcop.net/sc?id=z6378951467zb021e76dd1332491d92b8e3cd39f1cf9z https://www.spamcop.net/sc?id=z6378954042zfecb1df612b2cbecfb69cb4a2e92c512z https://www.spamcop.net/sc?id=z6378954113zdae910ce6dc7784fedef7b308453eb08z https://www.spamcop.net/sc?id=z6378954169z48b59cbf560c5792d41fbb8e0f1c9410z https://www.spamcop.net/sc?id=z6378954182zdb6fafd7f501cd173eb7dbcd62f506fez https://www.spamcop.net/sc?id=z6378955431ze937e7b255a9db4c853c1f339c5663d6z https://www.spamcop.net/sc?id=z6378955479zfb1ffb94829210c5e66876da6110d418z https://www.spamcop.net/sc?id=z6378955491z6bdb65fab486e93e5de4a0fed6b35bb0z https://www.spamcop.net/sc?id=z6378955496z10f110021ce8ffc0e5c9f30a198bebd8z https://www.spamcop.net/sc?id=z6378956202z2151ed96656ef09afbfbda82b5ba09c1z https://www.spamcop.net/sc?id=z6378956209z74e287b105ff93ad043b1e0fd1f06b4dz https://www.spamcop.net/sc?id=z6378956212zea7c1ea8733cbd45235f93381821b57fz https://www.spamcop.net/sc?id=z6379246945z4d4fa92acc977540ebed5abd01c2f5a9z https://www.spamcop.net/sc?id=z6379246996z00c07466cdb9fd55076080a68ac83ac9z https://www.spamcop.net/sc?id=z6379247042zd4cb115a1c92f198d367fc41348c12c3z https://www.spamcop.net/sc?id=z6379247072zd64fb2dbb49c22a46d0154e02375d0bbz
  13. Relevant: http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/ Reports appear to be going directly to the spammers, not abuse[at]softlayer.com: https://www.spamcop.net/sc?id=z6191170532z028df85cc9922827b02277fed9187609z https://www.spamcop.net/sc?id=z6191170495z5839032c3aaa7681f719ce5870ba5c02z For some reason, SpamCop trusts the contents of the abuse-mailbox field while ignoring RIPE's % Abuse contact for $NETBLOCK is 'abuse[at]softlayer.com' at the top of the whois output.
  14. eg. https://www.spamcop.net/sc?track=189.212.118.239 Assignee uses a gmail address for contact. SpamCop tries to report to Gmail abuse. Reports should go to axtelipmaster[at]gmail.com
  15. Why are reports to Amazon being devnulled? ___ Re: 54.232.123.91 (Administrator of network where email originates) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes) ___ Re: http://ge.tt/api/1/files/8FO0iO92/0/blob?download (Administrator of network hosting website referenced in spam) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes) ___ Re: http://cl.ly/ZTua/download/NFE-7386.zip (Administrator of network hosting website referenced in spam) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes)
×