Snowbat
-
Posts
223 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Snowbat
-
-
13.64.0.0 - 13.107.255.255 is Microsoft but SpamCop reports 13.68.154.53 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.Tracking message source: 13.68.154.53:
Routing details for 13.68.154.53
[refresh/show] Cached whois for 13.68.154.53 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 13.68.154.53 = envio.dabitoconta04.com. (cached)
abuse net envio.dabitoconta04.com = postmaster@dabitoconta04.com, postmaster@envio.dabitoconta04.comIf reported today, reports would be sent to:Re: 13.68.154.53 (Administrator of network where email originates)
postmaster@envio.dabitoconta04.com
postmaster@dabitoconta04.com -
137.116.0.0 - 137.116.255.255 is Microsoft but SpamCop reports 137.116.138.125 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6713309826zc4ee960634635eecc3aee8ec8c16b756z
Tracking message source: 137.116.138.125:Routing details for 137.116.138.125
[refresh/show] Cached whois for 137.116.138.125 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 137.116.138.125 (getting name) no name
host 137.116.138.125 = bonus14.ativandopontos-agorabonusoonline.com. (old cache)
abuse net ativandopontos-agorabonusoonline.com = postmaster@ativandopontos-agorabonusoonline.com
If reported today, reports would be sent to:Re: 137.116.138.125 (Administrator of network where email originates)
postmaster@ativandopontos-agorabonusoonline.com -
40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.83.112.59 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6710180092z696fdaf09331d4788f922556d0e571fcz
Routing details for 40.83.112.59
[refresh/show] Cached whois for 40.83.112.59 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 40.83.112.59 = descontosapp27.confiraseusdescontosepontos.com. (cached)
abuse net confiraseusdescontosepontos.com = postmaster@confiraseusdescontosepontos.comIf reported today, reports would be sent to:Re: 40.83.112.59 (Administrator of network where email originates)
postmaster@confiraseusdescontosepontos.com -
20.33.0.0 - 20.128.255.255 is Microsoft but SpamCop reports 20.90.82.75 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.Tracking message source: 20.90.82.75:
Routing details for 20.90.82.75
[refresh/show] Cached whois for 20.90.82.75 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 20.90.82.75 = descontosapp108.confiraseusdescontosepontos.com. (cached)
abuse net confiraseusdescontosepontos.com = postmaster@confiraseusdescontosepontos.comIf reported today, reports would be sent to:Re: 20.90.82.75 (Administrator of network where email originates)
postmaster@confiraseusdescontosepontos.com -
51.132.0.0 - 51.132.255.255 is Microsoft but SpamCop reports 51.132.220.203 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6693942163zc7ac658ce6e5c206330d702233efe297z
Routing details for 51.132.220.203
[refresh/show] Cached whois for 51.132.220.203 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 51.132.220.203 (getting name) no name
host 51.132.220.203 = v1v015.atrasofaturaviv0.com. (old cache)
abuse net atrasofaturaviv0.com = postmaster@atrasofaturaviv0.comIf reported today, reports would be sent to:Re: 51.132.220.203 (Administrator of IP block - statistics only)
postmaster@atrasofaturaviv0.com -
20.33.0.0 - 20.128.255.255 is Microsoft but SpamCop reports 20.73.0.72 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
Routing details for 20.73.0.72
[refresh/show] Cached whois for 20.73.0.72 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 20.73.0.72 = vi44.viv0digital.com. (cached)
abuse net viv0digital.com = postmaster@viv0digital.comIn this case, the spammer is sending "invoice reminders" purporting to be from Brazilian carrier Vivo with "download/print" link that redirects to a java scri_pt-wrapped malware download.
-
On 6/4/2020 at 5:15 AM, Tesseract said:
I'm not sure whether that Received header is RFC-compliant, but this seems problematic either way.
Both Postfix and Sendmail insert text in parentheses at that point so I doubt that it's non-compliant. SpamCop's code to identify a valid IPv4 address is clearly flawed/incomplete though.
-
Could be. While reporting some spam to Microsoft myself, if it's hosted on Azure, I get a reply saying they've forwarded it to their CERT team for review and action but if it's a 365/Exchange Online tenant, they tell me to report it to junk@office365.microsoft.com myself. Needless to say, I don't bother. A trillion dollar tech company should be able to forward their own e-mail internally or organize their ARIN WHOIS entries to point to the correct abuse reporting mailboxes.
-
168.61.0.0 - 168.63.255.255 is a Microsoft netblock. Why isn't SpamCop reporting this to abuse@microsoft.com?
> Using rdns to route to correct Microsoft department
Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft.
https://www.spamcop.net/sc?id=z6688120180z0a1b0241c33ca6804206730ae435f1fbz
Tracking message source: 168.61.170.142:Routing details for 168.61.170.142
[refresh/show] Cached whois for 168.61.170.142 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 168.61.170.142 = nago8.subnovoavisos.com. (cached)
abuse net nago8.subnovoavisos.com = postmaster@nago8.subnovoavisos.com, postmaster@subnovoavisos.com -
52.145.0.0 - 52.191.255.255 is a Microsoft netblock. Why is SpamCop not reporting this to abuse@microsoft?Tracking message source: 52.175.53.32:
Routing details for 52.175.53.32
[refresh/show] Cached whois for 52.175.53.32 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 52.175.53.32 = w1.subnovoavisos.com. (cached)
abuse net w1.subnovoavisos.com = postmaster@w1.subnovoavisos.com, postmaster@subnovoavisos.com> Using rdns to route to correct Microsoft department
Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft.
-
52.132.0.0 - 52.143.255.255 is a Microsoft netblock. Why is SpamCop not reporting this to abuse@microsoft?
> Using rdns to route to correct Microsoft department
Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft.
-
'51.120.0.0 - 51.120.255.255' is Microsoft but Spamcop reports 51.120.93.44 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6684582776z5cbae5f333ad4fcd75bb14237027b98dz
Tracking message source: 51.120.93.44:Routing details for 51.120.93.44
[refresh/show] Cached whois for 51.120.93.44 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 51.120.93.44 = apps03.assistaemcasa.org. (cached)
abuse net assistaemcasa.org = postmaster@assistaemcasa.org -
40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.78.83.67 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6642045732zc34f39654039de5566045cb551a1d653z
Tracking message source: 40.78.83.67:Routing details for 40.78.83.67
[refresh/show] Cached whois for 40.78.83.67 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 40.78.83.67 = fim5.lotesecasasparafamilia.com. (cached)
abuse net fim5.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@fim5.lotesecasasparafamilia.com -
13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.76.230.92 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6641771792z5771a00ed9c2fa22af1c6b531b432316zTracking message source: 13.76.230.92:
Routing details for 13.76.230.92
[refresh/show] Cached whois for 13.76.230.92 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 13.76.230.92 = dizer6.lotesecasasparafamilia.com. (cached)
abuse net dizer6.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@dizer6.lotesecasasparafamilia.com
Message is 5 hours old -
52.224.0.0-52.255.255.255 is Microsoft but Spamcop reports 52.243.34.34 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6640814149z1c2164e3e761afd7d9d053e0ead1aef0z
Tracking message source: 52.243.34.34:
Routing details for 52.243.34.34
[refresh/show] Cached whois for 52.243.34.34 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 52.243.34.34 = id1.saudoemprimeirolugarfiqueemcasavendofilmes.com. (cached)
abuse net id1.saudoemprimeirolugarfiqueemcasavendofilmes.com = postmaster@saudoemprimeirolugarfiqueemcasavendofilmes.com, postmaster@id1.saudoemprimeirolugarfiqueemcasavendofilmes.com -
13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.67.72.254 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6638070882z5bc61e892de0d6008e2b49d86b5592d4z
Tracking message source: 13.67.72.254:
Routing details for 13.67.72.254
[refresh/show] Cached whois for 13.67.72.254 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 13.67.72.254 = toca8.familiadesucessocsgoooooo.com. (cached)
abuse net toca8.familiadesucessocsgoooooo.com = postmaster@familiadesucessocsgoooooo.com, postmaster@toca8.familiadesucessocsgoooooo.com -
52.132.0.0 - 52.143.255.255 is Microsoft but Spamcop reports 52.138.55.160 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
https://www.spamcop.net/sc?id=z6637276977z8c88d696b11a340247839b0d7a9a2c90z
Tracking message source: 52.138.55.160:Routing details for 52.138.55.160
[refresh/show] Cached whois for 52.138.55.160 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 52.138.55.160 = user15.pj-santanderesfera.com. (cached)
abuse net pj-santanderesfera.com = postmaster@pj-santanderesfera.com -
For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here?
Two days ago, I deleted and reran mailhosts for this service but the problem persists.
https://www.spamcop.net/sc?id=z6378762559z9e42c80ad962a6642989b272eaee79eaz
https://www.spamcop.net/sc?id=z6378762599z963fee002594ef1c3daff0952e466158z
https://www.spamcop.net/sc?id=z6378762629z8baabe40e498cbe86c2260097091518bz
https://www.spamcop.net/sc?id=z6378762639ze0cd6e76c908a12c1c8ca5553f342b84z
https://www.spamcop.net/sc?id=z6378762644z410c37853971273a9de5f9f27ce6f8e3z
https://www.spamcop.net/sc?id=z6378762902z2657a78dda3fef60e268f0981100b651z
https://www.spamcop.net/sc?id=z6378762909z6c9d303ab453ac2154f15c00a5679f5az
https://www.spamcop.net/sc?id=z6378762912z9d3975fe9be4f7d1c6aae30513c8722fz
https://www.spamcop.net/sc?id=z6378762954zc9ad3fff16b35c0f4944d00e3fb863eez
https://www.spamcop.net/sc?id=z6378763074z9b67a7250f57077a54fbe03e9fcd595az
https://www.spamcop.net/sc?id=z6378763254zb4b48a0dd4f105809f20ede6ecdbf006z
https://www.spamcop.net/sc?id=z6378763258z72c3b5dd2ea8860af33f5d3c0257f0c6z
https://www.spamcop.net/sc?id=z6378763636z034beb54ac57c50dbf09508daa7ff4c5z
https://www.spamcop.net/sc?id=z6378763925z449957c88a851d16252cee9de803b257z
https://www.spamcop.net/sc?id=z6378951357z10d1d3e42ae81a1447647881d0d9e017z
https://www.spamcop.net/sc?id=z6378951360zf352675756ac2d94503af4b8d321969bz
https://www.spamcop.net/sc?id=z6378951467zb021e76dd1332491d92b8e3cd39f1cf9z
https://www.spamcop.net/sc?id=z6378954042zfecb1df612b2cbecfb69cb4a2e92c512z
https://www.spamcop.net/sc?id=z6378954113zdae910ce6dc7784fedef7b308453eb08z
https://www.spamcop.net/sc?id=z6378954169z48b59cbf560c5792d41fbb8e0f1c9410z
https://www.spamcop.net/sc?id=z6378954182zdb6fafd7f501cd173eb7dbcd62f506fez
https://www.spamcop.net/sc?id=z6378955431ze937e7b255a9db4c853c1f339c5663d6z
https://www.spamcop.net/sc?id=z6378955479zfb1ffb94829210c5e66876da6110d418z
https://www.spamcop.net/sc?id=z6378955491z6bdb65fab486e93e5de4a0fed6b35bb0z
https://www.spamcop.net/sc?id=z6378955496z10f110021ce8ffc0e5c9f30a198bebd8z
https://www.spamcop.net/sc?id=z6378956202z2151ed96656ef09afbfbda82b5ba09c1z
https://www.spamcop.net/sc?id=z6378956209z74e287b105ff93ad043b1e0fd1f06b4dz
https://www.spamcop.net/sc?id=z6378956212zea7c1ea8733cbd45235f93381821b57fz
https://www.spamcop.net/sc?id=z6379246945z4d4fa92acc977540ebed5abd01c2f5a9z
https://www.spamcop.net/sc?id=z6379246996z00c07466cdb9fd55076080a68ac83ac9z
https://www.spamcop.net/sc?id=z6379247042zd4cb115a1c92f198d367fc41348c12c3z
https://www.spamcop.net/sc?id=z6379247072zd64fb2dbb49c22a46d0154e02375d0bbz
13.68.154.53 - "Using rdns to route to correct Microsoft department" but reports go to spammer
in Routing / Report Address Issues
Posted
Even at reporting time, the cached address was abuse@microsoft.com. The problem is whatever SpamCop is trying to do at the "Using rdns to route to correct Microsoft department" stage.