Reporting problems today? in SpamCop Reporting Help Posted July 8, 2012 · Edited July 8, 2012 by gnarlymarley As a paying SC customer, it's a pain. The front-end we all connect to is hosted by Akamai (EdgeSuite), so the ability to ping or connect to that is meaningless: it just means your nearest Akamai edge node is live, which should always be the case whatever is happening to Spamcop. One way or another, this attack is taking out the back end servers that do the actual analysis and DNS lookups for spam reporting. My suspicion would be the DNS side of things, unless it's a pure brute force crapflood or an old load balancer in front of the servers - although with the current codebase, junk submissions with lots of slow-resolving hostnames in might be enough to hit concurrency limits or disk thrashing. Ping is not completely a good test with the default settings. I have worked with switches that only let through 122 bytes. Ping by default is 80 bytes. The diagnosis too longer until we made the ping packet size closer to the MTU. I can say that the front-end server are responding perfect, but seem to be timing out when trying to contact the backend servers. Both the spam emails and the whois information will be stored and cached in the database. The issue could be either along the lines of the database, or also could be when it tries to go out and perform an external query such as whois or DNS from abuse.net. I believe we would see something different if this was a brute force on the Akamai servers.