Jump to content
Sign in to follow this  
petzl

[Resolved] When's 212.52.84.103 going to be listed

Recommended Posts

...Since you've been here a while, I think you are asking more of a rhetorical question, or asking "what is keeping this from being listed?" and that you know this but, for those who don't, the answer to the generic question of when an IP address will be listed is found in the SpamCop Forum FAQ (links to which are found near the top left of all SpamCop Forum pages) article labeled "What is on the list?" in the section labeled "SCBL Rules."

Share this post


Link to post
Share on other sites

...Since you've been here a while, I think you are asking more of a rhetorical question, or asking "what is keeping this from being listed?" and that you know this but, for those who don't, the answer to the generic question of when an IP address will be listed is found in the SpamCop Forum FAQ (links to which are found near the top left of all SpamCop Forum pages) article labeled "What is on the list?" in the section labeled "SCBL Rules."

It seems to be botnet spam that has been spewing for sometime not getting listed

Just wish to have SpamCop BL checked if working

Yes I know the supposed algorithm which once was?

Now IMO the SCBL seems to only respond to spamtraps?

Seems this Botnet is flooding confirmed email addresses showing a weakness in relying on spamtraps only

Very common now to see an IP listed without a manual report backing it up, not the other way

If you look at report history (need to log in) seems a lot of reports for it not to be listed

http://www.spamcop.net/mcgi?action=showhis...d;val=239354262

It don't appear to be a genuine email server?

Always has a forged IP 172.31.0.225 listed as injection point (indicating its an internal IP. Run by spammer?)

abuse[at]iol.it don't seem to care the only address given is hostmaster[at]iol.it

Going to website they give it as abuse[ at ]staff.libero.it

Edited by petzl

Share this post


Link to post
Share on other sites

I think we should see the IP list fairly soon.

- Don D'Hopeful - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Thanks Don

After going to their website and checking SenderScore looks like a Webmail system with a lot of compromised accounts

Share this post


Link to post
Share on other sites

A few thoughts in general ...

212.52.84.103 is outrelay03.libero.it, high volume network relay (SB magnitude ~ 4.7), fiendishly difficult to list on the basis of reports alone due to spam:ham ratio. But the spam volumes are increasing and indeed it has now made it to the SCbl (3 hours ago by the looks). In my timezone - 24 reports and counting 30 Oct - 12 reports on 29 Oct - very few before.

Hasn't made it to the CBL yet, which is the bl giving the best information about any sender-server exploits (just possibly none in this case). Needless to say if libero.it had heeded the SC reports when they first started coming in about that server, they could have nipped in the bud whatever there is using it to assail the internet. That's what the SCbl is all about, but, disappointingly, not all find it "economic" to use it like that.

Be careful judging all libero.it as a spamsource simply on the basis of pbl.spamhaus.org (and similar) listings and "POOR" reputation listings of their dynamic IP ranges. Networks (particularly those of them raddled with beancounters) seem to volunteer their dynamic addresses for DNSBL listing knowing they should not be sending direct to the internet (and, one suspects) saving them the expense of doing anything more active/proactive to control their user-abusers. The "policy" blocklists/bl zones (pbl.spamhaus.org, dul.dnsbl.sorbs.net, etc.) don't look at actual spam.

Share this post


Link to post
Share on other sites

A few thoughts in general ...

212.52.84.103 is outrelay03.libero.it, high volume network relay (SB magnitude ~ 4.7), fiendishly difficult to list on the basis of reports alone due to spam:ham ratio. But the spam volumes are increasing and indeed it has now made it to the SCbl (3 hours ago by the looks). In my timezone - 24 reports and counting 30 Oct - 12 reports on 29 Oct - very few before.

Hasn't made it to the CBL yet, which is the bl giving the best information about any sender-server exploits (just possibly none in this case). Needless to say if libero.it had heeded the SC reports when they first started coming in about that server, they could have nipped in the bud whatever there is using it to assail the internet. That's what the SCbl is all about, but, disappointingly, not all find it "economic" to use it like that.

Be careful judging all libero.it as a spamsource simply on the basis of pbl.spamhaus.org (and similar) listings and "POOR" reputation listings of their dynamic IP ranges. Networks (particularly those of them raddled with beancounters) seem to volunteer their dynamic addresses for DNSBL listing knowing they should not be sending direct to the internet (and, one suspects) saving them the expense of doing anything more active/proactive to control their user-abusers. The "policy" blocklists/bl zones (pbl.spamhaus.org, dul.dnsbl.sorbs.net, etc.) don't look at actual spam.

Went to their website appears to be a Webmail provider with no registered abuse address.

It is listed now in our SCBL

I now don't think it is a trojan. Just a too easy to sign-up to a free webmail, or accounts have been compromised senderScore have it as low (near zero) reputation and very high (spammers paradise?) volume sender

Edited by petzl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×