Jump to content
Sign in to follow this  
petzl

Why does reporting just go to bit bin

Recommended Posts

That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

before.

Share this post


Link to post
Share on other sites

I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names.

Share this post


Link to post
Share on other sites

I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names.

It is

http://www.spamhaus.org/query/dbl?domain=hopenmail.info

My guess is IP 46.165.219.5 resovles to "hopenmail.info"

SpamCop email caught it but only have Spamhaus XBL and Spamhaus PBL selected?

SpamAssassin didn't pick it so I assume it's combined to above

I also use MailWasher free version to check configured to use extra blocklists

Share this post


Link to post
Share on other sites

That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

before.

The domain is rgistered to Brazil don't mind if SpamCop has no reporting address I look in such cases to find my on in this case

mail-abuse[at]cert.br

Seems effective at removing Brazil spammers hope it's jail time

Registrant ID:CR137124770

Registrant Name:R T CONSULT MK

Registrant Organization:RT CONSULT

Registrant Street1:Rua Sebastiao C Vaz

Registrant Street2:

Registrant Street3:

Registrant City:Sao Paulo

Registrant State/Province:Sao Paulo

Registrant Postal Code:03380-190

Registrant Country:BR

Registrant Phone:+55.22831889

Edited by petzl

Share this post


Link to post
Share on other sites

Yep,

-------------------------------------------------------------------------------------------------------------

C:\Documents and Settings\Admin>nslookup -type=ptr 46.165.219.73 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

73.219.165.46.in-addr.arpa name = mail1.hopenmail.info

C:\Documents and Settings\Admin>

-------------------------------------------------------------------------------------------------------------

... and (for lisati) lookup of IP address on http://multirbl.valli.org/ includes the query of the server name on dbl.spamhaus.org automagically, like it performs the above + the below for you

-------------------------------------------------------------------------------------------------------------

C:\Documents and Settings\Admin>nslookup mail1.hopenmail.info.dbl.spamhaus.org 4.2.2.2

Server: b.resolvers.Level3.net

Address: 4.2.2.2

Non-authoritative answer:

Name: mail1.hopenmail.info.dbl.spamhaus.org

Address: 127.0.1.2

C:\Documents and Settings\Admin>

-------------------------------------------------------------------------------------------------------------

But, for me, the interesting part is

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

- seen in the parse referenced in the first post 84355[/snapback]

Turning off reports to the ISP shouldn't mean cancellation of all other actions as well, still warrants uptick on the SCbl statistics for the IP address surely - and I haven't seen a case before where that has not happened (even for leaseweb, going back a week or two). No other reporters mentioning the "Nothing to do." result arising from no reporting address. Is it an error, is it a bug, is it just for leaseweb (or some part of leaseweb), is it a new feature (or has it been happening all along, un-noticed)? Seems (potentially) to undermine the whole rationale of reporting and the integrity of the SCbl.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×