Jump to content

Recommended Posts

Re: 43.250.79.183 (Administrator of network where email originates)

search-apnic-not-arin#apnic.net[at]devnull.spamcop.net

I think the problem should be self explanatory here...

Getting lots of repetitive spams from this IP and hosting their spamvertised website on the same IP. Correct contact is admin[at]koonk.com.

Spamcop should not query ARIN for any 43.x.x.x IP.

Edited by tjsynkral

Share this post


Link to post
Share on other sites

Is this forum the right place to report this issue?

Still getting bucketloads of snowshoe spam from various IPs in the 43.250 range, and none of them are going to the correct contact.

Also, the spamcop-bl is pretty worthless against this snowshoe operation.

Share this post


Link to post
Share on other sites

Is this forum the right place to report this issue?

&nbsp &nbsp&nbsp&nbsp&nbsp Yes, this is a perfectly good place. The folks (Cisco/ SpamCop) who would action it and/ or reply have been very busy the past month or two and it may be that they will continue to be busy for the foreseeable future. You could try writing to them directly at e-mail address deputies[at]admin.spamcop.net.

&nbsp &nbsp&nbsp&nbsp&nbsp Fixing the SpamCop parser so that it notifies the correct abuse address, which is what actioning your request would do, is an entirely different thing than making the SC blacklist useful for this case. And you can submit manual complaints to admin[at]koonk.com while you are waiting for the SC staff to address this so that the parser offers to send complaints to that address itself.

Share this post


Link to post
Share on other sites

I'm having the same thing for weeks now, Tjsynkral, >10/day.

The whole block 43.250.78.x is a cesspool right now, with mostly reputation poor &/or blacklisted. I've been manually reporting them as Turetzsr suggests, and sending reports to KnuJon for the spamvertised site side of things.

The seemingly ironic thing about these kind of continued "disconnects" in function is that Ironport/Cisco/Spamcop are the same company (siloed, certainly), and yet Senderbase.org polls/caches the correct contact data. I expected they'd have found a way to leverage the resources of one org to the other more successfully by now.

Share this post


Link to post
Share on other sites

<snip>

as Turetzsr suggests

<snip>

&nbsp &nbsp&nbsp&nbsp&nbsp Thanks for the acknowledgment, victory3x3. Note, though, that I prefer to be referenced by my "handle," "Steve T" (see my "sig") rather than my Forum ID. :) <g>

The seemingly ironic thing about these kind of continued "disconnects" in function is that Ironport/Cisco/Spamcop are the same company (siloed, certainly), and yet Senderbase.org polls/caches the correct contact data. I expected they'd have found a way to leverage the resources of one org to the other more successfully by now.

&nbsp &nbsp&nbsp&nbsp&nbsp That would make sense from a functionality perspective but please bear in mind when considering such apparently "ironic" "disconnects" that what might be reasonable for a web page like Senderbase.org, where a user might be willing to wait a second or two for a response, may be unacceptable for a mass process like a SpamCop parse, which needs to do each task it does in microseconds because it does huge numbers per minute for potentially hundreds or thousands of users.

Share this post


Link to post
Share on other sites

1. Does SC query APNIC at all?

2. ARIN isn't showing the APNIC "referral" (APNIC IP address contacts) that valli.org shows (bottom half of the page). 

http://multirbl.valli.org/whois-lookup/45.249.70.4.html

Is there another link on ARIN to see the APNIC referral; valli is pulling/parsing ARIN together with APNIC data somehow? The only link I've seen so far has no referral to the APNIC IP address contact.

3. Vague SC suggestion:  Query ARIN, APNIC, etc offline and build an all-inclusive offline, semi-up-to-date ARIN, APNIC, etc database and query it as one database.

Edited by SpamSpam

Share this post


Link to post
Share on other sites

45.249.70.4 I suspect is part of multitudes of world computer-network cesspools that isn't worth reporting directly to the network owner (I've done a brief lookup that leads me to believe nothing would be done; or, the computer-network owner or spam operation would do something spammy like move the spamming to another of their spamming IP addresses--snowshoe.  SC and Senderbase have the records of the network owner's IP spamminess (network reputation) that I go by and more-so trust than spammers/spam networks).  As an of-this-moment-example, the same network owner is spamming from one IP address 48 of 90 days--one day spam, two days spam...48 days spam...

Edited by SpamSpam

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×