Jump to content
shochatd

Spamcop ignoring whois abuse contact information

Recommended Posts

The spam with tracking URL https://www.spamcop.net/sc?id=z6246572546z9a124429f6c8f92ebdeb5a0ab269ed34z shows a frequent phenomenon which seems to me to be a failure of the Spamcop engine to see abuse contact information that is clearly visible in the output of whois. In the example above, Spamcop claims in reference to the spam source:

whois.ripe.net 194.226.26.13 (nothing found)
No reporting addresses found for 194.226.26.13, using devnull for tracking.

Yet, when I run (RIPE) whois 194.226.26.13 one of the first things in the output is this:

% Abuse contact for '194.226.26.0 - 194.226.26.255' is 'ip-box@ripn.net'

Usually, I can add the abuse contact that Spamcop is ignoring via the user notification (although in this case, it gets mysteriously stripped off). Why doesn't Spamcop see and use this information?

Share this post


Link to post
Share on other sites

It might be an issue with how SC is programmed to look the info up.  It appears to look up the IP (https://www.spamcop.net/sc?action=showcmd;cmd=whois 194.226.26.13%40whois.ripe.net) to get the contact, which it then looks up for the abuse info (https://www.spamcop.net/sc?action=showcmd;cmd=whois tf2854-ripe%40whois.ripe.net).  The abuse info is in the IP result, but not the contact result.  It appears SC is walking right past the info it needs.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×