nhraj700 Posted January 4, 2017 Share Posted January 4, 2017 Hello, If someone has the time, could you please look at the following links and tell me if these reports are just going to some bit bucket. For months now I have been getting spam that always links to nocix dot net. But it appears the administrator of the IP block where the sender is located is never notified because of this devnull thingy. I report everyday to UCE dot GOV, knujon and spamcop, but these keep coming. Doesn't appear to slow them down. I always look in the statistics section to see if I see others are reporting this outfit, but never have seen it reported. Thanks in advance for any enlightenment!! https://www.spamcop.net/sc?id=z6351030473z7f0e5d8f8612c0d9f263f767bbbb3ab2z https://www.spamcop.net/sc?id=z6350895292z2e1c59d04d27d3632b881846c0d8c98az https://www.spamcop.net/sc?id=z6350836906ze8b6ba64cae535dbf765ca30bf7301f2z https://www.spamcop.net/sc?id=z6350638647z7f3d0e6c790a03419b03f0bbbd324033z Link to comment Share on other sites More sharing options...
bengan Posted January 5, 2017 Share Posted January 5, 2017 9 hours ago, nhraj700 said: Hello, If someone has the time, could you please look at the following links and tell me if these reports are just going to some bit bucket. For months now I have been getting spam that always links to nocix dot net. But it appears the administrator of the IP block where the sender is located is never notified because of this devnull thingy. I report everyday to UCE dot GOV, knujon and spamcop, but these keep coming. Doesn't appear to slow them down. I always look in the statistics section to see if I see others are reporting this outfit, but never have seen it reported. Thanks in advance for any enlightenment!! https://www.spamcop.net/sc?id=z6351030473z7f0e5d8f8612c0d9f263f767bbbb3ab2z https://www.spamcop.net/sc?id=z6350895292z2e1c59d04d27d3632b881846c0d8c98az https://www.spamcop.net/sc?id=z6350836906ze8b6ba64cae535dbf765ca30bf7301f2z https://www.spamcop.net/sc?id=z6350638647z7f3d0e6c790a03419b03f0bbbd324033z Hi, The first one has a "Recieved" with an IP-number 157.5.64.20 that don't have a route in the routing table (BGP). It's also an early registration prefix. The prefix doesn't have a registration in APNIC that is responsible for the whois-db of 157.0.0.0/8. The last "Received" is an RFC-1918-address. The only "real" IP-number in the Received headers is the outlook address 216.32.180.50. If this is a real email it's Microsoft that is responsible for this weirdness. Link to comment Share on other sites More sharing options...
Lking Posted January 5, 2017 Share Posted January 5, 2017 None of the spam reported "just going to some bit bucket." Although a spam report may go to @devnull.spamcop.net the information is used to build a history for the IP address involved and whether the IP address is added to the SCBL You personally may not see your efforts "slow them down." unless you/your email ISP uses the SCBL to filter incoming email, BUT others do see the results. You get all the good Karma for your effort and "Thank You." Link to comment Share on other sites More sharing options...
nhraj700 Posted January 5, 2017 Author Share Posted January 5, 2017 2 hours ago, Lking said: "unless you/your email ISP uses the SCBL to filter incoming email" My ISP is Charter and this particular email account is Hotmail/Outlook. Does either use the SCBL? Link to comment Share on other sites More sharing options...
nhraj700 Posted January 5, 2017 Author Share Posted January 5, 2017 9 hours ago, bengan said: Hi, The first one has a "Recieved" with an IP-number 157.5.64.20 that don't have a route in the routing table (BGP). It's also an early registration prefix. The prefix doesn't have a registration in APNIC that is responsible for the whois-db of 157.0.0.0/8. The last "Received" is an RFC-1918-address. The only "real" IP-number in the Received headers is the outlook address 216.32.180.50. If this is a real email it's Microsoft that is responsible for this weirdness. Thanks for the detailed answer. I don't quite understand every aspect of this, but I take it most of it is forged IP addresses? Also it is a Microsoft account that I have. Why would Microsoft be a cause of the "weirdness"? Link to comment Share on other sites More sharing options...
Lking Posted January 5, 2017 Share Posted January 5, 2017 2 hours ago, nhraj700 said: My ISP is Charter and this particular email account is Hotmail/Outlook. Does either use the SCBL? There is no indication that they take advantage of the SCBL. A quick search here using "Outlook" you will see there have been enough issues using Outlook that it would not be logical to assume so. Do keep in mind this is a peer-to-peer forum and I like others here are just users with no "behind the certain" knowledge or access; Maybe years of experience with SpamCop and security. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.