Sign in to follow this  
Followers 0
nhraj700

Explanation of this spam and devnull!

6 posts in this topic

Hello,

If someone has the time, could you please look at the following links and tell me if these reports are just going to some bit bucket.  For months now I have been getting spam that always links to nocix dot net.  But it appears the administrator of the IP block where the sender is located is never notified because of this devnull thingy. I report everyday to UCE dot GOV, knujon and spamcop, but these keep coming.  Doesn't appear to slow them down. I always look in the statistics section to see if I see others are reporting this outfit, but never have seen it reported. 

Thanks in advance for any enlightenment!!

https://www.spamcop.net/sc?id=z6351030473z7f0e5d8f8612c0d9f263f767bbbb3ab2z

https://www.spamcop.net/sc?id=z6350895292z2e1c59d04d27d3632b881846c0d8c98az

https://www.spamcop.net/sc?id=z6350836906ze8b6ba64cae535dbf765ca30bf7301f2z

https://www.spamcop.net/sc?id=z6350638647z7f3d0e6c790a03419b03f0bbbd324033z

 

 

 

 

 

 

Share this post


Link to post
Share on other sites
9 hours ago, nhraj700 said:

Hello,

If someone has the time, could you please look at the following links and tell me if these reports are just going to some bit bucket.  For months now I have been getting spam that always links to nocix dot net.  But it appears the administrator of the IP block where the sender is located is never notified because of this devnull thingy. I report everyday to UCE dot GOV, knujon and spamcop, but these keep coming.  Doesn't appear to slow them down. I always look in the statistics section to see if I see others are reporting this outfit, but never have seen it reported. 

Thanks in advance for any enlightenment!!

https://www.spamcop.net/sc?id=z6351030473z7f0e5d8f8612c0d9f263f767bbbb3ab2z

https://www.spamcop.net/sc?id=z6350895292z2e1c59d04d27d3632b881846c0d8c98az

https://www.spamcop.net/sc?id=z6350836906ze8b6ba64cae535dbf765ca30bf7301f2z

https://www.spamcop.net/sc?id=z6350638647z7f3d0e6c790a03419b03f0bbbd324033z

 

 

 

 

 

 

Hi,

 

The first one has a "Recieved" with an IP-number 157.5.64.20 that don't have a route in the routing table (BGP). It's also an early registration prefix. The prefix doesn't have a registration in APNIC that is responsible for the whois-db of 157.0.0.0/8. The last "Received" is an RFC-1918-address. The only "real" IP-number in the Received headers is the outlook address 216.32.180.50. If this is a real email it's Microsoft that is responsible for this weirdness.

Share this post


Link to post
Share on other sites

None of the spam reported "just going to some bit bucket."  Although a spam report may go to @devnull.spamcop.net the information is used to build a history for the IP address involved and whether the IP address is added to the SCBL

You personally may not see your efforts "slow them down." unless you/your email ISP uses the SCBL to filter incoming email, BUT others do see the results.  You get all the good Karma for your effort and "Thank You."

Share this post


Link to post
Share on other sites
2 hours ago, Lking said:

"unless you/your email ISP uses the SCBL to filter incoming email"

My ISP is Charter and this particular email account is Hotmail/Outlook.  Does either use the SCBL?

Share this post


Link to post
Share on other sites
9 hours ago, bengan said:

Hi,

 

The first one has a "Recieved" with an IP-number 157.5.64.20 that don't have a route in the routing table (BGP). It's also an early registration prefix. The prefix doesn't have a registration in APNIC that is responsible for the whois-db of 157.0.0.0/8. The last "Received" is an RFC-1918-address. The only "real" IP-number in the Received headers is the outlook address 216.32.180.50. If this is a real email it's Microsoft that is responsible for this weirdness.

Thanks for the detailed answer.  I don't quite understand every aspect of this, but I take it most of it is forged IP addresses?  Also it is a Microsoft account that I have.  Why would Microsoft be a cause of the "weirdness"?

Share this post


Link to post
Share on other sites
2 hours ago, nhraj700 said:

My ISP is Charter and this particular email account is Hotmail/Outlook.  Does either use the SCBL?

There is no indication that they take advantage of the SCBL.  A quick search here using "Outlook" you will see there have been enough issues using Outlook that it would not be logical to assume so.

Do keep in mind this is a peer-to-peer forum and I like others here are just users with no "behind the certain" knowledge or access;  Maybe years of experience with SpamCop and security.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0