Interpreting this spam report

[kca]

Greetings,

I'm trying to interpret the following spam summary report. Can anyone help? Also, how do i go about getting more detailed reports, assuming there are any

to be had.

Also, in the fact you mention an ISP account, i'm going to guess that would apply to me to since i'm the mail admin at this firm. How do i get one, or is that the same as the "For reporting-only account holders" link?

Thanks!

K

-- spam SOURCE REPORT --

IP Address Start/Duration Trap User Mole Simp Additional comments

68.21.232.136 Dec 20 06h/0 1 0 0 0

[Miss Betsy]

68.21.232.136 is no longer listed.

I haven't looked at the blocklist listings for a long time, but I understand the information is meager to prevent spammers from using it to circumvent the blocklist.

If you did not receive a report from a spamcop reporter, then either reports are going to your upstream or your spam is hitting spamcop spam traps. If it is spam trap hits, then it is likely there is a virus or automatic out of office reply or someone is sending 'bouncing' emails to forged spam From addresses.

The ISP account, I believe, is for ISPs to /report/ spam.

Did you read the Why Am I Blocked FAQ? It may list other reasons for spam trap hits.

Miss Betsy

[dra007]

However, there are some interesting comments on this IP in NANAE! Could that be related to your present problem?

[kca]

However, there are some interesting comments on this IP in NANAE! Could that be related to your present problem?

21615[/snapback]

dra007:

Yes i remember that, our first time getting BL'd. But i dont think its related. I'd love to be able to get more feedback on spam when its reported, at the very least, the headers in question so i can figure out if its some sort of autoreply, etc.

Miss Betsy:

There are options there for you to set up reporting to get reports on ip addresses. All i've received so far have been summary reports like what I first posted. I was hoping there would be a way to get more information in the reports.

Thanks to you both,

K

[Miss Betsy]

There are options there for you to set up reporting to get reports on ip addresses. All i've received so far have been summary reports like what I first posted. I was hoping there would be a way to get more information in the reports.

Again, I think the spammers have been responsible for the meager amount of information.

I would think there would be numbers or something with this report

IP Address - obvious

Start/Duration - when the first report came in and how long it will be until off list

Trap - spam hit spam trap

User - spamcop reporter sent reports to reporting addresses

Mole - no reports sent (but I think their reports of spam are weighted differently than a user's reports for addition to the bl)

Simp - ???

Additional comments - don't know what kind of comments are made

The information you want to see is in the User reports which go to an abuse address. There are a number of different reasons why it may not come directly to you.

Reporting addresses (for 68.21.232.136) :

abuse[at]ameritech.net

AFAICT, 68.21.232.136 has not been reported since Oct 9th by a 'user'.

Sometimes, people will use the spamcop rejection template even when they are not using the spamcop bl. However, it didn't seem as though you were listed in any other lists (from the ones spamcop looks up). Have you tried moenstad?

Miss Betsy

[Wazoo]

I'm trying to interpret the following spam summary report.  Can anyone help?  Also, how do i go about getting more detailed reports, assuming there are any

to be had.

Also, in the fact you mention an ISP account, i'm going to guess that would apply to me to since i'm the mail admin at this firm.  How do i get one, or is that the same as the "For reporting-only account holders" link?

At least partially answered in http://forum.spamcop.net/forums/index.php?...indpost&p=20650

The ISP account was for the ISP to "manage/handle" to complaints they'd received, offering up options on status of the situation .. leading to those complaints of seeing the "ISP has handled ..." as the spew continues .... Then there are the folks that logged-in to report spam, found out that they couldn't, and it turns out that some database bits had danced and their account had ben 'converted' to an ISP account.

Abuse.net doesn't seem to list anything for that IP, so perhaps you'd like to register an abuse address there.

[Jeff G.]

abuse.net doesn't work on IP Addresses, only on Hostnames and Domainnames. However:

12/20/04 23:40:32 Abuse address lookup for smtp.ssd.com [sanitized for the web]

whois -h whois.abuse.net smtp.ssd.com ...

helpdesk at ssd.com (for ssd.com)

abuse at ssd.com (for ssd.com)

postmaster at ssd.com (for ssd.com)

Also, please see How can I get SpamCop reports about my network?'

[kca]

abuse.net doesn't work on IP Addresses, only on Hostnames and Domainnames.  However: Also, please see How can I get SpamCop reports about my network?'

21652[/snapback]

Thanks to all that responded.

K

[Jeff G.]

Thanks to all that  responded.

21690[/snapback]

You're welcome. I hope we were able to help you resolve the situation.