Jump to content

Report History of my IP address


Kwyjibo

Recommended Posts

Hi guys.

I’ve got a query that I’m hoping someone here can help me out with.

I was recently charged $50 by my ISP for allegedly sending spam from my account. They have provided no logs or any other details, but instead have provided me with 2 SpamCop reference numbers, which are 1985607600 and 1985607607. My IP address is 210.0.101.209.

I am disputing the charges with them and would like to see the details of these spam reports so that I can see for myself precisely what I am being accused of. Is it an open relay (unlikely as I'm not running a mail server), trojan/worm ( AV is up to date, running Windows defender and PC is actually a virtual machine that is restored weekly) or something else all together?

http://members.spamcop.net/mcgi?slice=repo...ion=showhistory shows that there was a report made in late October, but doesn't provide a whole lot of information. I was wondering if anyone knows if it's possible for me to get any more information than this. It's a bit hard to fix a problem if you don't know what it is.

Thanks in advance.

Link to comment
Share on other sites

2 SpamCop reference numbers, which are 1985607600 and 1985607607. My IP address is 210.0.101.209.

http://members.spamcop.net/mcgi?slice=repo...ion=showhistory shows that there was a report made in late October,

Thanks in advance.

1985607600 and 1985607607 are reports for single report in/from your link

You are best ask deputies to see if they can allow you more info

And go through my signature

Link to comment
Share on other sites

Hi guys.

I’ve got a query that I’m hoping someone here can help me out with.

I was recently charged $50 by my ISP for allegedly sending spam from my account. They have provided no logs or any other details, but instead have provided me with 2 SpamCop reference numbers, which are 1985607600 and 1985607607. My IP address is 210.0.101.209.

As a paying reporter I can see only one report. What is really wierd is that according to Senderbase that IP has NEVER been used to send mail, the 'date first mail seen from' field is empty and all the magnitudes are zero.

http://www.senderbase.org/search?searchBy=...g=210.0.101.209

Following links from that page your IP has 31 'suspected trojaned' customers (i.e. fixed IP machines that are [and probably shouldn't be] sending email) but you're not one of them. How long have you had that IP?

The one report alleged to be down to that IP is as follows:

Submitted: 26 October 2006 00:32:24 +0100:
AP ampReuters xbbBoeing

	* 1985607616 ( 210.0.101.209 ) To: spamcop[at]imaphost.com
	* 1985607607 ( 210.0.101.209 ) To: postmaster[at]nextep.com.au
	* 1985607600 ( 210.0.101.209 ) To: abuse[at]nextep.com.au 

Older Reports

Sorry I can't be of more help, but it looks like you have a good prima facie case for disputing the charges.

Link to comment
Share on other sites

As a paying reporter I can see only one report. What is really wierd is that according to Senderbase that IP has NEVER been used to send mail, the 'date first mail seen from' field is empty and all the magnitudes are zero.

SpamCop tries to only list the computer that is the source of spam

SpamCop will only list a misconfigured email server after sending far too many reports trying to contact the ignoramus owner

It is possible one of "Kwyjibo" contacts has inadvertently sent a report?

Link to comment
Share on other sites

As a paying reporter I can see only one report. What is really wierd is that according to Senderbase that IP has NEVER been used to send mail, the 'date first mail seen from' field is empty and all the magnitudes are zero.

That's what I've been trying to tell my ISP.

They claim the charge ($25 per incident) is to cover the costs they incur in investigating the report from SpamCop, but have refused to provide the results of their supposed investigation.

My own investigation at this end has come up with a grand total of nothing, so I'd like to see what my ISP is seeing at their end.

http://www.senderbase.org/search?searchBy=...g=210.0.101.209

Following links from that page your IP has 31 'suspected trojaned' customers (i.e. fixed IP machines that are [and probably shouldn't be] sending email) but you're not one of them. How long have you had that IP?

I've had it for about 6 months - since I joined this particular ISP. Is it possible that one of these infected machines in my netblock is spoofing my IP address?

The one report alleged to be down to that IP is as follows:

Submitted: 26 October 2006 00:32:24 +0100:
AP ampReuters xbbBoeing

	* 1985607616 ( 210.0.101.209 ) To: spamcop[at]imaphost.com
	* 1985607607 ( 210.0.101.209 ) To: postmaster[at]nextep.com.au
	* 1985607600 ( 210.0.101.209 ) To: abuse[at]nextep.com.au 

Older Reports

And that's the one I'm interested in. (even though I have been charged for the same thing twice....)

Sorry I can't be of more help, but it looks like you have a good prima facie case for disputing the charges.

Thanks for the help. I've sent a message to the deputies asking for more information. (is the correct address still 'deputies at spamcop dot net' ?)

Link to comment
Share on other sites

I've had it for about 6 months - since I joined this particular ISP. Is it possible that one of these infected machines in my netblock is spoofing my IP address?

And that's the one I'm interested in. (even though I have been charged for the same thing twice....)

Thanks for the help. I've sent a message to the deputies asking for more information. (is the correct address still 'deputies at spamcop dot net' ?)

If it is possible for someone to spoof the IP then the whole SpamCop edifice comes tumbling down! It's supposed to be the only un-spoofable thing. Yes, you have the correct address for the deputies.

Link to comment
Share on other sites

If it is possible for someone to spoof the IP then the whole SpamCop edifice comes tumbling down! It's supposed to be the only un-spoofable thing. Yes, you have the correct address for the deputies.

Thanks Derek.

One further question - I understand from http://spamcop.net/fom-serve/cache/297.html that a single user report should not result in an IP address being blacklisted (which is not a concern anyway as I'm not running a server) but should a single report result in a notification email being sent to the relevant 'abuse[at]nnnnnnn' address?

Link to comment
Share on other sites

...should a single report result in a notification email being sent to the relevant 'abuse[at]nnnnnnn' address?
Yes, those notifications are the "early warning" of spam issues - they may give server admins a chance to stop spam runs before the volume tips them into the blocklist.
Link to comment
Share on other sites

Yes, those notifications are the "early warning" of spam issues - they may give server admins a chance to stop spam runs before the volume tips them into the blocklist.

Thanks.

So what that means in the case of my ISP and their policy on SpamCop reports is that if someone reports any of my messages as spam, regardless of whether it actually is spam or not, I am out of pocket $25.

Nice...... (not blaming Spamcop)

Link to comment
Share on other sites

Thanks.

So what that means in the case of my ISP and their policy on SpamCop reports is that if someone reports any of my messages as spam, regardless of whether it actually is spam or not, I am out of pocket $25.

Nice...... (not blaming Spamcop)

Yes, it seems your IP is not listed and has not been listed. There has been one report only which was sent to two Email addresses notified as receiving abuse reports. So, in effect, your ISP wants $25 per Email for receiving two identical Emails.

Seems to me you might be better off elsewhere :-)

Andrew

Link to comment
Share on other sites

...Nice...... (not blaming Spamcop)
Their server their rules and all that but the concept of "investigation fees" seems totally mismatched to the situation, to my way of thinking. If a user breaches TOS/AUP their service should be discontinued, if they're blameless why should they pay anything? There is a breach of "natural justice" IMO.
Link to comment
Share on other sites

Thanks.

So what that means in the case of my ISP and their policy on SpamCop reports is that if someone reports any of my messages as spam, regardless of whether it actually is spam or not, I am out of pocket $25.

Nice...... (not blaming Spamcop)

Hmm.. interesting. In the UK atm there's a whole campaign going against banks charging us £25 to send a letter telling us we're overdrawn when it costs less than a pound. So far, every bank legally challenged has settled out of court. I know the A$ is languishinga bit presently but A$25 seems 'punitive' and prbably illegal if you have an Unfair Contract Terms Act in Oz.

Edit: Just Googled it: you do!

Link to comment
Share on other sites

Nice catch Derek! I should have thought of that - appreciation.

Kwyjibo, I guess the relevant terms are Fair trading and Consumer protection, with prime "hits" per those links or Google for more.

Thanks guys.

I've already been in contact with the TIO regarding this (as have a few others who have been hit with these charges) and if it's not resolved by them I'll be contacting the Department of Fair Trading. I was just posting here to get some more information so that when I talk to the TIO again I can explain exactly what the situation is. The ISP has been very reluctant to provide any detailed information so I have been forced to do all the leg work myself.

Thanks once again.

PS: Ijust wanted to make it clear that the ISP in question is not Nextep, as detailed in the abuse[at] email address. They are simply the wholesale provider. The ISP issuing these bills is a totally separate entity.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...