Jump to content
Sign in to follow this  
Kwyjibo

Report History of my IP address

Recommended Posts

Hi guys.

I’ve got a query that I’m hoping someone here can help me out with.

I was recently charged $50 by my ISP for allegedly sending spam from my account. They have provided no logs or any other details, but instead have provided me with 2 SpamCop reference numbers, which are 1985607600 and 1985607607. My IP address is 210.0.101.209.

I am disputing the charges with them and would like to see the details of these spam reports so that I can see for myself precisely what I am being accused of. Is it an open relay (unlikely as I'm not running a mail server), trojan/worm ( AV is up to date, running Windows defender and PC is actually a virtual machine that is restored weekly) or something else all together?

http://members.spamcop.net/mcgi?slice=repo...ion=showhistory shows that there was a report made in late October, but doesn't provide a whole lot of information. I was wondering if anyone knows if it's possible for me to get any more information than this. It's a bit hard to fix a problem if you don't know what it is.

Thanks in advance.

Edited by Kwyjibo

Share this post


Link to post
Share on other sites

2 SpamCop reference numbers, which are 1985607600 and 1985607607. My IP address is 210.0.101.209.

http://members.spamcop.net/mcgi?slice=repo...ion=showhistory shows that there was a report made in late October,

Thanks in advance.

1985607600 and 1985607607 are reports for single report in/from your link

You are best ask deputies to see if they can allow you more info

And go through my signature

Share this post


Link to post
Share on other sites

Hi guys.

I’ve got a query that I’m hoping someone here can help me out with.

I was recently charged $50 by my ISP for allegedly sending spam from my account. They have provided no logs or any other details, but instead have provided me with 2 SpamCop reference numbers, which are 1985607600 and 1985607607. My IP address is 210.0.101.209.

As a paying reporter I can see only one report. What is really wierd is that according to Senderbase that IP has NEVER been used to send mail, the 'date first mail seen from' field is empty and all the magnitudes are zero.

http://www.senderbase.org/search?searchBy=...g=210.0.101.209

Following links from that page your IP has 31 'suspected trojaned' customers (i.e. fixed IP machines that are [and probably shouldn't be] sending email) but you're not one of them. How long have you had that IP?

The one report alleged to be down to that IP is as follows:

Submitted: 26 October 2006 00:32:24 +0100:
AP ampReuters xbbBoeing

	* 1985607616 ( 210.0.101.209 ) To: spamcop[at]imaphost.com
	* 1985607607 ( 210.0.101.209 ) To: postmaster[at]nextep.com.au
	* 1985607600 ( 210.0.101.209 ) To: abuse[at]nextep.com.au 

Older Reports

Sorry I can't be of more help, but it looks like you have a good prima facie case for disputing the charges.

Edited by Derek T

Share this post


Link to post
Share on other sites

As a paying reporter I can see only one report. What is really wierd is that according to Senderbase that IP has NEVER been used to send mail, the 'date first mail seen from' field is empty and all the magnitudes are zero.

SpamCop tries to only list the computer that is the source of spam

SpamCop will only list a misconfigured email server after sending far too many reports trying to contact the ignoramus owner

It is possible one of "Kwyjibo" contacts has inadvertently sent a report?

Edited by petzl

Share this post


Link to post
Share on other sites
As a paying reporter I can see only one report. What is really wierd is that according to Senderbase that IP has NEVER been used to send mail, the 'date first mail seen from' field is empty and all the magnitudes are zero.

That's what I've been trying to tell my ISP.

They claim the charge ($25 per incident) is to cover the costs they incur in investigating the report from SpamCop, but have refused to provide the results of their supposed investigation.

My own investigation at this end has come up with a grand total of nothing, so I'd like to see what my ISP is seeing at their end.

http://www.senderbase.org/search?searchBy=...g=210.0.101.209

Following links from that page your IP has 31 'suspected trojaned' customers (i.e. fixed IP machines that are [and probably shouldn't be] sending email) but you're not one of them. How long have you had that IP?

I've had it for about 6 months - since I joined this particular ISP. Is it possible that one of these infected machines in my netblock is spoofing my IP address?

The one report alleged to be down to that IP is as follows:

Submitted: 26 October 2006 00:32:24 +0100:
AP ampReuters xbbBoeing

	* 1985607616 ( 210.0.101.209 ) To: spamcop[at]imaphost.com
	* 1985607607 ( 210.0.101.209 ) To: postmaster[at]nextep.com.au
	* 1985607600 ( 210.0.101.209 ) To: abuse[at]nextep.com.au 

Older Reports

And that's the one I'm interested in. (even though I have been charged for the same thing twice....)

Sorry I can't be of more help, but it looks like you have a good prima facie case for disputing the charges.

Thanks for the help. I've sent a message to the deputies asking for more information. (is the correct address still 'deputies at spamcop dot net' ?)

Share this post


Link to post
Share on other sites
I've had it for about 6 months - since I joined this particular ISP. Is it possible that one of these infected machines in my netblock is spoofing my IP address?

And that's the one I'm interested in. (even though I have been charged for the same thing twice....)

Thanks for the help. I've sent a message to the deputies asking for more information. (is the correct address still 'deputies at spamcop dot net' ?)

If it is possible for someone to spoof the IP then the whole SpamCop edifice comes tumbling down! It's supposed to be the only un-spoofable thing. Yes, you have the correct address for the deputies.

Share this post


Link to post
Share on other sites

If it is possible for someone to spoof the IP then the whole SpamCop edifice comes tumbling down! It's supposed to be the only un-spoofable thing. Yes, you have the correct address for the deputies.

Thanks Derek.

One further question - I understand from http://spamcop.net/fom-serve/cache/297.html that a single user report should not result in an IP address being blacklisted (which is not a concern anyway as I'm not running a server) but should a single report result in a notification email being sent to the relevant 'abuse[at]nnnnnnn' address?

Edited by Kwyjibo

Share this post


Link to post
Share on other sites
...should a single report result in a notification email being sent to the relevant 'abuse[at]nnnnnnn' address?
Yes, those notifications are the "early warning" of spam issues - they may give server admins a chance to stop spam runs before the volume tips them into the blocklist.

Share this post


Link to post
Share on other sites

Yes, those notifications are the "early warning" of spam issues - they may give server admins a chance to stop spam runs before the volume tips them into the blocklist.

Thanks.

So what that means in the case of my ISP and their policy on SpamCop reports is that if someone reports any of my messages as spam, regardless of whether it actually is spam or not, I am out of pocket $25.

Nice...... (not blaming Spamcop)

Share this post


Link to post
Share on other sites
Thanks.

So what that means in the case of my ISP and their policy on SpamCop reports is that if someone reports any of my messages as spam, regardless of whether it actually is spam or not, I am out of pocket $25.

Nice...... (not blaming Spamcop)

Yes, it seems your IP is not listed and has not been listed. There has been one report only which was sent to two Email addresses notified as receiving abuse reports. So, in effect, your ISP wants $25 per Email for receiving two identical Emails.

Seems to me you might be better off elsewhere :-)

Andrew

Edited by agsteele

Share this post


Link to post
Share on other sites
...Nice...... (not blaming Spamcop)
Their server their rules and all that but the concept of "investigation fees" seems totally mismatched to the situation, to my way of thinking. If a user breaches TOS/AUP their service should be discontinued, if they're blameless why should they pay anything? There is a breach of "natural justice" IMO.

Share this post


Link to post
Share on other sites

Thanks.

So what that means in the case of my ISP and their policy on SpamCop reports is that if someone reports any of my messages as spam, regardless of whether it actually is spam or not, I am out of pocket $25.

Nice...... (not blaming Spamcop)

Hmm.. interesting. In the UK atm there's a whole campaign going against banks charging us £25 to send a letter telling us we're overdrawn when it costs less than a pound. So far, every bank legally challenged has settled out of court. I know the A$ is languishinga bit presently but A$25 seems 'punitive' and prbably illegal if you have an Unfair Contract Terms Act in Oz.

Edit: Just Googled it: you do!

Edited by Derek T

Share this post


Link to post
Share on other sites
... A$25 seems 'punitive' and prbably illegal if you have an Unfair Contract Terms Act in Oz.

Edit: Just Googled it: you do!

Nice catch Derek! I should have thought of that - appreciation.

Kwyjibo, I guess the relevant terms are Fair trading and Consumer protection, with prime "hits" per those links or Google for more.

Share this post


Link to post
Share on other sites

Nice catch Derek! I should have thought of that - appreciation.

Kwyjibo, I guess the relevant terms are Fair trading and Consumer protection, with prime "hits" per those links or Google for more.

Thanks guys.

I've already been in contact with the TIO regarding this (as have a few others who have been hit with these charges) and if it's not resolved by them I'll be contacting the Department of Fair Trading. I was just posting here to get some more information so that when I talk to the TIO again I can explain exactly what the situation is. The ISP has been very reluctant to provide any detailed information so I have been forced to do all the leg work myself.

Thanks once again.

PS: Ijust wanted to make it clear that the ISP in question is not Nextep, as detailed in the abuse[at] email address. They are simply the wholesale provider. The ISP issuing these bills is a totally separate entity.

Edited by Kwyjibo

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×