Jump to content
Sign in to follow this  
QuantumMechanic

Incorrect recipient recieves spam report

Recommended Posts

203.223.152.224 (gabbrands.com)

I got an email from this IP, the email was reported, and then I get a message back from jaring.my saying that this IP is nothing to do with them.

Looking at the DNS it _is_ nothing to do with them it seems.

I am guessing that the DNS was incorrect at the time of spam submission or that spamcop.net messed up somehow or is using old information.

the past reports page is the only thing I have to go on:

[moderator edit links removed at member request. Essential detail was

Hostname verified: mx02.gabnewsline.com

cisx received mail from sending system 203.223.152.231

Tracking message source: 203.223.152.231:

Routing details for 203.223.152.231

[refresh/show] Cached whois for 203.223.152.231 : network[at]aims.com.my sysadm[at]aims.com.my

Using abuse net on network[at]aims.com.my

abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my

Using best contacts postmaster[at]asianetcom.com abuse[at]mol.net.my abuse[at]gblx.net webmaster[at]asianetcom.com postmaster[at]asiaglobalcrossing.com abuse[at]jaring.my abuse[at]gblx.ad.jp postmaster[at]gblx.ad.jp postmaster[at]aims.com.my

abuse[at]mol.net.my bounces (2020 sent : 1225 bounces)

Using abuse#mol.net.my[at]devnull.spamcop.net for statistical tracking.

Reports disabled for postmaster[at]aims.com.my

Using postmaster#aims.com.my[at]devnull.spamcop.net for statistical tracking.

Message is 30 hours old

203.223.152.231 not listed in dnsbl.njabl.org

203.223.152.231 not listed in dnsbl.njabl.org

203.223.152.231 not listed in cbl.abuseat.org

203.223.152.231 not listed in dnsbl.sorbs.net

203.223.152.231 not listed in accredit.habeas.com

203.223.152.231 not listed in plus.bondedsender.org

203.223.152.231 not listed in iadb.isipp.com

Finding links in message body

Parsing text part

Resolving link obfuscation

ht tp:// mx02.gabnews line.com/index.php?l=gab_1&e=x

Host mx02.gabnewsline.com (checking ip) = 203.223.152.231

host 203.223.152.231 = mx02.gabnewsline.com (cached)

h ttp:// mx02.gabnews line.com/t/c/182/gab_1/pz123321.html

Host mx02.gabnewsline.com (checking ip) = 203.223.152.231

host 203.223.152.231 = mx02.gabnewsline.com (cached)

Tracking link: htt p:// mx02.gabnew sline.com/t/c/182/gab_1/pz123321.html

No recent reports, no history available

Resolves to 203.223.152.231

Routing details for 203.223.152.231

[refresh/show] Cached whois for 203.223.152.231 : network[at]aims.com.my sysadm[at]aims.com.my

Using abuse net on network[at]aims.com.my

abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my

Using best contacts postmaster[at]asianetcom.com abuse[at]mol.net.my abuse[at]gblx.net webmaster[at]asianetcom.com postmaster[at]asiaglobalcrossing.com abuse[at]jaring.my abuse[at]gblx.ad.jp postmaster[at]gblx.ad.jp postmaster[at]aims.com.my

abuse[at]mol.net.my bounces (2020 sent : 1225 bounces)

Using abuse#mol.net.my[at]devnull.spamcop.net for statistical tracking.

Reports disabled for postmaster[at]aims.com.my

Using postmaster#aims.com.my[at]devnull.spamcop.net for statistical tracking.

Tracking link: ht tp:// mx02.gabnews line.com/index.php?l=gab_1&e=x

No recent reports, no history available

Resolves to 203.223.152.231

Routing details for 203.223.152.231

[refresh/show] Cached whois for 203.223.152.231 : network[at]aims.com.my sysadm[at]aims.com.my

Using abuse net on network[at]aims.com.my

abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my

Using best contacts postmaster[at]asianetcom.com abuse[at]mol.net.my abuse[at]gblx.net webmaster[at]asianetcom.com postmaster[at]asiaglobalcrossing.com abuse[at]jaring.my abuse[at]gblx.ad.jp postmaster[at]gblx.ad.jp postmaster[at]aims.com.my

abuse[at]mol.net.my bounces (2020 sent : 1225 bounces)

Using abuse#mol.net.my[at]devnull.spamcop.net for statistical tracking.

Reports disabled for postmaster[at]aims.com.my

Using postmaster#aims.com.my[at]devnull.spamcop.net for statistical tracking.

Reports regarding this spam have already been sent:

Re: 203.223.152.231 (Administrator of network where email originates)

Reportid: 2125935768 To: abuse[at]gblx.net

Reportid: 2125935779 To: postmaster[at]gblx.ad.jp

Reportid: 2125935784 To: abuse[at]jaring.my

Reportid: 2125935788 To: postmaster#aims.com.my[at]devnull.spamcop.net

Reportid: 2125935797 To: webmaster[at]asianetcom.com

Reportid: 2125935798 To: postmaster[at]asiaglobalcrossing.com

Reportid: 2125935804 To: abuse[at]gblx.ad.jp

Reportid: 2125935805 To: postmaster[at]asianetcom.com

Reportid: 2125935808 To: abuse#mol.net.my[at]devnull.spamcop.net

If reported today, reports would be sent to:

Re: 203.223.152.231 (Administrator of network where email originates)

postmaster[at]gblx.ad.jp

abuse[at]gblx.ad.jp

abuse[at]jaring.my

postmaster[at]asiaglobalcrossing.com

webmaster[at]asianetcom.com

abuse#mol.net.my[at]devnull.spamcop.net

abuse[at]gblx.net

postmaster#aims.com.my[at]devnull.spamcop.net

postmaster[at]asianetcom.com

Re: h ttp:// mx02.gabnews line.com/index.php?l=gab_1&a... (Administrator of network hosting website referenced in spam)

postmaster[at]asianetcom.com

postmaster#aims.com.my[at]devnull.spamcop.net

abuse[at]gblx.net

abuse#mol.net.my[at]devnull.spamcop.net

webmaster[at]asianetcom.com

postmaster[at]asiaglobalcrossing.com

abuse[at]jaring.my

abuse[at]gblx.ad.jp

postmaster[at]gblx.ad.jp

Re: htt p:// mx02.gabnews line.com/t/c/182/gab_1/pz123... (Administrator of network hosting website referenced in spam)

(ditto)

2 links in this post removed.] Edited by Farelf

Share this post


Link to post
Share on other sites

203.223.152.224 (gabbrands.com)

I got an email from this IP, the email was reported, and then I get a message back from jaring.my saying that this IP is nothing to do with them.

Suggest you pass the jaring email on to deputies[at]admin.spamcop.net. There may be some sort of whois problem with the address range - I notice grabbrands.com has WhoisGuard Protection enabled (from SenderBase). What thet does to the resolution I have no idea but WhoIs on the IP address comes up with aims.com.my for the range 203.223.128.0 - 203.223.159.255 and abuse.net for aims.com.my gives
Look up an address in the abuse.net contact database

postmaster[at]aims.com.my (for aims.com.my)

abuse[at]mol.net.my (for aims.com.my)

abuse[at]gblx.ad.jp (for aims.com.my)

postmaster[at]gblx.ad.jp (for aims.com.my)

webmaster[at]asianetcom.com (for aims.com.my)

postmaster[at]asianetcom.com (for aims.com.my)

postmaster[at]asiaglobalcrossing.com (for aims.com.my)

abuse[at]gblx.net (for aims.com.my)

abuse[at]jaring.my (for aims.com.my)

Which is where we came in. Seems like if there is any massaging to be done it might have to be done by a Deputy.

Share this post


Link to post
Share on other sites
Thanks, I have done as you suggested.

Just "digging"

IP 203.223.152.224 is

APPLIED INFORMATION MANAGEMENT SERVICES

IP range

203.223.146.0

to

203.223.156.255

Country Malaysia

website

http://www.aims.com.my/

AIMS Customer Care

T : +603 2054 2600

Hotline: 1-300-88-HELP

e: customer.care[at]aims.com.my

Kuala Lumpur.

Ground floor, Menara Aik Hua,

Cangkat Raja Chulan,

50200 Kuala Lumpur.

T +603 2031 4988

F +603 2031 8948

e: info[at]aims.com.my

w: www.aims.com.my

Share this post


Link to post
Share on other sites

Thanks for the above petzl. The other side of the situation

...

INFO Domain A Lookup Your gabbrands.com A record is:

gabbrands.com. A 203.223.152.224 [TTL=1800]

There neems to be an unresponsive DNS at the moment which may explain some glitching in resolution using DNSStuff tools at odd times.

Share this post


Link to post
Share on other sites

Seems like if there is any massaging to be done it might have to be done by a Deputy.

Why? abuse.net is just an independent service that Spamcop relies on, but no Spamcop deputy maintains it. If there's an error in their database, it has to be fixed by abuse.net - which has obviously happened in the meantime, as it now returns the single contact address network[at]aims.com.my for aims.com.my.

Edited by iixii

Share this post


Link to post
Share on other sites

Yeah - looks just like an abuse.net c/up:

abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my

Seems like it should be: abuse net aims.com.my = sysadm[at]aims.com.my; network[at]aims.com.my; customer.care[at]aims.com.my; info[at]aims.com.my

best guess of any or all of the above....I wish more networks had an abuse reporting address (that actually worked & didn't have a spam filter on it, that is....)

Share this post


Link to post
Share on other sites
Why? abuse.net is just an independent service that Spamcop relies on, but no Spamcop deputy maintains it. If there's an error in their database, it has to be fixed by abuse.net - which has obviously happened in the meantime, as it now returns the single contact address network[at]aims.com.my for aims.com.my.
Abuse address lookups/report routing have been and continue to be over-ridden by Deputy intervention on a regular basis. I have no idea whether any of this feeds back to abuse.net but I suspect not - some/many of those interventions have nothing to do with abuse.net (though others do) - going by the occasional explanations of specific cases seen in these forums.

There is a whole SC newsgroup - spamcop.routing - which goes into "cases" where the abuse.net result is apparently incorrect and in some instances the posters say they give their evidence to abuse.net (obviating any need for the Deputies to do so in those cases). I guess in other instances these posters may comment on SC intervention which appears to need changing. I'm not sure how much notice the Deputies might take of the newsgroup these days (having seen one comment from one experienced poster there that it appeared no notice was being taken in regard to one issue).

You should go there and have a look for yourself. And be thankful there are people around like Claudio Valderrama C.

Edited by Farelf

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×