byhtomit Posted February 1, 2008 Share Posted February 1, 2008 I came across a SpamCop report that didn't know what the abuse reporting alias should be, so I thought I would let someone here know what I believe it should be. The report URL is http://www.spamcop.net/sc?id=z1632209307zc...38ef51d882b377z. When the report parses the Ripe database, it comes up with this: Tracking message source: 80.78.18.19: Display data: "whois 80.78.18.19[at]whois.ripe.net" (Getting contact from whois.ripe.net) Lookup ei436-ripe[at]whois.ripe.net Display data: "whois ei436-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net) ei436-ripe = whois.ripe.net 80.78.18.19 (nothing found) host 80.78.18.19 = rmt19-18.constellationnetcorp.com (cached) Host rmt19-18.constellationnetcorp.com (checking ip) IP not found ; rmt19-18.constellationnetcorp.com discarded as fake. No reporting addresses found for 80.78.18.19, using devnull for tracking. When I manually check the Ripe database, I get this: inetnum: 80.78.18.16 - 80.78.18.23 netname: CNC-BEN-013-NET descr: Surfcom Technologies Network country: NG admin-c: EI436-RIPE tech-c: EI436-RIPE status: ASSIGNED PA mnt-by: OXIEPARABOLEN-MNT mnt-lower: OXIEPARABOLEN-MNT mnt-routes: OXIEPARABOLEN-MNT source: RIPE # Filtered person: Eniola Igunnu address: 14 Aimurie Avenue, GRA, Benin City, Nigeria phone: +234-8056830947 nic-hdl: EI436-RIPE mnt-by: oxieparabolen-mnt source: RIPE # Filtered % Information related to '80.78.16.0/20AS42732' route: 80.78.16.0/20 descr: Oxieparabolen AB origin: AS42732 mnt-by: oxieparabolen-mnt source: RIPE # Filtered The link of oxieparabolen-mnt displays this information: mntner: OXIEPARABOLEN-MNT descr: Oxieparabolen Net Maintainer admin-c: TJM7-RIPE auth: MD5-PW $1$VE3pEz4x$j3U4wTvC3ztU/rML4sXSS/ mnt-by: OXIEPARABOLEN-MNT referral-by: RIPE-DBM-MNT source: RIPE # Filtered person: Timothy Mahoney address: Oxieparabolen AB Virkesvägen 13 23837, Oxie Sweden abuse-mailbox: abuse[at]constellationnetcorp.com phone: +46 40 52 94 41 nic-hdl: TJM7-RIPE mnt-by: oxieparabolen-mnt source: RIPE # Filtered When I preform a tracert on the IP in question, I get this name resolution: C:\>tracert 80.78.18.19 Tracing route to rmt19-18.constellationnetcorp.com [80.78.18.19] over a maximum of 30 hops: I won't bore you with all of the tracert efforts, but needless to say it appears that abuse[at]constellationnetcorp.com should be the correct address. I sent the spam e-mail to the address and didn't get a bounce back, so it appears to be working and valid. Would it be possible to have someone update the SpamCop database to include this reporting alias? Thanks, Timothy Link to comment Share on other sites More sharing options...
Farelf Posted February 1, 2008 Share Posted February 1, 2008 ...Would it be possible to have someone update the SpamCop database to include this reporting alias?Thanks Timothy. Email sent to Deputies, pointing "here". By convention it seems such requests are best posted in the spamcop.routing newsgroup (see Newsgoups links at the top of the page) but I can't do that from my present location. Link to comment Share on other sites More sharing options...
Farelf Posted February 2, 2008 Share Posted February 2, 2008 Response received from deputies (Ellen): Doesn't look like an entity named constellationnetcorp to me based on the RIPE lookup. Looks like swip.net according to SpamHaus which has that IP listed. Swip also has at least one ROKSO listing for yambo If the person in the forums wants to write to us to discuss this, he can use one of the webforms or write to deputies[at]admin.spamcop.net Thanks Ellen SpamCop Alternative to email, a contact form can be initiated from the bottom of the page at How can I contact a SpamCop representative? I would recommend the O/P follow through on this, it is definitely worth doing since spam certainly passes through that netspace and reports to the proper admin(s) there might help choke some of it back (though if it's swip.net then the ROKSO listing makes that seem a forlorn hope - still ... worth resolving I think). Link to comment Share on other sites More sharing options...
Telarin Posted February 4, 2008 Share Posted February 4, 2008 I seem to recall being told by the deputies that the parser doesn't pull address from "maintained by" records, those have to be added as manual routes. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.