SpamCop unknown spammer IP address

[byhtomit]

I came across a SpamCop report that didn't know what the abuse reporting alias should be, so I thought I would let someone here know what I believe it should be. The report URL is http://www.spamcop.net/sc?id=z1632209307zc...38ef51d882b377z. When the report parses the Ripe database, it comes up with this:

Tracking message source: 80.78.18.19:

Display data:

"whois 80.78.18.19[at]whois.ripe.net" (Getting contact from whois.ripe.net)

Lookup ei436-ripe[at]whois.ripe.net

Display data:

"whois ei436-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net)

ei436-ripe =

whois.ripe.net 80.78.18.19 (nothing found)

host 80.78.18.19 = rmt19-18.constellationnetcorp.com (cached)

Host rmt19-18.constellationnetcorp.com (checking ip) IP not found ; rmt19-18.constellationnetcorp.com discarded as fake.

No reporting addresses found for 80.78.18.19, using devnull for tracking.

When I manually check the Ripe database, I get this:

inetnum: 80.78.18.16 - 80.78.18.23

netname: CNC-BEN-013-NET

descr: Surfcom Technologies Network

country: NG

admin-c: EI436-RIPE

tech-c: EI436-RIPE

status: ASSIGNED PA

mnt-by: OXIEPARABOLEN-MNT

mnt-lower: OXIEPARABOLEN-MNT

mnt-routes: OXIEPARABOLEN-MNT

source: RIPE # Filtered

person: Eniola Igunnu

address: 14 Aimurie Avenue, GRA, Benin City, Nigeria

phone: +234-8056830947

nic-hdl: EI436-RIPE

mnt-by: oxieparabolen-mnt

source: RIPE # Filtered

% Information related to '80.78.16.0/20AS42732'

route: 80.78.16.0/20

descr: Oxieparabolen AB

origin: AS42732

mnt-by: oxieparabolen-mnt

source: RIPE # Filtered

The link of oxieparabolen-mnt displays this information:

mntner: OXIEPARABOLEN-MNT

descr: Oxieparabolen Net Maintainer

admin-c: TJM7-RIPE

auth: MD5-PW $1$VE3pEz4x$j3U4wTvC3ztU/rML4sXSS/

mnt-by: OXIEPARABOLEN-MNT

referral-by: RIPE-DBM-MNT

source: RIPE # Filtered

person: Timothy Mahoney

address: Oxieparabolen AB

Virkesvägen 13

23837, Oxie

Sweden

abuse-mailbox: abuse[at]constellationnetcorp.com

phone: +46 40 52 94 41

nic-hdl: TJM7-RIPE

mnt-by: oxieparabolen-mnt

source: RIPE # Filtered

When I preform a tracert on the IP in question, I get this name resolution:

C:\>tracert 80.78.18.19

Tracing route to rmt19-18.constellationnetcorp.com [80.78.18.19]

over a maximum of 30 hops:

I won't bore you with all of the tracert efforts, but needless to say it appears that abuse[at]constellationnetcorp.com should be the correct address. I sent the spam e-mail to the address and didn't get a bounce back, so it appears to be working and valid. Would it be possible to have someone update the SpamCop database to include this reporting alias?

Thanks,

Timothy

[Farelf]

...Would it be possible to have someone update the SpamCop database to include this reporting alias?

Thanks Timothy. Email sent to Deputies, pointing "here". By convention it seems such requests are best posted in the spamcop.routing newsgroup (see Newsgoups links at the top of the page) but I can't do that from my present location.

[Farelf]

Response received from deputies (Ellen):

Doesn't look like an entity named constellationnetcorp to me based on

the RIPE lookup. Looks like swip.net according to SpamHaus which has

that IP listed. Swip also has at least one ROKSO listing for yambo

If the person in the forums wants to write to us to discuss this, he can

use one of the webforms or write to deputies[at]admin.spamcop.net

Thanks

Ellen

SpamCop

Alternative to email, a contact form can be initiated from the bottom of the page at How can I contact a SpamCop representative? I would recommend the O/P follow through on this, it is definitely worth doing since spam certainly passes through that netspace and reports to the proper admin(s) there might help choke some of it back (though if it's swip.net then the ROKSO listing makes that seem a forlorn hope - still ... worth resolving I think).

[Telarin]

I seem to recall being told by the deputies that the parser doesn't pull address from "maintained by" records, those have to be added as manual routes.