Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by mikeobrien

  1. Oh, actually, I already do that, but thanks for the clear documentation for others to follow - I highly recommend it. FWIW, "worldwarm.com" has now been replaced by "worldcalm.com", I think at the same address - certainly the same network (and reporting address): http://www.spamcop.net/sc?id=z3635830579zc...c9e8b39daa47c8z It's equally unresolvable by Spamcop. As you say, they're probably blocking Ironport's queries. Ironport could battle this with some work, using the spammers' own tricks: proxy their DNS queries through other networks. It'd probably result in an unacceptable slowdown on report parsing, though. Perhaps they could make it an option for batch processing only, let it trickle by in the background.
  2. Whatever. Spamcop can't resolve the hostname, my system can, hence spammers win.
  3. I don't know where the "browser experience" comment comes from: I used "dig", not a browser, in my own investigation into whether or not I could resolve the hostname locally. Oh, and FWIW, there was no delay whatsoever when waiting for Spamcop to fully parse the spam email I pasted in. It was not a DNS timeout; SC's DNS resolver was returning failure immediately.
  4. And sure enough, another spam was forthcoming: http://www.spamcop.net/sc?id=z3620302945z4...a1ab7eac167baez
  5. It isn't that they don't report, it's that SC can't even get an IP address from the name, that's what's so weird about it. I'll provide a tracking URL the next time one of their spams comes in. As I'm sure it will.
  6. I've been getting regular spam that makes it through the Spamcop filters, advertising a site called "worldwarm.com". When I report it, Spamcop is unable to resolve the hostname "worldwarm.com", so doesn't report it. I have had no problem resolving the site at any time over the past couple of weeks that the spam has been coming in. Has someone gotten smart and put up a DNS resolver that returns bogus answers to queries coming from Spamcop, or is something else going on? Not once has Spamcop been able to resolve this; not once has my own system failed to do so.
  7. Well, the actual error is "reports disabled for abuse[at]ee.net". I did try sending a few reports by hand. Whether it's a direct result would be hard to say, but I immediately saw a rise in incoming spam from ee.net - more than just bird flu stuff this time. It died out after I quit reporting manually. The stuff I sent to the abuse address did not bounce, so the address is good. ee.net does look like a legit outfit but after that I have to wonder if perhaps one or two employees are augmenting their income... Still love to know why "reports disabled".
  8. I'm getting a bunch of spam about a purported "Bird Flu Conference", advertising some conference in Washington D.C. The company involved appears to be "New Fields", whose server is in Japan(?) - ntt.net, anyway. Whenever I report it, the mail is supposed to be sent to "ee.net", but I get instead "Reporting blocked for ee.net". Can anyone give me an idea why that is, and why I shouldn't end-run this and report it manually to "abuse[at]ee.net" myself? Tracking URL for the curious: http://www.spamcop.net/sc?id=z1269771375zd...5a2b1809499f25z
  9. Thanks for the responses - my "secret" email provider - a "boutique" operation run by an old friend - was indeed doing the bouncing. He is ferociously anti-spam and had gotten some spam from iglou.com some time back, so he blocked the network. Problem now solved. Thanks for the word about using Spamcop as a final popmail destination. I may do that. I've been using Spamcop a long time (as Internet time goes!) and hadn't noticed the expanded service.
  10. A friend recently sent me two messages from his account at "iglou.com". Both were rejected with this message: Final-Recipient: rfc822;XXXXXX[at]XXXXX.net Action: failed Status: 5.0.0 (permanent failure) Diagnostic-Code: smtp; 5.1.0 - Unknown address error 571-'5.0.0 Local Policy REFUSAL: Confirmed network-wide opt-out - 001 030206' (delivery attempts: 0) Reporting-MTA: dns; c60.cesmail.net Now, this is hair-raising for two reasons. One, it's an outright rejection. What's with this? What's a "network-wide opt-out"? Second, if this is because Spamcop thinks nothing but spam comes from there, WHY IN THE HECK are they putting my FINAL mailbox, the secret one to which Spamcop forwards my mail, in the reject message??? I've replaced it with X's, here. What's going on, please?
  11. Alas, this is Sendmail I'm using, and it doesn't cotton to having its outbound SMTP server selected on a per-message basis, and unfortunately (for me) these addresses don't accept general mail for delivery. I'm working on getting an alternate SMTP server to use for all outbound mail.
  12. Well, fooey, is all I can say. I daresay you're right, and my ISP must be deleting the spams. I'll edit my submission scripts to copy myself at another address. This only recently started happening, and it didn't occur to me that Comcast might be doing this to me. In response to one respondent, I'm using FreeBSD/Sendmail/exmh/MH to submit my mail. I'm using TLS with the Comcast server, but given that they run the DNS, goodness knows where I'm actually submitting it to. The host is smtp.comcast.net, which at the moment resolves to: ;; ANSWER SECTION: smtp.comcast.net. 15M IN A smtp.comcast.net. 15M IN A smtp.comcast.net. 15M IN A smtp.comcast.net. 15M IN A
  13. As my original post makes clear, this situation doesn't fall under either of the FAQ entries: some submissions ARE getting through, but only about 10-20% of them. My maillogs show they're being accepted by my ISP's SMTP server, and no other outbound email to anybody else is disappearing. I have tried both a single message per spam, and multiple messages grouped together. The problem occurs with both.
  14. Lately, when I forward spams via email into the reporting system via the email box submit.blahblahblah[at]spam.spamcop.net, at most one or two out of six or twelve submitted spam emails will ever show up in the reporting queue. Has the mail reporting system sprung a leak? Now I'm having to cut'n'paste the emails directly into the web form. Combine that with Spamcop's inability to resolve domain names (which always resolve to that one single Chinese host anyway), forcing me to use "dig" and "whois" to find reporting addresses, and things are just about back to the bad old days of hand reporting. What's up?
  15. The parse isn't defective, Spamcop just isn't getting a response from the servers. Here's a tracking URL: http://www.spamcop.net/sc?id=z701216806z49...8becdea413dcf5z No matter how often this spam is submitted, the web server name never resolves, yet I can resolve it immediately via "dig". My guess is that the clever weenies have blocked Spamcop's addresses from their DNS, or else in the Web server, if Spamcop tries to connect to such sites to verify their existence. Turns out it doesn't make a lick of difference. It's the usual Chinese weasels, so reporting won't do a thing: % whois OrgName: Asia Pacific Network Information Centre OrgID: APNIC Address: PO Box 2131 City: Milton StateProv: QLD PostalCode: 4064 Country: AU ReferralServer: whois://whois.apnic.net NetRange: - CIDR: NetName: APNIC-CIDR-BLK NetHandle: NET-202-0-0-0-1 Parent: NetType: Allocated to APNIC NameServer: NS1.APNIC.NET NameServer: NS3.APNIC.NET NameServer: NS4.APNIC.NET NameServer: TINNIE.ARIN.NET NameServer: NS.RIPE.NET NameServer: DNS1.TELSTRA.NET Comment: This IP address range is not registered in the ARIN database. Comment: For details, refer to the APNIC Whois Database via Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry Comment: for the Asia Pacific region. APNIC does not operate networks Comment: using this IP address range and is not able to investigate Comment: spam or abuse reports relating to these addresses. For more Comment: help, refer to http://www.apnic.net/info/faq/abuse Comment: RegDate: 1994-04-05 Updated: 2004-03-30 OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3100 OrgTechEmail: search-apnic-not-arin[at]apnic.net # ARIN WHOIS database, last updated 2004-12-09 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. % [whois.apnic.net node-2] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html inetnum: - netname: CNCGROUP-HA country: CN descr: CNCGROUP Henan province network admin-c: CH455-AP tech-c: LZ33-AP status: ALLOCATED PORTABLE changed: abuse[at]cnc-noc.net 20031201 mnt-by: APNIC-HM mnt-lower: MAINT-CNCGROUP-HA changed: hm-changed[at]apnic.net 20040302 source: APNIC role: CNCGroup Hostmaster e-mail: abuse[at]cnc-noc.net address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China nic-hdl: CH455-AP phone: +86-10-82993155 fax-no: +86-10-82993102 country: CN admin-c: CH444-AP tech-c: CH444-AP changed: abuse[at]cnc-noc.net 20041119 mnt-by: MAINT-CNCGROUP source: APNIC person: Liping Zhong address: Henan Multimedia Information Bureau address: 70, Nong Ye Road address: ZhengZhou, Henan 450002 address: CN country: CN phone: +86-371-3962276 fax-no: +86-371-3962068 e-mail: antispam[at]public.zz.ha.cn nic-hdl: LZ33-AP mnt-by: MAINT-NULL changed: zhail[at]email.online.ha.cn 20001124 source: APNIC
  16. Lately I've been getting spam where Spamcop is unable to resolve the addresses of the Web sites given in the spam, though I can resolve those addresses just fine locally, via "dig". Here is one example tracking URL: http://www.spamcop.net/sc?id=z700892480za2...5db31f544a034cz I analyzed this spam twice (reporting only once) just to allow for the possibility of lag in the resolver chain. Same result both times. Perhaps Spamcop could use "stealth" resolvers which issue queries from address blocks outside the usual Spamcop range.
  • Create New...