Jump to content

Adding correct reporting address to reports


Recommended Posts

Sometimes SpamCop doesn't resolve or pick up the correct originating IP (i.e. X-Originating-IP: fields), so when SpamCop attempts to report the information, I add a comment in the field that reads "This report should have been sent to: xxxx[at]yyyy.zzz". Do these comments get read or reviewed at all or am I wasting my time? Is there a better way to report new IP addresses for SpamCop to send reports?

Thanks,

Timothy

Link to comment
Share on other sites

Sometimes SpamCop doesn't resolve or pick up the correct originating IP (i.e. X-Originating-IP: fields)
How do you know SpamCop isn't finding the true source of the spam?

If you have an example, please copy the "TRACKING URL" from the top of the SpamCop parse page and post it here so that we can see what SpamCop is seeing and doing.

so when SpamCop attempts to report the information, I add a comment in the field that reads "This report should have been sent to: xxxx[at]yyyy.zzz". Do these comments get read or reviewed at all or am I wasting my time?
You're wasting your time. The report goes to whoever SpamCop chose to send it to. Telling the recipient that you sent the report to the wrong place won't do any good. They won't forward it along for you or anything. Assuming they even read the comment at all.

Is there a better way to report new IP addresses for SpamCop to send reports?
If you catch SpamCop finding the wrong source IP, tell deputies[at]admin.spamcop.net about it by sending the "Tracking URL" and an explanation about how you know that the parse is wrong.

- Don D'Minion - SpamCop Admin -

.

Link to comment
Share on other sites

Sometimes SpamCop doesn't resolve or pick up the correct originating IP (i.e. X-Originating-IP: fields)
If you are assuming that X-records contain accurate data, then you may be assuming incorrectly. These are called "X" records for a reason -- they are "eXperimental," and not part of standard SMTP. In other words, they can be (and often are) forged by spammers.

In my experience, SpamCop is very accurate at determining the sources of spam -- as well as relays -- using only the properly-recognized portions of the SMTP header. It does not read X headers for this purpose (although it does write some as "memoranda" for users, analysts, etc).

If you want to report to somewhere else, you can do so outside SpamCop if you wish (although you bear the risk that the report may be wrongful). And, as Don says, if you believe that SpamCop was incorrect in tracing the message, you can take this up with the deputies.

So, I gotta go with Don on this. Let SpamCop figure out where to send the reports, if it can (and it nearly always can).

-- rick

Edited by rconner
Link to comment
Share on other sites

...I add a comment in the field that reads "This report should have been sent to: xxxx[at]yyyy.zzz". Do these comments get read or reviewed at all or am I wasting my time?
Hi Timothy. If you are asking whether the Deputies read the top-most or general note you add in the reporting form page (as distinct from the individual-recipient 'Notes for' further down the form which of course they don't see), Don has effectively answered "No," that is not what it is for. That field is apparently a shorthand way to add that note for all report recipients (and yes, that is a little difficult to work out by yourself, not helped by report "Preview" effectively wiping out the notes, as you find when you return to send the reports - last time I looked it did, anyway).
... Is there a better way to report new IP addresses for SpamCop to send reports? ...
Don has detailed the process as you will have read - e-mail the Deputies but suggests you check with an example 'here' first. They are quite particular about the nature and source/authority of 'alternative' abuse-reporting addresses (and sometimes have deliberately substituted other addresses which aren't to be found elsewhere - for various valid reasons). Most times an abuse-reporting address is right of course but 'new' blocks/reassignments occasionally do need attention and the Deputies will appreciate research on that.

As Rick says, forget about the X-Originating-IP: header fields though. When those disagree with the source SC has found your first suspicion should be that they are forged. Logically, there will be exceptions though, but not often. Unless you are an Outlook user.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...