mslw Posted March 29, 2012 Posted March 29, 2012 Twice today SC has suggested sending email to postmaster[at] and well as abuse[at] for a domain, e.g. Using abuse net on abuse[at]lumison.net abuse net lumison.net = abuse[at]lumison.net, postmaster[at]lumison.net Using best contacts abuse[at]lumison.net postmaster[at]lumison.net Using abuse net on abuse[at]vexxhost.com abuse net vexxhost.com = abuse[at]vexxhost.com, postmaster[at]vexxhost.com, noc[at]vexxhost.com Using best contacts abuse[at]vexxhost.com postmaster[at]vexxhost.com noc[at]vexxhost.com However, abuse.net doesn't list postmaster for either of these domains. Is SC adding postmaster or is there some other reason? I don't want to bother postmaster with reports if they have taken the trouble to register with abuse.net.
Lking Posted March 29, 2012 Posted March 29, 2012 I don't want to bother postmaster with reports if they have taken the trouble to register with abuse.net. They are your reports. Of course you can un-check the box next to any report you do not want to send. As noted at the bottom of the reporting screen ATTENTION: Report only those e-mail addresses and web sites that you think your spammer has used. Avoid checking any boxes left empty unless you know that your spammer has used the addresses or sites thus identified. Each false report that you submit means wasted time for a network administrator, so take care. The last thing SpamCop wants are network administrators so accustomed to false claims that they no longer take these spam reports seriously.
JoeColorado Posted March 29, 2012 Posted March 29, 2012 Hi, I don't speak for abuse.net, but I do believe I understand the situation. 0. There four ways to query abuse.net: a. The web interface: http://abuse.net/ b. Doing a whois with whois.abuse.net as the whois server, e.g., whois domainname.tld whois.abuse.net c. DNS lookup d. For heavy users, a mirror of the underlying database (presumably, spamcop.net uses this method). These methods are all documented at http://abuse.net/using.phtml 1. It used to be that abuse.net returned postmaster[at]domain.tld when you queried a domain that did not have an entry in the abuse.net database. E.g., whois unknowndomain.tld whois.abuse.net postmaster[at]unknowndomain.tld (default, no info) 2. Sometime in the past year or so, abuse.net began (sensibly) returning abuse[at] as the default contact for unknown entries: whois unknowndomain.tld whois.abuse.net abuse[at]unknowndomain.tld (default, no info) 3. In addition, there are (essentially) two conditions under which entries are added to abuse.net: a. When a trusted source (e.g., the owner of a domain) submits network abuse contacts, that DB record include only those entries submitted by that source. E.g., a trusted source submitted the network abuse contact information for CNN.com whois cnn.com whois.abuse.net abuse[at]cnn.com (for cnn.com) b. When other than a trusted source submits submitted network abuse contacts, it used to be (I'm not sure this is still true) that DB record added postmaster[at]domain.tld to those entries submitted by that source. This means that postmaster[at] would be returned on a query. c. Since the change of the default from postmaster[at] to abuse[at] what is returned by the first two methods described has some subtle differences. E.g., 1) http://abuse.net/lookup.phtml?domain=vexxhost.com abuse[at]vexxhost.com (for vexxhost.com) abuse[at]vexxhost.com (for vexxhost.com) noc[at]vexxhost.com (for vexxhost.com) 2) whois vexxhost.com whois.abuse.net abuse[at]vexxhost.com (for vexxhost.com) noc[at]vexxhost.com (for vexxhost.com) You can see that the underlying DB contains postmaster[at]vexxhost.com, but the web interface translates the postmaster[at] entry to abuse[at] while the whois entry eliminates one of the two abuse[at] entries as a duplicate. However, the fourth method still reflects the postmaster[at] entry added to reflect that a non-trusted source provided the vexxhost.com entry. I hope this explains things well. Cheers, ____ Footnote: if you are using Windows, a whois tool is available at: http://technet.microsoft.com/en-us/sysinternals/bb897435
mslw Posted March 29, 2012 Author Posted March 29, 2012 Thanks for the detailed reply Joe. I was comparing SC with the command line whois, which is why postmaster appeared to be missing. Perhaps SC should translate postmaster[at] to abuse[at] like other abuse.net lookups do?
petzl Posted March 30, 2012 Posted March 30, 2012 Twice today SC has suggested sending email to postmaster[at] and well as abuse[at] for a domain, e.g. However, abuse.net doesn't list postmaster for either of these domains. Is SC adding postmaster or is there some other reason? I don't want to bother postmaster with reports if they have taken the trouble to register with abuse.net. AFAIK SpamCop gets it's abuse address from a number of sources, abuse.net is not the official source for an abuse address. There is ripe.net and apnic.net. abuse.net is a "johnny come lately" which spamcop also checks. all abuse addresses should be postmaster[at] "joe-jobs". spammers often make these addresses unworkable SpamCop often has "personalized" abuse addresses set-up by "abuse-desks and administrators" Abuse.net is/was the easiest for abuse-desks and administrators to register with, while ripe.net and apnic.net were complicated particularly with non-English speaking to formally register with
SpamCopAdmin Posted April 1, 2012 Posted April 1, 2012 If you have a TRACKING URL that shows this problem, I would like to see it. Thanks! - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net -
mslw Posted April 2, 2012 Author Posted April 2, 2012 Here is the vexxhost.com one: http://www.spamcop.net/sc?track=http%3A%2F...contract.com%2F
Recommended Posts
Archived
This topic is now archived and is closed to further replies.