stb Posted April 24, 2004 Posted April 24, 2004 Each time I send a piece of spam to the online form, I see that SpamCop spends a lot of time checking MY ISP. I believe this is due to the fact that it used to be called Direct Connection (www.dircon.net) and then it changed name to Netscalibur (www.netscalibur.co.uk), while still retaining "dircon" for mail servers. Also, when SpamCop is unable to find a reporting address for the spam, it selects my ISP. Can someone look into it?
Spambo Posted April 24, 2004 Posted April 24, 2004 According to a DNS lookup of netscalibur.co.uk 04/24/04 09:56:14 -0500 dns netscalibur.co.uk Mail for netscalibur.co.uk is handled by mx1.dircon.net, mx0.dircon.net, and mail.dircon.net So the parser shouldn't have any problems recognizing that netscalibur email is handled by dircon servers.
Wazoo Posted April 24, 2004 Posted April 24, 2004 Can someone look into it? Offering up a tracking URL would help .. that would allow "us" to see what "you" see and possibly give you an exact issue to talk about. The gist of what you're suggesting is that there is more mis-configuration of your ISP's servers than just a name-change ...
stb Posted April 25, 2004 Author Posted April 25, 2004 http://www.spamcop.net/sc?id=z441569828z7d...5de98f11dfdf39z Would this URL help YOU to see what I see?
Wazoo Posted April 25, 2004 Posted April 25, 2004 Yes, thanks ... I'll agree, the parse is definitly ugly looking, but the issues that are causing it are well documented in the mess. The problem is that after going all the choking and gargling, your ISP's servers were considered 'clean' and the parser identified the hb.cn server as the source of this spam. Is it possible that you picked a wrong example to show the results your first post mentioned .. identifying your host as the source?
StevenUnderwood Posted April 25, 2004 Posted April 25, 2004 I think many people misunderstand the documentation used in each line and assume the parse is picking up that host as the source rather than checking what the final reports are reporting. Things like: Possible spammer: 194.112.32.155 and: Possible relay: 194.112.32.155 Keep in mind, this is only a hunch.
Wazoo Posted April 25, 2004 Posted April 25, 2004 In this one, there's a struggle goin gon trying to decide if the servers might be "connected", but the biggest issue are those lines that casually mention "not an MX for ...." ... thus the comparing, matching, looking, and deciding that the IPs in the chain do kind of match up ... this might be one of those that the mail-host thing would at least end up in a 'cleaner' parse, but might also result in a ton load of "you haven't registred all ....." error messages. The ISP in question needs to finish going through the config and registration of all those "new" assets.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.