Jump to content

parsing of headers


stb

Recommended Posts

Posted

Each time I send a piece of spam to the online form, I see that SpamCop spends a lot of time checking MY ISP. I believe this is due to the fact that it used to be called Direct Connection (www.dircon.net) and then it changed name to Netscalibur (www.netscalibur.co.uk), while still retaining "dircon" for mail servers.

Also, when SpamCop is unable to find a reporting address for the spam, it selects my ISP.

Can someone look into it?

Posted

According to a DNS lookup of netscalibur.co.uk

  • 04/24/04 09:56:14 -0500 dns netscalibur.co.uk
  • Mail for netscalibur.co.uk is handled by mx1.dircon.net, mx0.dircon.net, and mail.dircon.net

So the parser shouldn't have any problems recognizing that netscalibur email is handled by dircon servers.

Posted
Can someone look into it?

Offering up a tracking URL would help .. that would allow "us" to see what "you" see and possibly give you an exact issue to talk about. The gist of what you're suggesting is that there is more mis-configuration of your ISP's servers than just a name-change ...

Posted

Yes, thanks ... I'll agree, the parse is definitly ugly looking, but the issues that are causing it are well documented in the mess. The problem is that after going all the choking and gargling, your ISP's servers were considered 'clean' and the parser identified the hb.cn server as the source of this spam. Is it possible that you picked a wrong example to show the results your first post mentioned .. identifying your host as the source?

Posted

I think many people misunderstand the documentation used in each line and assume the parse is picking up that host as the source rather than checking what the final reports are reporting.

Things like: Possible spammer: 194.112.32.155

and: Possible relay: 194.112.32.155

Keep in mind, this is only a hunch.

Posted

In this one, there's a struggle goin gon trying to decide if the servers might be "connected", but the biggest issue are those lines that casually mention "not an MX for ...." ... thus the comparing, matching, looking, and deciding that the IPs in the chain do kind of match up ... this might be one of those that the mail-host thing would at least end up in a 'cleaner' parse, but might also result in a ton load of "you haven't registred all ....." error messages. The ISP in question needs to finish going through the config and registration of all those "new" assets.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...