Jump to content

[Resolved] When's 212.52.84.103 going to be listed


petzl
 Share

Recommended Posts

http://www.spamcop.net/sc?id=z5422452403zd...642bd7b5d25175z

abuse[at]iol.it are asleep at the wheel

IP 212.52.84.103 has no abuse address?

the only contact address is hostmaster[at]iol.it

IP 212.52.84.103 does not appear to be a email server (run by spammer or zombie?)

Link to comment
Share on other sites

...Since you've been here a while, I think you are asking more of a rhetorical question, or asking "what is keeping this from being listed?" and that you know this but, for those who don't, the answer to the generic question of when an IP address will be listed is found in the SpamCop Forum FAQ (links to which are found near the top left of all SpamCop Forum pages) article labeled "What is on the list?" in the section labeled "SCBL Rules."

Link to comment
Share on other sites

...Since you've been here a while, I think you are asking more of a rhetorical question, or asking "what is keeping this from being listed?" and that you know this but, for those who don't, the answer to the generic question of when an IP address will be listed is found in the SpamCop Forum FAQ (links to which are found near the top left of all SpamCop Forum pages) article labeled "What is on the list?" in the section labeled "SCBL Rules."

It seems to be botnet spam that has been spewing for sometime not getting listed

Just wish to have SpamCop BL checked if working

Yes I know the supposed algorithm which once was?

Now IMO the SCBL seems to only respond to spamtraps?

Seems this Botnet is flooding confirmed email addresses showing a weakness in relying on spamtraps only

Very common now to see an IP listed without a manual report backing it up, not the other way

If you look at report history (need to log in) seems a lot of reports for it not to be listed

http://www.spamcop.net/mcgi?action=showhis...d;val=239354262

It don't appear to be a genuine email server?

Always has a forged IP 172.31.0.225 listed as injection point (indicating its an internal IP. Run by spammer?)

abuse[at]iol.it don't seem to care the only address given is hostmaster[at]iol.it

Going to website they give it as abuse[ at ]staff.libero.it

Edited by petzl
Link to comment
Share on other sites

I think we should see the IP list fairly soon.

- Don D'Hopeful - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

Thanks Don

After going to their website and checking SenderScore looks like a Webmail system with a lot of compromised accounts

Link to comment
Share on other sites

A few thoughts in general ...

212.52.84.103 is outrelay03.libero.it, high volume network relay (SB magnitude ~ 4.7), fiendishly difficult to list on the basis of reports alone due to spam:ham ratio. But the spam volumes are increasing and indeed it has now made it to the SCbl (3 hours ago by the looks). In my timezone - 24 reports and counting 30 Oct - 12 reports on 29 Oct - very few before.

Hasn't made it to the CBL yet, which is the bl giving the best information about any sender-server exploits (just possibly none in this case). Needless to say if libero.it had heeded the SC reports when they first started coming in about that server, they could have nipped in the bud whatever there is using it to assail the internet. That's what the SCbl is all about, but, disappointingly, not all find it "economic" to use it like that.

Be careful judging all libero.it as a spamsource simply on the basis of pbl.spamhaus.org (and similar) listings and "POOR" reputation listings of their dynamic IP ranges. Networks (particularly those of them raddled with beancounters) seem to volunteer their dynamic addresses for DNSBL listing knowing they should not be sending direct to the internet (and, one suspects) saving them the expense of doing anything more active/proactive to control their user-abusers. The "policy" blocklists/bl zones (pbl.spamhaus.org, dul.dnsbl.sorbs.net, etc.) don't look at actual spam.

Link to comment
Share on other sites

A few thoughts in general ...

212.52.84.103 is outrelay03.libero.it, high volume network relay (SB magnitude ~ 4.7), fiendishly difficult to list on the basis of reports alone due to spam:ham ratio. But the spam volumes are increasing and indeed it has now made it to the SCbl (3 hours ago by the looks). In my timezone - 24 reports and counting 30 Oct - 12 reports on 29 Oct - very few before.

Hasn't made it to the CBL yet, which is the bl giving the best information about any sender-server exploits (just possibly none in this case). Needless to say if libero.it had heeded the SC reports when they first started coming in about that server, they could have nipped in the bud whatever there is using it to assail the internet. That's what the SCbl is all about, but, disappointingly, not all find it "economic" to use it like that.

Be careful judging all libero.it as a spamsource simply on the basis of pbl.spamhaus.org (and similar) listings and "POOR" reputation listings of their dynamic IP ranges. Networks (particularly those of them raddled with beancounters) seem to volunteer their dynamic addresses for DNSBL listing knowing they should not be sending direct to the internet (and, one suspects) saving them the expense of doing anything more active/proactive to control their user-abusers. The "policy" blocklists/bl zones (pbl.spamhaus.org, dul.dnsbl.sorbs.net, etc.) don't look at actual spam.

Went to their website appears to be a Webmail provider with no registered abuse address.

It is listed now in our SCBL

I now don't think it is a trojan. Just a too easy to sign-up to a free webmail, or accounts have been compromised senderScore have it as low (near zero) reputation and very high (spammers paradise?) volume sender

Edited by petzl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...