Jump to content

Why does reporting just go to bit bin


petzl

Recommended Posts

Posted

That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

before.

Posted

I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names.

Posted

I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names.

It is

http://www.spamhaus.org/query/dbl?domain=hopenmail.info

My guess is IP 46.165.219.5 resovles to "hopenmail.info"

SpamCop email caught it but only have Spamhaus XBL and Spamhaus PBL selected?

SpamAssassin didn't pick it so I assume it's combined to above

I also use MailWasher free version to check configured to use extra blocklists

Posted

That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

before.

The domain is rgistered to Brazil don't mind if SpamCop has no reporting address I look in such cases to find my on in this case

mail-abuse[at]cert.br

Seems effective at removing Brazil spammers hope it's jail time

Registrant ID:CR137124770

Registrant Name:R T CONSULT MK

Registrant Organization:RT CONSULT

Registrant Street1:Rua Sebastiao C Vaz

Registrant Street2:

Registrant Street3:

Registrant City:Sao Paulo

Registrant State/Province:Sao Paulo

Registrant Postal Code:03380-190

Registrant Country:BR

Registrant Phone:+55.22831889

Posted

Yep,

-------------------------------------------------------------------------------------------------------------

C:\Documents and Settings\Admin>nslookup -type=ptr 46.165.219.73 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

73.219.165.46.in-addr.arpa name = mail1.hopenmail.info

C:\Documents and Settings\Admin>

-------------------------------------------------------------------------------------------------------------

... and (for lisati) lookup of IP address on http://multirbl.valli.org/ includes the query of the server name on dbl.spamhaus.org automagically, like it performs the above + the below for you

-------------------------------------------------------------------------------------------------------------

C:\Documents and Settings\Admin>nslookup mail1.hopenmail.info.dbl.spamhaus.org 4.2.2.2

Server: b.resolvers.Level3.net

Address: 4.2.2.2

Non-authoritative answer:

Name: mail1.hopenmail.info.dbl.spamhaus.org

Address: 127.0.1.2

C:\Documents and Settings\Admin>

-------------------------------------------------------------------------------------------------------------

But, for me, the interesting part is

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

- seen in the parse referenced in the first post 84355[/snapback]

Turning off reports to the ISP shouldn't mean cancellation of all other actions as well, still warrants uptick on the SCbl statistics for the IP address surely - and I haven't seen a case before where that has not happened (even for leaseweb, going back a week or two). No other reporters mentioning the "Nothing to do." result arising from no reporting address. Is it an error, is it a bug, is it just for leaseweb (or some part of leaseweb), is it a new feature (or has it been happening all along, un-noticed)? Seems (potentially) to undermine the whole rationale of reporting and the integrity of the SCbl.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...