petzl Posted March 25, 2013 Posted March 25, 2013 http://www.spamcop.net/sc?id=z5480543770zd...ab2390bcdbdf5cz IP 46.165.219.73 It's blocked by Spamhaus DBL http://www.spamhaus.org/faq/section/Spamhaus%20DBL#271
Farelf Posted March 25, 2013 Posted March 25, 2013 That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen Sorry, no reporting addresses found for 46.165.219.73. Nothing to do. before.
lisati Posted March 25, 2013 Posted March 25, 2013 I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names.
petzl Posted March 25, 2013 Author Posted March 25, 2013 I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names. It is http://www.spamhaus.org/query/dbl?domain=hopenmail.info My guess is IP 46.165.219.5 resovles to "hopenmail.info" SpamCop email caught it but only have Spamhaus XBL and Spamhaus PBL selected? SpamAssassin didn't pick it so I assume it's combined to above I also use MailWasher free version to check configured to use extra blocklists
petzl Posted March 25, 2013 Author Posted March 25, 2013 That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen Sorry, no reporting addresses found for 46.165.219.73. Nothing to do. before. The domain is rgistered to Brazil don't mind if SpamCop has no reporting address I look in such cases to find my on in this case mail-abuse[at]cert.br Seems effective at removing Brazil spammers hope it's jail time Registrant ID:CR137124770 Registrant Name:R T CONSULT MK Registrant Organization:RT CONSULT Registrant Street1:Rua Sebastiao C Vaz Registrant Street2: Registrant Street3: Registrant City:Sao Paulo Registrant State/Province:Sao Paulo Registrant Postal Code:03380-190 Registrant Country:BR Registrant Phone:+55.22831889
Farelf Posted March 25, 2013 Posted March 25, 2013 Yep, ------------------------------------------------------------------------------------------------------------- C:\Documents and Settings\Admin>nslookup -type=ptr 46.165.219.73 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: 73.219.165.46.in-addr.arpa name = mail1.hopenmail.info C:\Documents and Settings\Admin> ------------------------------------------------------------------------------------------------------------- ... and (for lisati) lookup of IP address on http://multirbl.valli.org/ includes the query of the server name on dbl.spamhaus.org automagically, like it performs the above + the below for you ------------------------------------------------------------------------------------------------------------- C:\Documents and Settings\Admin>nslookup mail1.hopenmail.info.dbl.spamhaus.org 4.2.2.2 Server: b.resolvers.Level3.net Address: 4.2.2.2 Non-authoritative answer: Name: mail1.hopenmail.info.dbl.spamhaus.org Address: 127.0.1.2 C:\Documents and Settings\Admin> ------------------------------------------------------------------------------------------------------------- But, for me, the interesting part is Sorry, no reporting addresses found for 46.165.219.73. Nothing to do. - seen in the parse referenced in the first post 84355[/snapback] Turning off reports to the ISP shouldn't mean cancellation of all other actions as well, still warrants uptick on the SCbl statistics for the IP address surely - and I haven't seen a case before where that has not happened (even for leaseweb, going back a week or two). No other reporters mentioning the "Nothing to do." result arising from no reporting address. Is it an error, is it a bug, is it just for leaseweb (or some part of leaseweb), is it a new feature (or has it been happening all along, un-noticed)? Seems (potentially) to undermine the whole rationale of reporting and the integrity of the SCbl.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.