Jump to content

Why does reporting just go to bit bin


petzl

Recommended Posts

That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

before.

Link to comment
Share on other sites

I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names.

It is

http://www.spamhaus.org/query/dbl?domain=hopenmail.info

My guess is IP 46.165.219.5 resovles to "hopenmail.info"

SpamCop email caught it but only have Spamhaus XBL and Spamhaus PBL selected?

SpamAssassin didn't pick it so I assume it's combined to above

I also use MailWasher free version to check configured to use extra blocklists

Link to comment
Share on other sites

That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

before.

The domain is rgistered to Brazil don't mind if SpamCop has no reporting address I look in such cases to find my on in this case

mail-abuse[at]cert.br

Seems effective at removing Brazil spammers hope it's jail time

Registrant ID:CR137124770

Registrant Name:R T CONSULT MK

Registrant Organization:RT CONSULT

Registrant Street1:Rua Sebastiao C Vaz

Registrant Street2:

Registrant Street3:

Registrant City:Sao Paulo

Registrant State/Province:Sao Paulo

Registrant Postal Code:03380-190

Registrant Country:BR

Registrant Phone:+55.22831889

Link to comment
Share on other sites

Yep,

-------------------------------------------------------------------------------------------------------------

C:\Documents and Settings\Admin>nslookup -type=ptr 46.165.219.73 8.8.8.8

Server: google-public-dns-a.google.com

Address: 8.8.8.8

Non-authoritative answer:

73.219.165.46.in-addr.arpa name = mail1.hopenmail.info

C:\Documents and Settings\Admin>

-------------------------------------------------------------------------------------------------------------

... and (for lisati) lookup of IP address on http://multirbl.valli.org/ includes the query of the server name on dbl.spamhaus.org automagically, like it performs the above + the below for you

-------------------------------------------------------------------------------------------------------------

C:\Documents and Settings\Admin>nslookup mail1.hopenmail.info.dbl.spamhaus.org 4.2.2.2

Server: b.resolvers.Level3.net

Address: 4.2.2.2

Non-authoritative answer:

Name: mail1.hopenmail.info.dbl.spamhaus.org

Address: 127.0.1.2

C:\Documents and Settings\Admin>

-------------------------------------------------------------------------------------------------------------

But, for me, the interesting part is

Sorry, no reporting addresses found for 46.165.219.73.

Nothing to do.

- seen in the parse referenced in the first post 84355[/snapback]

Turning off reports to the ISP shouldn't mean cancellation of all other actions as well, still warrants uptick on the SCbl statistics for the IP address surely - and I haven't seen a case before where that has not happened (even for leaseweb, going back a week or two). No other reporters mentioning the "Nothing to do." result arising from no reporting address. Is it an error, is it a bug, is it just for leaseweb (or some part of leaseweb), is it a new feature (or has it been happening all along, un-noticed)? Seems (potentially) to undermine the whole rationale of reporting and the integrity of the SCbl.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...