petzl Posted March 25, 2013 Share Posted March 25, 2013 http://www.spamcop.net/sc?id=z5480543770zd...ab2390bcdbdf5cz IP 46.165.219.73 It's blocked by Spamhaus DBL http://www.spamhaus.org/faq/section/Spamhaus%20DBL#271 Quote Link to comment Share on other sites More sharing options...
Farelf Posted March 25, 2013 Share Posted March 25, 2013 That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen Sorry, no reporting addresses found for 46.165.219.73. Nothing to do. before. Quote Link to comment Share on other sites More sharing options...
lisati Posted March 25, 2013 Share Posted March 25, 2013 I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names. Quote Link to comment Share on other sites More sharing options...
petzl Posted March 25, 2013 Author Share Posted March 25, 2013 I think I blinked and missed something: my understanding of Spamhaus's DBL list is that it isn't for checking IP addresses but for checking domain names. It is http://www.spamhaus.org/query/dbl?domain=hopenmail.info My guess is IP 46.165.219.5 resovles to "hopenmail.info" SpamCop email caught it but only have Spamhaus XBL and Spamhaus PBL selected? SpamAssassin didn't pick it so I assume it's combined to above I also use MailWasher free version to check configured to use extra blocklists Quote Link to comment Share on other sites More sharing options...
petzl Posted March 25, 2013 Author Share Posted March 25, 2013 (edited) That's interesting - maybe all leaseweb/netdirekt (more or less corresponding to Leaseweb Germany GmbH (previously netdirekt e. K.) on http://www.senderbase.org/)? Not feeding the SCbl database? My quick check of reporting history for some found in the SenderBase report on network owner shows a heap of "No recent reports, no history available" (except for a few with "[concealed user-defined recipient]", like 46.165.219.5) and "reports disabled" or "no master". Always thought the database was fed with any hits, regardless of reports/no reports? Never seen Sorry, no reporting addresses found for 46.165.219.73. Nothing to do. before. The domain is rgistered to Brazil don't mind if SpamCop has no reporting address I look in such cases to find my on in this case mail-abuse[at]cert.br Seems effective at removing Brazil spammers hope it's jail time Registrant ID:CR137124770 Registrant Name:R T CONSULT MK Registrant Organization:RT CONSULT Registrant Street1:Rua Sebastiao C Vaz Registrant Street2: Registrant Street3: Registrant City:Sao Paulo Registrant State/Province:Sao Paulo Registrant Postal Code:03380-190 Registrant Country:BR Registrant Phone:+55.22831889 Edited March 25, 2013 by petzl Quote Link to comment Share on other sites More sharing options...
Farelf Posted March 25, 2013 Share Posted March 25, 2013 Yep, ------------------------------------------------------------------------------------------------------------- C:\Documents and Settings\Admin>nslookup -type=ptr 46.165.219.73 8.8.8.8 Server: google-public-dns-a.google.com Address: 8.8.8.8 Non-authoritative answer: 73.219.165.46.in-addr.arpa name = mail1.hopenmail.info C:\Documents and Settings\Admin> ------------------------------------------------------------------------------------------------------------- ... and (for lisati) lookup of IP address on http://multirbl.valli.org/ includes the query of the server name on dbl.spamhaus.org automagically, like it performs the above + the below for you ------------------------------------------------------------------------------------------------------------- C:\Documents and Settings\Admin>nslookup mail1.hopenmail.info.dbl.spamhaus.org 4.2.2.2 Server: b.resolvers.Level3.net Address: 4.2.2.2 Non-authoritative answer: Name: mail1.hopenmail.info.dbl.spamhaus.org Address: 127.0.1.2 C:\Documents and Settings\Admin> ------------------------------------------------------------------------------------------------------------- But, for me, the interesting part is Sorry, no reporting addresses found for 46.165.219.73. Nothing to do. - seen in the parse referenced in the first post 84355[/snapback] Turning off reports to the ISP shouldn't mean cancellation of all other actions as well, still warrants uptick on the SCbl statistics for the IP address surely - and I haven't seen a case before where that has not happened (even for leaseweb, going back a week or two). No other reporters mentioning the "Nothing to do." result arising from no reporting address. Is it an error, is it a bug, is it just for leaseweb (or some part of leaseweb), is it a new feature (or has it been happening all along, un-noticed)? Seems (potentially) to undermine the whole rationale of reporting and the integrity of the SCbl. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.