Jump to content

abuse email silently getting bounced


Bert
 Share

Recommended Posts

The following spam is typical of what I get quite a lot:

http://www.spamcop.net/sc?id=z5556112578zb...b6da4e96313b7dz

I've been reporting it through spamcop for ages, but when I happened to report it manually to the same email address, I got a bounce back:

abuse[at]orangebusiness.com

Unrouteable address

It turns out that the proper abuse address is abuse[at]orange-business.com (mind the dash), clearly visible in the "abuse-mailbox" field of the whois for the hosting website's /16.

So, spamcop has been silently swallowing these bounces for who knows how long. I wonder:

- Where did spamcop even get this wrong email address? Is whois ever checked, once an abuse email is in the system?

- How in hell are abuse emails bouncing back to spamcop, and nothing is done about it at all?

Link to comment
Share on other sites

Fixed!

Thanks for the quick fix of that entry.

Could you please also answer my questions? How did that bad entry get in there, and how come it didn't get flushed out by current whois records?

And why not send abuse bounces back to the reporter, if the spamcop system is going to throw them away anyway? It would have been good to know earlier about this, instead of wasting my time sending spam reports into the bitbucket :(

Link to comment
Share on other sites

And why not send abuse bounces back to the reporter, if the spamcop system is going to throw them away anyway? It would have been good to know earlier about this, instead of wasting my time sending spam reports into the bitbucket :(

JMHO but it seems to me that it depends on the objective if your time was wasted. The primary objective, if I understand correctly, is to build a dynamic blacklist, which all of your submissions have contributed to keeping current.

After that as a courtesy a report of the spam is sent to the source to give them a heads up on a situation they may not be aware of.

An even lower priority is reporting link in the spam. (Others focus on this)

Seems that the only submissions that really go to the bitbucket are submissions with miss-configured headers. A vary large % if my submissions don't send reports because there is no abuse address, the listed address bounces all reports (so no point in sending them) or they have said they don't want the reports (don't want spamcop to be a spammer). All those reports sent to [at]devnull.spamcop.net are reports not sent to the source, but the blacklist is updated.

I see postings here all the time where people make corrections to the database, as you did. Given the number of spam submitted, and the intentional obfuscation of the spammers, it is a wonder that the there are so few errors.

Link to comment
Share on other sites

...My understanding of SpamCop's goals match Lou's, although I would change the emphasis a bit:

Relative Importance of SpamCop Features
Feature Relative Importance
Feed the blacklist statistics 10
Notify admins of spam source 7
Identify spamvertized sources in spam body 1
...Bert, Don may not wish to or may be unable to reply to your questions here. If he doesn't offer a reply here within a few days, my suggestion would be to contact him directly via e-mail at the address he listed in his reply 85702[/snapback].
Link to comment
Share on other sites

  • 2 weeks later...

...it's not fixed:

Still has this:

Cached whois for 83.206.207.181 : abuse[at]orange-business.com

Using abuse net on abuse[at]orange-business.com

abuse net orange-business.com = abuse[at]orangebusiness.com

Using best contacts abuse[at]orangebusiness.com

So what's the deal? Did I step on somebody's toes by noticing problems that aren't getting dealt with?

Link to comment
Share on other sites

So what's the deal? Did I step on somebody's toes by noticing problems that aren't getting dealt with?

http://www.senderbase.org/senderbase_queri...=83.206.207.181

Looking at senderbase whois gives

We can't find any results. Possibly IP address is unallocated or its whois server is not available.

SpamCops program that it uses for whois gives abuse[at]orange-business.com

Seems correct a prugram I use for whois gives

remarks:		**************************************
remarks:		*   Pour les obligations legale	  *
remarks:		* Contacter uniquement les poles OL  *
remarks:		*	  de France Telecom/Orange	  *
remarks:		*									*
remarks:		*	For legal issus joint only	  *
remarks:		*  France telecom/orange legal team  *
remarks:		**************************************
abuse-mailbox:   mailto:abuse[at]orange-business.com

Link to comment
Share on other sites

...Please refer to the last sentence of my earlier post 85721[/snapback].

I've got a better idea. I'll stop using Spamcop. It's abundantly clear that it's useless. The backend is slow, crappy and badly maintained, the reports are being ignored by ISPs, and the blacklist isn't getting updated with reports. What a waste of time.

Link to comment
Share on other sites

<snip>

What a waste of time.

...It should be a truism that if a tool isn't meeting your goals, you should stop using it -- but of course! There are plenty of us that are perfectly satisfied with it, so I hope you won't mind that the rest of us don't follow your lead. And we thank you for your contributions to the data used to maintain the SpamCop blacklist in the past (even though you, mistakenly in our estimation, think they've been of no use)! :) <g>
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...