mrmaxx Posted November 8, 2013 Share Posted November 8, 2013 Just wondering... have spammers figured out what SpamCop's IP Address(es) and blocked it/them from their DNS servers? The reason I ask is that on tracking URL http://www.spamcop.net/sc?id=z5623824838za...c4f38f2fcad5c9z (one example) SpamCop isn't able to resolve the spamvertised web link. However when I go to an external site (http://www.hcidata.info/host2ip.cgi) I'm able to plug that web address into their resolver and it comes up just fine. Of course I'm then coming to SpamCop and checking the reporting address in another window and adding it as a user-copied report, explaining why I'm sending them the report. It just makes me wonder why SpamCop can't resolve a web address, but another site can. Another example: http://www.spamcop.net/sc?id=z5623833099z2...0fd3ebc371d9cdz. Website is willful.walgreenwelness.nl. SpamCop can't resolve, but the site above is able to resolve. Link to comment Share on other sites More sharing options...
turetzsr Posted November 8, 2013 Share Posted November 8, 2013 ...Am I correct that SpamCop FAQ article "SpamCop reporting of spamvertized sites - some philosophy" speaks to this, especially the sentence that begins "Some research done results in the URL being found active...?" Link to comment Share on other sites More sharing options...
mrmaxx Posted November 8, 2013 Author Share Posted November 8, 2013 ...Am I correct that SpamCop FAQ article "SpamCop reporting of spamvertized sites - some philosophy" speaks to this, especially the sentence that begins "Some research done results in the URL being found active...?" I'm aware that URL reporting is a lower priority than spam source reporting. That being said, if we can figure out why spamvertised URLs aren't being found, maybe we can increase the spam reports to the web host. If I didn't care about the URLs, I'd just quick-report and forget it. Edit: I see your point, Turetzsr... and I *do* understand that Spamvertised URLs are, at best, a secondary concern for SpamCop. Still, I wonder if there might be some more tweaking that can be done behind the scenes to make more URLs resolve better. Maybe there are things being done already, but the sludge that sends this crap out is just too clever. I have seen one thing and that is that they have started to use sub-domains which may (or may not) resolve, but the parent domain usually does resolve, so in that case, I just do a user-copied report to the web host of that parent domain and ask them to take action. Link to comment Share on other sites More sharing options...
turetzsr Posted November 8, 2013 Share Posted November 8, 2013 <snip> I *do* understand that Spamvertised URLs are, at best, a secondary concern for SpamCop. Still, I wonder if there might be some more tweaking that can be done behind the scenes to make more URLs resolve better. <snip> ...Seems to me those two things are mutually exclusive, unless the SpamCop engineers suddenly find themselves with nothing more to do to keep up with spam developments, improve the parser and do whatever they do to support the blacklist; my suspicion is that such a situation is unlikely to occur in our lifetime. <g> ...If you are that keen on pursuing spamvertizing, I'd suggest Knujon and/ or Complainterator, which are specifically designed to handle spamvertizing. Link to comment Share on other sites More sharing options...
mrmaxx Posted November 8, 2013 Author Share Posted November 8, 2013 ...Seems to me those two things are mutually exclusive, unless the SpamCop engineers suddenly find themselves with nothing more to do to keep up with spam developments, improve the parser and do whatever they do to support the blacklist; my suspicion is that such a situation is unlikely to occur in our lifetime. <g> ...If you are that keen on pursuing spamvertizing, I'd suggest Knujon and/ or Complainterator, which are specifically designed to handle spamvertizing. Again, it comes down to the fact that I collect 99% of my email via SpamCop/CES Mail and it never sees my computer until it's been through the filters. Kinda hard to report via Complainerator or Knujon (other than as a user-copied report) if it doesn't hit my inbox before the "SpamCop mail" filters see it. Link to comment Share on other sites More sharing options...
gnarlymarley Posted November 8, 2013 Share Posted November 8, 2013 Just wondering... have spammers figured out what SpamCop's IP Address(es) and blocked it/them from their DNS servers? ..... I have wondered this too as SpamCop also has occasional issues looking up DNS in the host parsing side. As near as I could tell in the past, the spammer would have four servers and two of them were bad. In your particular case, I see that one of the dns servers is pointing to an invalid name (ns2.zwig.ru.). Many DNS servers try to look at the other server and see if the name is there. It could be possible that the SpamCop code could be hitting this server error and scrapping the look up as a failed. Link to comment Share on other sites More sharing options...
mrmaxx Posted November 8, 2013 Author Share Posted November 8, 2013 I have wondered this too as SpamCop also has occasional issues looking up DNS in the host parsing side. As near as I could tell in the past, the spammer would have four servers and two of them were bad. In your particular case, I see that one of the dns servers is pointing to an invalid name (ns2.zwig.ru.). Many DNS servers try to look at the other server and see if the name is there. It could be possible that the SpamCop code could be hitting this server error and scrapping the look up as a failed. Could very well be. Again, SpamCop doesn't care much about spamvertised URLs. That's just a secondary issue at best. I realize that. Just looking to see if there's something easy the admins can look at that might fix the issue so that fewer URLs need manual reporting. 'Course, I'd settle for them just being able to resolve the responsible party on RIPE IPs. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.