agsteele Posted June 1, 2004 Posted June 1, 2004 I'm sure somebody will tell me that the reporting to Name Servers of Spamvertized Websites has been around since the earliest days but... I've only recently noticed that some reports include such a section. Seems a good idea but I'm concerned that the submission report doesn't make clear which website is involved. It seems to me that it would be more helpful - especially in avoiding false reports - if the information line could say something like 123.123.123.123 Name Server for Spamvertized Website (somedomain.com) Then I could be sure that I'm not sending a report to the name servers for cnn.com or similar innocent bystanders. As it is the process of checking the validity of these reports is somewhat difficult. The last thing I want to do is create even more hassle for those whose domain names are selected for inclusion in spam without their knowledge. Or maybe I'm missing something. Andrew
Wazoo Posted June 1, 2004 Posted June 1, 2004 Generally, the issue you're pointing out is something currently raised over in the newsgroups also .. it appears to be results from the last set of code changes Julian put in place, along side the additional code to work around the too-many-links issues ... personally, I'd say that this new code is still undergoing some testing and work ... but, that's just me .. I've no idea how you're seeing the parse results (or seeing tham at all) .. I can only answer from one that stil uses the paste-it-in-here box with "show tech details" on .... so I can see what's happening and where ... then again, I don't submit that much spam through SpamCop ... it's usually parsing other folk's spam so I can try to figure our where the issues in that submittal went wrong ...
agsteele Posted June 1, 2004 Author Posted June 1, 2004 I'll grab an example when one next pops up and post it here and possibly in the newsgroups as well. Andrew
agsteele Posted June 2, 2004 Author Posted June 2, 2004 OK, here's an example just processed... Re: 221.143.42.30 (Name server for spamvertised domain) To: nospam[at]hanaro.com (Notes) To: spamrelay[at]certcc.or.kr (Notes) Re: 24.126.124.15 (Administrator of network where email originates) To: abuse[at]comcast.net (Notes) Re: 24.126.124.15 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: 61.250.93.207 (Name server for spamvertised domain) To: abuse[at]epnetworks.co.kr (Notes) To: spamrelay[at]certcc.or.kr (Notes) To: spamcop[at]kisa.or.kr (Notes) To: postmaster[at]epnetworks.co.kr (Notes) THe problem I now have is do the reports for 221.143.42.30 and 61.250.93.207 relate to real spam or innocent bystanders? That's why I suggested that actual spamvertised comain name appear eg: Re: 61.250.93.207 (Name server for spamvertised domain - somedomain.net ) Just a thought... Andrew
Wazoo Posted June 2, 2004 Posted June 2, 2004 OK, I see what you are saying, but ... it is hard to make a statement without seeing the spam & parse in total ... On the other hand, using the "single line" version of the web-based form, which doesn't use the entire / same parse code of the main spam parser, the results offered are the same for both of the IP's. So it may really amount to that the side-note of "Name server for spamvertised domain" is possibly a bit of debug code and not meaning exactly what it reads ... maybe nothing more than a distraction as far as the results are concerned? Maybe it's that I don't know how these specific IPs were derived? Or are we back to the difference between an e-mail submittal response and the web-based parse with full tech details shown?
agsteele Posted June 4, 2004 Author Posted June 4, 2004 maybe nothing more than a distraction as far as the results are concerned? Maybe it's that I don't know how these specific IPs were derived? Or are we back to the difference between an e-mail submittal response and the web-based parse with full tech details shown? It may well be a distraction or some experimental text. I, too, don't know much about the current logic... The messages all apear to be ones caught in flat rate mail account held folder. I submit using the 'Queue for reporting (and move to trash)' option. Then the list as provided appears. Anyhow, I've made my observations. I'm certainly not complaining. Just trying to think of ways to improve the accuracy of the reporting and avoid false positives Andrew
Recommended Posts
Archived
This topic is now archived and is closed to further replies.