Jump to content

Constantly reported IP blocks still coming in (104.237.224.0/19, 143.202.12.0/22, 181.174.188.0/22)


Recommended Posts

Posted

I don't know if I'm doing something wrong, but I've been reporting a bunch of IPs to Spamcop from three IP blocks, and I've never seen them blocked or gotten a response.

Am I doing something wrong?

The IP blocks in question are:

181.174.188.0/22 (julio@REDSERVICIO.NET)

143.202.12.0/22 (hernan@HOSTED.CL)

104.237.224.0/19 (noc@dedfiber.com)

I get an average of 10 mails (combined) per day from these IP blocks, and have been reporting them regularly.  However, I never see them blocked in my mail.log from the bl.spamcop.net blocklist.

Is there something I can do to help with this?  I'm about to just block it in postfix and be done with it.

Posted

What is the SpamCop Blocking List (SCBL)? scroll down to " How the SCBL Works" and "SCBL Rules" they may answer your question.  Also note that SC list IP addresses not blocks of addresses.  The result is that if your received spam is spread over several IPs within a block the individual IPs may not be listed, although the block is as guilty as sin.

Does your ISP use the SCBL to filter your incoming email? If not then SC related entries will not show-up in you mail.log.  Also note that SC suggest that email identified as coming from IP addresses listed in their block list should not be blocked, but directed to a spam folder for review (thus avoiding loss of email due to false positives).

Posted

I run my own mail server, so this is for my company.  I have reviewed those documents, and they don't seem to address what I'm talking about, so I'll put it another way.

I am constantly submitting reports about these blocks, and they are pretty much my only sources of spam.  One or two others may sneak in, but they are few and far between (which would be expected from an email that has been used three whole times, for domain registration, SpamCop, and SpamCop Forum).

My messages to the administrators of these networks go unanswered, or answered, promised to change, and then nothing changes.

I hear your thoughts on tagging email and sending it on, but that still results in spam in the system and a lack of error on the address, so we are a "good" address.

For example, here's a list of IPs we have submitted in the last 5 days.

104.237.241.11
104.237.241.110
104.237.241.111
104.237.241.114
104.237.241.115
104.237.241.115
104.237.241.117
104.237.241.15
104.237.247.102
104.237.247.112
104.237.247.118
104.237.247.119
104.237.247.120
104.237.247.122
104.237.247.124
104.237.247.124
104.237.247.126
104.237.247.126
104.237.247.14
104.237.247.16
104.237.247.17
104.237.247.19
104.237.247.19
104.237.247.20
104.237.247.22
104.237.247.22
104.237.247.23
104.237.247.24
104.237.247.27
104.237.247.31
104.237.247.43
104.237.247.44
104.237.247.45
104.237.247.45
104.237.247.46
104.237.247.46
104.237.247.52
104.237.247.52
104.237.247.53
104.237.247.54
107.175.148.184
107.189.61.93
143.202.12.31
143.202.12.34
143.202.12.53
143.202.12.54
143.202.12.56
143.202.12.58
143.202.12.62
143.202.12.63
143.202.12.65
143.202.12.66
143.202.12.66
172.98.215.174
181.174.189.121
181.174.189.124
181.174.189.127
181.174.189.129
181.174.189.131
181.174.189.132
181.174.189.140
181.174.189.143
181.174.189.145
181.174.189.148
181.174.189.153
181.174.189.154
181.174.189.7
185.145.129.186
192.210.215.136
192.227.214.157
192.227.214.158
192.3.26.43
192.3.26.47

We receive one or two messages from an IP, then another in the range is used.  If the list is restricted to only per-IP (like it says), this kind of block will never be instituted, and the spammers are free to play as they wish.

This may just be a limitation on SpamCop, and I will have to block at the single-IP or CIDR  level.

The only reason I brought it up, rather than just blocking it, was that we won't be reporting those spam anymore because we won't be seeing it in the mailbox.

Posted

As one user/reporter to another, back to the reference on how the SCBL works

Quote
104.237.241.11
104.237.241.110
104.237.241.111
104.237.241.114
104.237.241.115
104.237.241.115
104.237.241.117
104.237.241.15

If spam from these IPs were all received today odds are none of these IP would be listed on the BL. If you are the only source reporting these IPs, one report will not get the IP listed (one exception).

On the other hand have you looked at https://www.spamcop.net/w3m?action=map ? the block 104.237.241.0/24 has a poor reputation and 15 and 115 are currently listed. You can look up the others.

That is the way the system is designed.  Otherwise, all of say Verizon would be blocked for 12hrs if one spammer got through on one of Verizon's IPs.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...