Dale Trantham Posted April 20, 2017 Posted April 20, 2017 I don't know if I'm doing something wrong, but I've been reporting a bunch of IPs to Spamcop from three IP blocks, and I've never seen them blocked or gotten a response. Am I doing something wrong? The IP blocks in question are: 181.174.188.0/22 (julio@REDSERVICIO.NET) 143.202.12.0/22 (hernan@HOSTED.CL) 104.237.224.0/19 (noc@dedfiber.com) I get an average of 10 mails (combined) per day from these IP blocks, and have been reporting them regularly. However, I never see them blocked in my mail.log from the bl.spamcop.net blocklist. Is there something I can do to help with this? I'm about to just block it in postfix and be done with it.
Lking Posted April 20, 2017 Posted April 20, 2017 What is the SpamCop Blocking List (SCBL)? scroll down to " How the SCBL Works" and "SCBL Rules" they may answer your question. Also note that SC list IP addresses not blocks of addresses. The result is that if your received spam is spread over several IPs within a block the individual IPs may not be listed, although the block is as guilty as sin. Does your ISP use the SCBL to filter your incoming email? If not then SC related entries will not show-up in you mail.log. Also note that SC suggest that email identified as coming from IP addresses listed in their block list should not be blocked, but directed to a spam folder for review (thus avoiding loss of email due to false positives).
Dale Trantham Posted April 20, 2017 Author Posted April 20, 2017 I run my own mail server, so this is for my company. I have reviewed those documents, and they don't seem to address what I'm talking about, so I'll put it another way. I am constantly submitting reports about these blocks, and they are pretty much my only sources of spam. One or two others may sneak in, but they are few and far between (which would be expected from an email that has been used three whole times, for domain registration, SpamCop, and SpamCop Forum). My messages to the administrators of these networks go unanswered, or answered, promised to change, and then nothing changes. I hear your thoughts on tagging email and sending it on, but that still results in spam in the system and a lack of error on the address, so we are a "good" address. For example, here's a list of IPs we have submitted in the last 5 days. 104.237.241.11 104.237.241.110 104.237.241.111 104.237.241.114 104.237.241.115 104.237.241.115 104.237.241.117 104.237.241.15 104.237.247.102 104.237.247.112 104.237.247.118 104.237.247.119 104.237.247.120 104.237.247.122 104.237.247.124 104.237.247.124 104.237.247.126 104.237.247.126 104.237.247.14 104.237.247.16 104.237.247.17 104.237.247.19 104.237.247.19 104.237.247.20 104.237.247.22 104.237.247.22 104.237.247.23 104.237.247.24 104.237.247.27 104.237.247.31 104.237.247.43 104.237.247.44 104.237.247.45 104.237.247.45 104.237.247.46 104.237.247.46 104.237.247.52 104.237.247.52 104.237.247.53 104.237.247.54 107.175.148.184 107.189.61.93 143.202.12.31 143.202.12.34 143.202.12.53 143.202.12.54 143.202.12.56 143.202.12.58 143.202.12.62 143.202.12.63 143.202.12.65 143.202.12.66 143.202.12.66 172.98.215.174 181.174.189.121 181.174.189.124 181.174.189.127 181.174.189.129 181.174.189.131 181.174.189.132 181.174.189.140 181.174.189.143 181.174.189.145 181.174.189.148 181.174.189.153 181.174.189.154 181.174.189.7 185.145.129.186 192.210.215.136 192.227.214.157 192.227.214.158 192.3.26.43 192.3.26.47 We receive one or two messages from an IP, then another in the range is used. If the list is restricted to only per-IP (like it says), this kind of block will never be instituted, and the spammers are free to play as they wish. This may just be a limitation on SpamCop, and I will have to block at the single-IP or CIDR level. The only reason I brought it up, rather than just blocking it, was that we won't be reporting those spam anymore because we won't be seeing it in the mailbox.
Lking Posted April 20, 2017 Posted April 20, 2017 As one user/reporter to another, back to the reference on how the SCBL works Quote 104.237.241.11 104.237.241.110 104.237.241.111 104.237.241.114 104.237.241.115 104.237.241.115 104.237.241.117 104.237.241.15 If spam from these IPs were all received today odds are none of these IP would be listed on the BL. If you are the only source reporting these IPs, one report will not get the IP listed (one exception). On the other hand have you looked at https://www.spamcop.net/w3m?action=map ? the block 104.237.241.0/24 has a poor reputation and 15 and 115 are currently listed. You can look up the others. That is the way the system is designed. Otherwise, all of say Verizon would be blocked for 12hrs if one spammer got through on one of Verizon's IPs.
cooper02 Posted April 21, 2017 Posted April 21, 2017 Might help if at least one more complainant would report these IPs.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.