Jump to content
System Outages Tuesday, October 18, 2022 ×

search-apnic-not-arin for 45.248.3.143

tjsynkral

By tjsynkral
in SpamCop Reporting Help

Recommended Posts

Lking What Life?

Lking

Posted
Posted

I split this post from your other report on a different IP address.

Quote

I refuse to bother search-apnic-not-arin@apnic.net.

Using search-apnic-not-arin#apnic.net@devnull.spamcop.net for statistical tracking.

Using last resort contacts search-apnic-not-arin#apnic.net@devnull.spamcop.net

There are several possible reason for not sending reports to search-apnic-not-arin{AT}apnic{DOT}net, including the abuse address 1) has ask not to receive spam reports, 2) SC knows they do nothing with the reports, 3) reports are forwarded to the spammer, etc.

However, reporting spam from this IP address does feed the statistics for the SpamCop Block-list.

Link to comment
Share on other sites
tjsynkral Member

tjsynkral

Posted
  • Author
Posted
On 1/15/2018 at 11:09 AM, Lking said:

I split this post from your other report on a different IP address.

There are several possible reason for not sending reports to search-apnic-not-arin{AT}apnic{DOT}net, including the abuse address 1) has ask not to receive spam reports, 2) SC knows they do nothing with the reports, 3) reports are forwarded to the spammer, etc.

However, reporting spam from this IP address does feed the statistics for the SpamCop Block-list.

Do you not see the problem here?

There is a correct abuse contact for 45.248.3.143 and search-apnic-not-arin is not it. Spamcop has a configuration error and it's searching the wrong IP registry to find a reporting address.

If it was a scenario you described I expect to see a devnull.spamcop address in the contact field... not this.

Does anyone who actually works on Spamcop ever look at this forum or is it just full of users who tell you that yes, Spamcop is broken you should report spam yourself instead of using it.

Link to comment
Share on other sites
lisati Advanced Member

lisati

Posted
Posted

Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given.

When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus.

Link to comment
Share on other sites
tjsynkral Member

tjsynkral

Posted
  • Author
Posted
1 hour ago, lisati said:

Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given.

When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus.

In the case of this IP, they're trying to send mail to a black hole created to trap broken software that searched the wrong IP registry. Perhaps the abuse contact for 45.248.3.143 would like to know about the spam report and take action on it before it gets to SCBL. There's no chance that search-apnic-not-arin is a deliberate thing.

Link to comment
Share on other sites
Lking What Life?

Lking

Posted
Posted

Checking another Whois I find for 45.248.3.143

Quote 

Ref:            https://whois.arin.net/rest/org/APNIC
ReferralServer:  whois://whois.apnic.net
ResourceLink:  http://wq.apnic.net/whois-search/static/search.html
OrgAbuseHandle: AWC12-ARIN
OrgAbuseName:   APNIC Whois Contact
OrgAbusePhone:  +61 7 3858 3188
OrgAbuseEmail:  search-apnic-not-arin@apnic.net
OrgAbuseRef:    https://whois.arin.net/rest/poc/AWC12-ARIN
OrgTechHandle: AWC12-ARIN
OrgTechName:   APNIC Whois Contact
OrgTechPhone:  +61 7 3858 3188
OrgTechEmail:  search-apnic-not-arin@apnic.net    <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
OrgTechRef:    https://whois.arin.net/rest/poc/AWC12-ARIN

This IP seems to be part of a large block of IPs in India used for VPN  (hiding the location of the source)

Going back to tjsynkral's old post on146.196.52.181 the block of IPs

Quote

Abuse contact for '146.196.52.0 - 146.196.55.255' is 'matthew.wu{AT}globalnetworkhk.com'

has a different abuse contact now.  I have no idea what was a valid abuse address for 146.196.52.181 Oct 2017.

Those who seem to support spammers do try to change blocks of IPs all the time to avoid being blocked.  Both blocks 146.196.52.- 146.196.55.255 and the block 45.248.0.0 - 45.248.3.255  are managed by APNIC.  Those who had 146.196.52.181 in October could now have control of 45.248.3.143.  There is a considerable body of anecdotal evidence that APNIC does not strongly enforce the rules.

If you have more valid information for an IP or block of IPs  <Reporting Help> <Reporting Address Issues> would be the correct (sub) forum to post current updated information.

Link to comment
Share on other sites
tjsynkral Member

tjsynkral

Posted
  • Author
Posted
4 hours ago, Lking said:

Checking another Whois I find for 45.248.3.143

 

Can someone point me to the nearest wall so I can bang my head against it?

You're whoising ARIN for an IP in the APNIC pool (just as Spamcop is doing). Anytime you do that, you will get search-apnic-not-arin@apnic.net . APNIC is NOT an ISP. If you whois APNIC at whois.apnic.net for that IP, you will get current ISP information about 45.248.3.143.

role:    Manager Admin
address:    485-A/15,1st floor,G.T. Road, Dilshad garden,New Delhi,Delhi-110095
country:    IN
phone:    +91 9958033533
e-mail:    support@apnainfotech.co.in
admin-c:    AA1235-AP
tech-c:    AA1235-AP
nic-hdl:    MA965-AP
mnt-by:    MAINT-IN-APNAINFO
last-modified:    2016-04-29T09:31:10Z
source:    APNIC

 

(edit: P.S. The abuse contact for 146.196.52.181 via APNIC is still matthew.wu@globalnetworkhk.com.)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...