tjsynkral Posted January 15, 2018 Posted January 15, 2018 It's happening again. https://www.spamcop.net/sc?id=z6435051222z44941cc474161f94fbf68ab9350463b1z Reports regarding this spam have already been sent: Re: 45.248.3.143 (Administrator of network where email originates) Reportid: 6767219654 To: search-apnic-not-arin#[email protected]
Lking Posted January 15, 2018 Posted January 15, 2018 I split this post from your other report on a different IP address. Quote I refuse to bother [email protected]. Using search-apnic-not-arin#[email protected] for statistical tracking. Using last resort contacts search-apnic-not-arin#[email protected] There are several possible reason for not sending reports to search-apnic-not-arin{AT}apnic{DOT}net, including the abuse address 1) has ask not to receive spam reports, 2) SC knows they do nothing with the reports, 3) reports are forwarded to the spammer, etc. However, reporting spam from this IP address does feed the statistics for the SpamCop Block-list.
petzl Posted January 15, 2018 Posted January 15, 2018 2 hours ago, tjsynkral said: It's happening again. SpamCop often does not get the abuse address or gets it wrong. Pays to use a whois program yourself, A Windows free one is "IPNetInfo v1.77"
tjsynkral Posted January 17, 2018 Author Posted January 17, 2018 On 1/15/2018 at 11:09 AM, Lking said: I split this post from your other report on a different IP address. There are several possible reason for not sending reports to search-apnic-not-arin{AT}apnic{DOT}net, including the abuse address 1) has ask not to receive spam reports, 2) SC knows they do nothing with the reports, 3) reports are forwarded to the spammer, etc. However, reporting spam from this IP address does feed the statistics for the SpamCop Block-list. Do you not see the problem here? There is a correct abuse contact for 45.248.3.143 and search-apnic-not-arin is not it. Spamcop has a configuration error and it's searching the wrong IP registry to find a reporting address. If it was a scenario you described I expect to see a devnull.spamcop address in the contact field... not this. Does anyone who actually works on Spamcop ever look at this forum or is it just full of users who tell you that yes, Spamcop is broken you should report spam yourself instead of using it.
lisati Posted January 17, 2018 Posted January 17, 2018 Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given. When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus.
tjsynkral Posted January 18, 2018 Author Posted January 18, 2018 1 hour ago, lisati said: Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given. When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus. In the case of this IP, they're trying to send mail to a black hole created to trap broken software that searched the wrong IP registry. Perhaps the abuse contact for 45.248.3.143 would like to know about the spam report and take action on it before it gets to SCBL. There's no chance that search-apnic-not-arin is a deliberate thing.
Lking Posted January 18, 2018 Posted January 18, 2018 Checking another Whois I find for 45.248.3.143 Quote Ref: https://whois.arin.net/rest/org/APNIC ReferralServer: whois://whois.apnic.net ResourceLink: http://wq.apnic.net/whois-search/static/search.html OrgAbuseHandle: AWC12-ARIN OrgAbuseName: APNIC Whois Contact OrgAbusePhone: +61 7 3858 3188 OrgAbuseEmail: [email protected] OrgAbuseRef: https://whois.arin.net/rest/poc/AWC12-ARIN OrgTechHandle: AWC12-ARIN OrgTechName: APNIC Whois Contact OrgTechPhone: +61 7 3858 3188 OrgTechEmail: [email protected] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< OrgTechRef: https://whois.arin.net/rest/poc/AWC12-ARIN This IP seems to be part of a large block of IPs in India used for VPN (hiding the location of the source) Going back to tjsynkral's old post on146.196.52.181 the block of IPs Quote Abuse contact for '146.196.52.0 - 146.196.55.255' is 'matthew.wu{AT}globalnetworkhk.com' has a different abuse contact now. I have no idea what was a valid abuse address for 146.196.52.181 Oct 2017. Those who seem to support spammers do try to change blocks of IPs all the time to avoid being blocked. Both blocks 146.196.52.- 146.196.55.255 and the block 45.248.0.0 - 45.248.3.255 are managed by APNIC. Those who had 146.196.52.181 in October could now have control of 45.248.3.143. There is a considerable body of anecdotal evidence that APNIC does not strongly enforce the rules. If you have more valid information for an IP or block of IPs <Reporting Help> <Reporting Address Issues> would be the correct (sub) forum to post current updated information.
tjsynkral Posted January 18, 2018 Author Posted January 18, 2018 4 hours ago, Lking said: Checking another Whois I find for 45.248.3.143 Can someone point me to the nearest wall so I can bang my head against it? You're whoising ARIN for an IP in the APNIC pool (just as Spamcop is doing). Anytime you do that, you will get [email protected] . APNIC is NOT an ISP. If you whois APNIC at whois.apnic.net for that IP, you will get current ISP information about 45.248.3.143. role: Manager Admin address: 485-A/15,1st floor,G.T. Road, Dilshad garden,New Delhi,Delhi-110095 country: IN phone: +91 9958033533 e-mail: [email protected] admin-c: AA1235-AP tech-c: AA1235-AP nic-hdl: MA965-AP mnt-by: MAINT-IN-APNAINFO last-modified: 2016-04-29T09:31:10Z source: APNIC (edit: P.S. The abuse contact for 146.196.52.181 via APNIC is still [email protected].)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.