What is 'routes.spamcop.net'?

[DrGaellon]

This morning I noted that emails I forwarded to my submit.XXXX[at]spamcop.net address were being reported to 'routes1[at]routes.spamcop.net' and to no other addresses. What is that about?

[dbiel]

Will have to wait for someone with specific information about the routes address

but as far as why it is not going anywhere else, we will need more information from you.

How are your reporting spam and how are your preference set up.

Reporting as a mole yields one result,

Reporting with address munged yields another result,

Reporting without munging yields another result,

Quick reporting yields yet another result. (this would not apply here due to the "submit" address).

[Wazoo]

A tracking URL would have allowed for a more specific answer. Lacking that data, I'll just repeat the generic answer offered up over in the newsgroups .... From back on 6 Aug 04 ...

From time to time and for various reasons you may encounter reporting

addresses that are "internal" to SpamCop. Some of these addresses are

<name>[at]admin.spamcop.net and some are, more recently, [at]routes.spamcop.net.

Some of these special addresses are further procmailed to not publicly known

addresses at  ISPs. You may see these addresses come and go or they may

remain for quite a while. You should not draw any particular or paranoid

conclusions from seeing them :-)

Ellen

[newhorizon]

Some of these special addresses are further procmailed to not publicly known

addresses at  ISPs.

Maybe I'm not fully understanding, but let me ask: why conceal ISP abuse addresses behind these [at]routes.spamcop.net addresses?

[Wazoo]

Please re-read Ellen's comments. "not publicly known" kind of suggests something to me ... in the past, such addresses included specific staff folks at an ISP, just as an example ....

[StevenUnderwood]

An ISP can use special handling of spamcop reports because they know they are in a specific format and know all the needed data is available in the message.

Maybe they place a higher priority on the spamcop reports. Maybe they have an automatic ticketing system that parses the information and brings any IP with more than 1 spamcop report to the attention of someone who knows what to do with that information.

The ISP wants reports sent only from spamcop to be received at this address so they are not mixed in with mom and pop forwarding the body (with no headers) making their job harder. I'm sure the abuse addresses also get a fair share of their own spam, I know the one I monitor sure does.

Basically, an ISP has asked spamcop to provide reports in a specific path. Spamcop is trying to help that ISP, who went out of their way to create that path, to follow their wishes. These are the ISP's who will probably do something about their problem.

[newhorizon]

Ah, gotchya. Good reason.

Historically, I've found SpamCop useful not only for sending abuse reports, but for simply determining an externally-valid abuse address (by typing ONLY the IP address or the domain name into SC's text box).

With SC sometimes using non-public addresses only, this usefulness seems to be fading.

I guess I'll stick to http://www.abuse.net/lookup.phtml (but it doesn't allow IP addresses).

No need to reply - just kvetching.

[Wazoo]

Note that generally, a reputable ISP will usually include an abuse type address within the WHOIS registration data. Some sources for doing an on-line WHOIS look-up are found within the FAQ here under the "other places" section if you don't have this function available ....