1,3,7-Trimethylxanthin Posted November 7, 2004 Share Posted November 7, 2004 http://www.spamcop.net/sc?id=z688930942z3e...a8de5d1133ded7z The first genuine Received header is: Received: from 134.93.178.3 (unknown [211.176.175.144]) by mailgate1.zdv.Uni-Mainz.DE (Postfix) with SMTP id 9361D3000661; Thu, 4 Nov 2004 15:39:07 +0100 (CET) So it seems the spam came from 211.176.175.144. However: Reports regarding this spam have already been sent: Re: 134.93.178.129 (Administrator of network where email originates) Reportid: 1280875946 To: abuse[at]uni-mainz.de Reportid: 1280875947 To: postmaster[at]uni-mainz.de Obviously, abuse[at]uni-mainz.de is not happy... What is going on there? Link to comment Share on other sites More sharing options...
Wazoo Posted November 7, 2004 Share Posted November 7, 2004 You really need to work through the MailHost configuration, based on that mess. The first "easy" guess is that the server(s) in question may have fallen under the "recently discovered" thing in the parser/database. At issue is that even though the spam is now too old to report, the parser now tracks it correctly. So unfortunately, it would appear now that the ultimate responsibility flows down to you for not noticing the bad call made at the time you submitted the spam and sent the report. As it parses just fine now, I really can't guess at what happened at that time, other then the above. Link to comment Share on other sites More sharing options...
1,3,7-Trimethylxanthin Posted November 8, 2004 Author Share Posted November 8, 2004 What exactly is this "recently discovered" thing? I've been reporting spam delivered along this route for months now, and had no issues so far. Link to comment Share on other sites More sharing options...
Miss Betsy Posted November 8, 2004 Share Posted November 8, 2004 I don't have time to look at and try to see what went wrong, but the parser is only a piece of software, a tool. Occasionally, because lookups time out and perhaps other problems in the code, the parser does not get the correct place to report. Mailhosts was designed, IIUC, to alleviate one of the problems so that people who did not pay attention did not send all their reports to their ISP when the parser didn't work correctly since many people use the quick reporting. That's why the reporter is supposed to review the parse before sending. I don't know all the things that can go wrong. But I do know that from personal experience, before Mailhosts, every once in a while the parser would choose one's own ISP not being able to go farther down the chain. It only happened a couple of times for me out of hundreds of submissions. My guess is that a similar thing happened in your case since Wazoo says the parser is now parsing it correctly. It is your call on how you want to handle the problem of the parser being able to make a mistake. Some people think that it happens so infrequently that it is worth quick reporting and then making apologies. Others limit their reporting to those that they can review before sending. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted November 8, 2004 Share Posted November 8, 2004 What exactly is this "recently discovered" thing? I've been reporting spam delivered along this route for months now, and had no issues so far. "Recently discovered" is just that .. the first time an IP is seen handling e-mail, it enters into something like 48 hours as a probationary period ... not receiving spam complaints against it for that timeframe gives it a "bit of trust" ... As I stated, this was just a quick guess at a possibility. As the parser results are dynamic, there isn't any way to recreate what happened at the time of the original parse. But, with that long list of internal handoffs, I'd still suggest trying the MailHost configuration to "pre-clear" all those different servers (though noting that this long list of internal handoffs might make the MailHost configuration an exercise ..??) And that said, one is still taken back to that it is you that makes the final decision on which reports go out and to the addresses they are sent to ... As Miss Betsy states, if you are overloaded, set some kind of "priority" to your reporting ... something like "the last 20" .. just the porn, just the drugs, etc. .... and delete the rest with the vision that others are reporting that stuff. The correct reporting of any spam does help to develop the contents of the SpamCopDNSBL, which is used by other ISPs (in additon to the SpamCOp Filtered E-mail accounts) so there is a benefit to reporting as much of it as you can ... but there's no reason to devote your life to it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.