sandys1@spamcop.net Posted February 14, 2005 Share Posted February 14, 2005 http://mailsc.spamcop.net/sc?id=z732066790...c8317b3abcea2dz All mail to my domain is forwarded through SpamCop and then on to my home account. Twice now spam from these guys has gotten reported to my ISP as spam from my account. Obviously I'm going to have to stop quick reporting, but I would like to figure out how to keep reporting these guys. What puzzles me is were these lines: host 69.60.0.44 = emailmarketing101.net (cached) emailmarketing101.net is 69.60.0.44 66.160.131.136 not listed in dnsbl.njabl.org [...] 66.160.131.136 is an MX for sfsmith.com Why is it identifying their server and then going back and looking up my server? 69.60.0.44 is the evil MX here, if I am reading this correctly (which I may not be), not 66.160.131.136. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 14, 2005 Share Posted February 14, 2005 If you look further down (at least right now) it shows: If reported today, reports would be sent to: Re: 69.60.0.44 (Administrator of network where email originates) abuse[at]he.net The part you are seeing is the spamcop parser checking to see if it should trust the headers put there by your host, and it determines that it can trust that host as a forwarder. The entire parse for that section shows: Received: from emailmarketing101.net ([69.60.0.44]) by sfsmith.com for <x>; Sun, 13 Feb 2005 15:06:26 -0800 69.60.0.44 found host 69.60.0.44 = emailmarketing101.net (cached) emailmarketing101.net is 69.60.0.44 66.160.131.136 not listed in dnsbl.njabl.org 66.160.131.136 not listed in cbl.abuseat.org 66.160.131.136 not listed in dnsbl.sorbs.net 66.160.131.136 is not an MX for mailgate.cesmail.net 66.160.131.136 is an MX for sfsmith.com Possible spammer: 69.60.0.44 host sfsmith.com (checking ip) = 66.160.131.136 66.160.131.136 not listed in dnsbl.njabl.org 66.160.131.136 not listed in cbl.abuseat.org 66.160.131.136 not listed in dnsbl.sorbs.net Chain test:sfsmith.com =? sfsmith.com sfsmith.com and sfsmith.com have same hostname - chain verified Possible relay: 66.160.131.136 66.160.131.136 not listed in relays.ordb.org. 66.160.131.136 has already been sent to relay testers Received line accepted If you would configure mailhosts for that account, spamcop would know to expect that host and would pass through much easier. Link to comment Share on other sites More sharing options...
swingspacers Posted February 14, 2005 Share Posted February 14, 2005 SpamCop identifies the correct sending machine, 69.60.0.44. You are probably confused because the abuse address for this machine (abuse at he dot net) is the same as for your server 66.160.131.136. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.