bjoeg Posted July 19, 2021 Posted July 19, 2021 Due to a recent wave of continuous received phishing mails, I started to do some little investigations rather than just the usual reporting. The emails received all originate from a serviceprovider called SendInBlue, and many of the emails came from IP 185.41.28.115 As usual I did my reports to Spamcop, where the notifications for abuse@sendinblue is devnulled due to bounces. At some point I also checked TalosIntelligence, which to my amaze still sees the sender as a "trusted" IP, despite my reports. I then filed a ticket with Talos, that I find the reputation for the IP incorrect, but instead I received a somewhat auto-answer with closure of my ticket, that I should use SpamCop to report my spam. Hence my question here. Do SpamCop and Talos sync one another? Which should be a neat internal job since both operated by Cisco. Also, is there a certain limit of reports needed for an IP to be added to SpamCop's BL? Since I still see it as not blacklisted. Quote
gnarlymarley Posted July 23, 2021 Posted July 23, 2021 On 7/19/2021 at 6:20 AM, bjoeg said: At some point I also checked TalosIntelligence, which to my amaze still sees the sender as a "trusted" IP, despite my reports. At one time I suspected they would sync, but I am not sure. While looking at the spamcop IPv4 statistics, I noticed the results are very low. It appears either a sync issue or else only one in a hundred are being reported as spam. Maybe people are not reporting as much spam as they should be? 185.41.28.0/24 [SB] Total Email: 13302.00 spam: 100.00 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.