Jump to content

Recommended Posts

Posted

Due to a recent wave of continuous received phishing mails, I started to do some little investigations rather than just the usual reporting.

The emails received all originate from a serviceprovider called SendInBlue, and many of the emails came from IP 185.41.28.115

As usual I did my reports to Spamcop, where the notifications for abuse@sendinblue is devnulled due to bounces.

At some point I also checked TalosIntelligence, which to my amaze still sees the sender as a "trusted" IP, despite my reports.
I then filed a ticket with Talos, that I find the reputation for the IP incorrect, but instead I received a somewhat auto-answer with closure of my ticket, that I should use SpamCop to report my spam.

Hence my question here. Do SpamCop and Talos sync one another? Which should be a neat internal job since both operated by Cisco.
Also, is there a certain limit of reports needed for an IP to be added to SpamCop's BL? Since I still see it as not blacklisted.

Posted
On 7/19/2021 at 6:20 AM, bjoeg said:

At some point I also checked TalosIntelligence, which to my amaze still sees the sender as a "trusted" IP, despite my reports.

At one time I suspected they would sync, but I am not sure.  While looking at the spamcop IPv4 statistics, I noticed the results are very low.  It appears either a sync issue or else only one in a hundred are being reported as spam.  Maybe people are not reporting as much spam as they should be?

185.41.28.0/24 [SB]
Total Email: 13302.00
spam: 100.00

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...