Steve Posted January 27, 2023 Share Posted January 27, 2023 Tracking link: https://www.spamcop.net/sc?id=z6795832424z821565e0fa1c3158becd5694f0f38d57z Quote A few POC addresses for the IP address (to report abuse to) listed above (62.60.160.33) are invalid. Those email addresses are below and the error messages that follow from Google's mailer-daemon: The first one is noc AT tehran DOT sinet DOT ir (mailer-daemon error below) Address not found Your message wasn't delivered to noc AT tehran DOT sinet DOT ir because the domain tehran DOT sinet NOT ir couldn't be found. Check for typos or unnecessary spaces and try again. The response was: DNS Error: DNS type 'mx' lookup of tehran DOT sinet DOT ir responded with code NXDOMAIN Domain name not found: tehran DOT sinet DOT tir The second one is postmaster AT irost.com (mailer-daemon error below) Address not found Your message wasn't delivered to postmaster AT irost.com because the address couldn't be found, or is unable to receive mail. The response from the remote server was: 550 <postmaster AT irost.com>, Recipient unknown Refreshing the cache does nothing to update/remove these invalid addresses. I have opened a ticket with RIPE and hopefully they'll get in touch with the ISP to update the addresses in their system so that the SC parser doesn't display them when parsing an email with a similar IP address from this ISP. Steve Quote Link to comment Share on other sites More sharing options...
petzl Posted January 27, 2023 Share Posted January 27, 2023 52 minutes ago, Steve said: racking link: https://www.spamcop.net/sc?id=z6795832424z821565e0fa1c3158becd5694f0f38d57z Working now? may of been slow in updating cache? Quote Link to comment Share on other sites More sharing options...
Steve Posted January 28, 2023 Author Share Posted January 28, 2023 22 hours ago, petzl said: Working now? may of been slow in updating cache? Nope. Those 2 addresses still show up. https://www.spamcop.net/sc?action=rcache;ip=62.60.160.33 Quote Tracking details Display data: "whois 62.60.160.33@whois.ripe.net" (Getting contact from whois.ripe.net) Organisation contact e-mail = ipdomain@irost.com zc202-ripe = ipdomain@irost.com whois.ripe.net 62.60.160.33 = ipdomain@irost.com whois: 62.60.128.0 - 62.60.255.255 = ipdomain@irost.comRouting details for 62.60.160.33 Using abuse net on ipdomain@irost.com abuse net irost.com = postmaster AT irost.com ipdomain AT irost.com abuse AT sinet.ir noc AT tehran.sinet.ir abuse AT irost.com sysop AT irost.com Using best contacts postmaster AT irost.com ipdomain AT irost.com abuse AT sinet.ir noc AT tehran.sinet.ir abuse AT irost.com sysop AT irost.com Like I mentioned, I contacted RIPE and opened up a ticket. Hopefully they can fix it on their end Quote Link to comment Share on other sites More sharing options...
petzl Posted January 28, 2023 Share Posted January 28, 2023 1 hour ago, Steve said: Nope. Those 2 addresses still show up. https://www.spamcop.net/sc?action=rcache;ip=62.60.160.33 ipdomain[AT]irost[DOT]com is the correct abuse address. Quote Link to comment Share on other sites More sharing options...
Steve Posted January 30, 2023 Author Share Posted January 30, 2023 On 1/28/2023 at 2:36 AM, petzl said: ipdomain[AT]irost[DOT]com is the correct abuse address. This is the response from RIPE: Quote Dear Steve, Thank you for your notification. It appears to us that the address space is related to a different contact. The abuse-mailbox seems to be <ipdomain AT irost.com> inetnum: 62.60.128.0 - 62.60.255.255 netname: IR-IROST-20010613 country: IR org: ORG-IROf1-RIPE admin-c: ZC202-RIPE tech-c: ZC202-RIPE status: ALLOCATED PA notify: ipdomain AT irost.com mnt-by: RIPE-NCC-HM-MNT mnt-by: IROST-MNT mnt-lower: IROST-MNT mnt-routes: IROST-MNT created: 2002-06-27T09:57:05Z last-modified: 2021-04-13T07:06:06Z source: RIPE The mailbox is valid and in compliance with RIPE policies. Could you please direct your request to the appropriate mailbox <ipdomain AT irost.com>? Thank you for your cooperation. Kind regards, Xavier Le Bris RIPE NCC Senior Internet Analyst Maybe the SC deputies can fix this? It now seems like it's a problem on their end when it comes to parsing an email with this range of IP addresses. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.