tacoma43 Posted January 7, 2006 Share Posted January 7, 2006 Sorry — I still don't get it. I have a "reporting-only account". If I copy the link found in a spam's message body, and paste it into my browser's address bar, I consider the resulting IP address associated with that web site to be the true (or at least the current) IP address. If the "true IP" is not the same as the one resolved to in the "Tracking link:" section of the report, what is the recommended procedure? Where should the current info be reported? Should the box be unchecked so a report is not sent to the administrator of the wrong/outdated network host? Will SpamCop updates its records; what's the typical turnaround time? Link to comment Share on other sites More sharing options...
Miss Betsy Posted January 7, 2006 Share Posted January 7, 2006 I am not sure that I can help you since I have, long ago, decided spamvertized sites were not worth the trouble to try and track down for accurate reporting. The recommended procedure is that if you are not sure about the accuracy of where the report is going to go is to uncheck the box. Sometimes it goes to the spammer; sometimes some other reporter has realized it goes to the spammer and has alerted spamcop so that an upstream address is substituted; sometimes if you refresh the report, you will get another abuse address for different reasons. Will SpamCop updates its records; what's the typical turnaround time? I don't think 'update records' is the proper way to describe what spamcop does. The parser looks up the IP address and then looks up the abuse address so if they change, the parser reports a different address the next time you use it. (which, IIRC, there are some spammers that have a way to keep changing website addresses to evade being closed down and some addresses will change every time you parse them). The actual website address is never stored as a record for future use by spamcop. The abuse address for a particular IP address may be stored and will be that address until someone requests a change, but usually is also looked up each time. Someone will correct me if I am wrong. I am beginning to have a glimmer of a memory about caches, but I don't think it would be the answer to what you are asking. Miss Betsy I think the same issue is being discussed in this Topic - Inconsistent reporting... Link to comment Share on other sites More sharing options...
tacoma43 Posted January 7, 2006 Author Share Posted January 7, 2006 Thanks for the informative reply. If I understand correctly, it's not worth reporting a more-current IP address for a spammer's web site because (1) it changes so frequently, and (2) the IP returned by the parser might be the safer one to report. Correct me if I'm wrong. Otherwise, thanks again! Link to comment Share on other sites More sharing options...
agsteele Posted January 7, 2006 Share Posted January 7, 2006 If I understand correctly, it's not worth reporting a more-current IP address for a spammer's web site because (1) it changes so frequently, and (2) the IP returned by the parser might be the safer one to report.38995[/snapback] To be careful with terms... The parser uses the IP address of the originating mail server of the offending message. So an IP for a website is quite likely to be different from the originating mail server's IP. Using the mail server IP is what makes the SCBL so effective in trapping spam and then de-listing mail servers when the problem is fixed. The reporting of websites is a secondary process and unrelated to the SCBL. Andrew Link to comment Share on other sites More sharing options...
Miss Betsy Posted January 7, 2006 Share Posted January 7, 2006 I think what Andrew is saying is that there is a difference between the 'source' IP address from which the spam email comes and the IP address of the website. You can generally trust the spamcop parser to come up with the 'source' IP address and the correct abuse address. For spamvertised websites, if you want to take the time, you can use the parser information in tracking down the correct abuse address. However, if you don't want to take the time, it is better to uncheck the website report addresses. Since the website addresses are not part of the spamcop blocklist, it doesn't affect the blocklist (which others use for filtering or rejecting). Some people do use the list of websites for filtering or blocking which is another factor in your decision. Miss Betsy Link to comment Share on other sites More sharing options...
tacoma43 Posted January 9, 2006 Author Share Posted January 9, 2006 Since the "tracking link" IP and the web site's IP are often identical, perhaps you can understand and forgive my confusion. Thank you, both, for your feedback. Link to comment Share on other sites More sharing options...
Miss Betsy Posted January 9, 2006 Share Posted January 9, 2006 Since the "tracking link" IP and the web site's IP are often identical, perhaps you can understand and forgive my confusion. Thank you, both, for your feedback. 39118[/snapback] You are welcome. I take that you 'get it' now! If you have any more questions, please ask. Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.