reagenzium Posted July 24, 2006 Share Posted July 24, 2006 Hello all! I was going to report some Email via the submit address. I am now wondering, am I going to report my own host? The Report looks like the following: [ SpamCop V1.589 ] This message is brief for your comfort. Please use links below for details. Email from 80.34.43.146 / Sun, 23 Jul 2006 18:39:13 +0200 http://www.spamcop.net/w3m?i=zpreviewz14ad...d4f3d0b8555992z 80.34.43.146 is open proxy, see: http://www.spamcop.net/mky-proxies.html [ Offending message ] Return-path: <nielsa[at]chiwest.com> Envelope-to: x Delivery-date: Sun, 23 Jul 2006 18:39:13 +0200 Received: from [192.168.1.112] (helo=mailin03.ims-firmen.de) by mail05.ims-firmen.de with esmtp (Exim 4.51) id 1G4gz3-0000C5-FQ for x; Sun, 23 Jul 2006 18:39:13 +0200 Received: from [80.34.43.146] (helo=chiwest.com) by mailin03.ims-firmen.de with smtp (Exim 4.62) (envelope-from <nielsa[at]chiwest.com>) id 1G4gz2-0005TQ-Q0 for x; Sun, 23 Jul 2006 18:39:13 +0200 Message-ID: <0000______________________a8c0[at]oww96> Reply-To: "Niels Peacock" <nielsa[at]chiwest.com> From: "Niels Peacock" <nielsa[at]chiwest.com> To: x Subject: Re: eizit VlzAGRA Date: Sun, 23 Jul 2006 09:39:12 -0700 So, there is "Received: from [192.168.1.112] (helo=mailin03.ims-firmen.de)" <-- that's my host. and another one: "Received: from [80.34.43.146] (helo=chiwest.com)" <-- the ebil spam guys. How does spamcop figure out which one to report? The guys receiving the report are Re: 80.34.43.146 (Administrator of network where email originates) To: nemesys[at]telefonica.es (Notes) Re: 80.34.43.146 (Third party interested in email source) To: Cyveillance spam collection (Notes) That should be fine. I am just a bit unsure wether or not my own host may become victim of a report. The problem is... I got about 150 spam mails over the past weekend, reporting by Email takes very long, I cannot look into every report preview to find out what is being reported. I check every subject line and partially message body before submitting, but do I need to check the reports as well? Link to comment Share on other sites More sharing options...
Wazoo Posted July 24, 2006 Share Posted July 24, 2006 I was going to report some Email via the submit address. I am now wondering, am I going to report my own host? How is anyone here supposed to know? Your alleged spam source; inetnum: 80.32.0.0 - 80.35.255.255 netname: RIMA descr: TELEFONICA DE ESPANA descr: Provider Local Registry country: ES Your posting IP; inetnum: 84.136.0.0 - 84.191.255.255 netname: DTAG-DIAL20 descr: Deutsche Telekom AG country: DE Where exactly would the "connection" be between the spam source and "your own host" ...???? The Report looks like the following: Please use the provided Tracking URL in the future ..... So, there is "Received: from [192.168.1.112] (helo=mailin03.ims-firmen.de)" <-- that's my host. well, yes/no/kind of .... 192.168.x.x is part of a range of non-routable/Local Area Network IP addresses ... so it/they should not be involved in the parsing results at all. The e-mail was received by mailin03.ims-firmen.de and then passed (over the Local Area Network) to mail05.ims-firmen.de .... How does spamcop figure out which one to report? Suggestion would be to submit spam via the web-form after setting your Prefences to "show full technical details" and follow the parsing trail offered up. I am just a bit unsure wether or not my own host may become victim of a report. It appears you need to do a bit of a study and learn how to identify "your host" so as to recognise it if /when shows up in a parse result. I got about 150 spam mails over the past weekend, reporting by Email takes very long, As compared to what? Submittal by e-mail was a creation that was put into place to help stop folks from bitching about how long it took to submit their spam via the web-form. The original concept being .. arrive at the office, check your e-mail, submit the spam, start some 'real' work ... and as time became available throughout the day, actually handle the "reporting" part of the process. I cannot look into every report preview to find out what is being reported. I check every subject line and partially message body before submitting, but do I need to check the reports as well? "Checking the reports" before hitting the Submit Button is part of what you agreed to when you registered for a Reporting Account. You are the one responsible for whuch reports go out and where they go ..... Bad Reporting can lead to suspension, fines, and / or an outright ban ..... Link to comment Share on other sites More sharing options...
reagenzium Posted July 24, 2006 Author Share Posted July 24, 2006 "Checking the reports" before hitting the Submit Button is part of what you agreed to when you registered for a Reporting Account. You are the one responsible for whuch reports go out and where they go ..... Bad Reporting can lead to suspension, fines, and / or an outright ban ..... That's true. Let me ask you the other way round: Is it a viable conclusion to look at the report's recipients to tell wether the parsing worked as expected? If just spammer's hosts and advertised websites receive reports (besides obligatory spamcop + third party recipients), may I take this as a signal that the report should be fine? Do you guys cross-check every recipient + it's own report? I wonder how much time this takes. Please get me right. So far, I reported about 5 Spams in a row via the web form. This is what I do on a daily basis, as soon as the Junk Box collected some stuff. I was thinking about the email submission for the weekends spam which is so much more and just not reportable per web form. If checking carefully wether a mail is spam or not and checking the recipients is not enough, I will consider to delete the weekend trash and just keep reporting the brand new daily spam. well, yes/no/kind of .... 192.168.x.x is part of a range of non-routable/Local Area Network IP addresses ... so it/they should not be involved in the parsing results at all. The e-mail was received by mailin03.ims-firmen.de and then passed (over the Local Area Network) to mail05.ims-firmen.de .... Yeh. I was a bit worried that spamcop could lookup ims-firmen.de for a public address range and than suggest this as a spam source. (as above, my question would have been if I can tell by the recipients that are checked). Link to comment Share on other sites More sharing options...
Wazoo Posted July 24, 2006 Share Posted July 24, 2006 Is it a viable conclusion to look at the report's recipients to tell wether the parsing worked as expected? My first thought .. yes, I can do that, but I've been doing this for a heck of a long time. I hesitate to say that "you can do it also" when the original question indicates that you might not recognise your own host (or their immediate upstream) If just spammer's hosts and advertised websites receive reports (besides obligatory spamcop + third party recipients), may I take this as a signal that the report should be fine? In general, this sounds OK. On the other hand, there is the news://news.spamcop.net/routing available for challenging some bad reporting addresses. I just replied in another Topic within the last few hours here about some dodgy results in someone else's parsing results. Do you guys cross-check every recipient + it's own report? I wonder how much time this takes. Let me answer that by directing you to the graphic/link at the top right of this very screen ... follow that link and look at some of the data available. The next place would be Section 8 - SpamCop's System & Active Staff User Guide .... Don, Ellen, R.W. already trying to handle 800-1800 e-mails a day .. not sure how they'd also work in analyzing "16 messages a second" to verify all the reporting being done. Please get me right. So far, I reported about 5 Spams in a row via the web form. This is what I do on a daily basis, as soon as the Junk Box collected some stuff. I was thinking about the email submission for the weekends spam which is so much more and just not reportable per web form. If checking carefully wether a mail is spam or not and checking the recipients is not enough, I will consider to delete the weekend trash and just keep reporting the brand new daily spam. It only takes a second or two to determine "if it's spam" for me 99.9% of the time. Depending on what tools you're using, e-mail submittals may allow you to submit multiple "spam e-mails" in a single submittal .... check the FAQ and the How to .... Forum section ..... There is no "requirement" that you report everything .. some folks report the last 10-20 spams, some focus on "types" of spam, some only report that which slips by their filters ..... Yeh. I was a bit worried that spamcop could lookup ims-firmen.de for a public address range and than suggest this as a spam source. (as above, my question would have been if I can tell by the recipients that are checked). Again, turn on "show full technical details" and see how the parser does its thing for a while. Link to comment Share on other sites More sharing options...
Miss Betsy Posted July 24, 2006 Share Posted July 24, 2006 Yes, where the reports go is a way of checking whether the parser has done its thing correctly. In the full technical details, there are sometimes cryptic remarks about 'trusting' but as long as the results (where the reports go) are not your ISP, then the parser has understood them. There are two ways to submit by email. The first is as Wazoo described. The second is called Quick Reporting where only the source IP address is reported automatically. However, if you are conscientious, you should look at the email you get telling you where the reports went and I found that as tedious as reporting. If the weekend spam is overwhelming, just report the last 10 or the ones that didn't go to Junk Mail. Reporting spam as soon as possible is the best way. In fact, you can't report spam that is over two days old. Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.