Jump to content

Resolving links, but no report


raydragon

Recommended Posts

I have a spamcop mail/reporting account, and my roommate also has one. On my reporting account, 90% of the time I get either unable to resolve:

Tracking link: http://www.vhufeaseminsa.com/

[report history]

Cannot resolve http://www.vhufeaseminsa.com/

or it resolves, but does not provide any option to report to the spamsite host. HOWEVER, when I enter the same source into my rommie's account, it resolves AND provides an e-mail to report to the spamsite host. Another weirdity is that, in the example below, gmail is not one of my roomies mailhosts (although our ptimary e-mail accounts share the same mailhosts, and I still experience the same problems reporting in my account but not in his).

An ideas? This has only sarted happening in the past fw months.

A sample of one recent source:

X-Gmail-Received: aae2b800008acb2e1760a819c097657cfbe2791f

Delivered-To: wyrm.com[at]gmail.com

Received: by 10.65.249.2 with SMTP id b2cs114439qbs;

Sun, 20 Aug 2006 15:47:39 -0700 (PDT)

Received: by 10.35.99.5 with SMTP id b5mr11813169pym;

Sun, 20 Aug 2006 15:47:39 -0700 (PDT)

Return-Path: <ernohipple[at]hersheyimport.com>

Received: from baico.com ([87.217.152.2])

by mx.gmail.com with SMTP id 15si301688nzp.2006.08.20.15.47.36;

Sun, 20 Aug 2006 15:47:39 -0700 (PDT)

Received-SPF: neutral (gmail.com: 87.217.152.2 is neither permitted nor denied by best guess record for domain of ernohipple[at]hersheyimport.com)

Received: by 192.168.204.200 with SMTP id SzmJpl;

for <wyrm.com[at]gmail.com>; Sun, 20 Aug 2006 15:47:38 -0700

Message-ID: <000001c6c4aa$a2dacad0$c8cca8c0[at]rmvpd>

Reply-To: "Shashi Gaudin" <ernohipple[at]hersheyimport.com>

From: "Shashi Gaudin" <ernohipple[at]hersheyimport.com>

To: wyrm.com[at]gmail.com

Subject: Re: news qefoyi

Date: Sun, 20 Aug 2006 15:47:38 -0700

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_0001_01C6C46F.F67BF2D0"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1106

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

X-Antivirus: avast! (VPS 0633-4, 18/08/2006), Outbound message

X-Antivirus-Status: Clean

This is a multi-part message in MIME format.

------=_NextPart_000_0001_01C6C46F.F67BF2D0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

Hi,

=20

Economize up to 50 % on your R X with us http://www.vhufeaseminsa.com

=20

=20

=20

musician, was a workaholic. Or both. Because by the time I had

appeared he had single-handedly organized our expedition down to the

last detail. He was muttering over the heap of apparatus as he punched

------=_NextPart_000_0001_01C6C46F.F67BF2D0

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML><HEAD>

<META http-equiv=3DContent-Type content=3D"text/html; =

charset=3Dus-ascii">

<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>

<STYLE></STYLE>

</HEAD>

<BODY bgColor=3D#ffffff>

<DIV>Hi,</DIV>

<DIV> </DIV>

<DIV>Economize up to 50 % on your R X with us <A =

href=3D"http://www.vhufeaseminsa.com">http://www.vhufeaseminsa.com</A></D=

IV><P> </P><P> </P><P> </P><P>musician, was a =

workaholic. Or both. Because by the time I had<BR>

appeared he had single-handedly organized our expedition down to =

the<BR>

last detail. He was muttering over the heap of apparatus as he =

punched<BR></P></BODY></HTML>

------=_NextPart_000_0001_01C6C46F.F67BF2D0--

Link to comment
Share on other sites

I have a spamcop mail/reporting account, and my roommate also has one. On my reporting account, 90% of the time I get either unable to resolve:

Tracking link: http://www.vhufeaseminsa.com/

[report history]

Cannot resolve http://www.vhufeaseminsa.com/

or it resolves, but does not provide any option to report to the spamsite host. HOWEVER, when I enter the same source into my rommie's account, it resolves AND provides an e-mail to report to the spamsite host. Another weirdity is that, in the example below, gmail is not one of my roomies mailhosts (although our ptimary e-mail accounts share the same mailhosts, and I still experience the same problems reporting in my account but not in his).

An ideas? This has only sarted happening in the past fw months....

Hi raydragon - I haven't the answers, except to note that link has problems resolving (makes you wonder how they manage to make money out of, poor lil' devils). Differences in timing could explain the variability in results you see. Using http://www.dnsreport.com/tools/dnsreport.c...ufeaseminsa.com and recording the current result, because it may be variable over time
DNS Report for vhufeaseminsa.com
Generated by www.DNSreport.com at 00:50:18 GMT on 21 Aug 2006.
Category Status Test Name Information 
Parent PASS Missing Direct Parent check OK. Your direct parent zone exists, which is good. Some domains
(usually third or fourth level domains, such as example.co.us) do not have a direct parent zone ('co.us' in
this example), which is legal but can cause confusion.
INFO NS records at parent servers Your NS records at the parent servers are:

ns0.centalace.com. [211.144.68.67] [TTL=172800] [CN]
ns0.cobeltees.com. [211.144.68.59] [TTL=172800] [CN]

[These were obtained from f.gtld-servers.net] 
PASS Parent nameservers have your nameservers listed OK. When someone uses DNS to look up your
domain, the first step (if it doesn't already know about your domain) is to go to the parent servers. If you
aren't listed there, you can't be found. But you are listed there. 
PASS Glue at parent nameservers OK. The parent servers have glue for your nameservers. That means
they send out the IP address of your nameservers, as well as their host names. 
PASS DNS servers have A records OK. All your DNS servers either have A records at the zone parent
servers, or do not need them (if the DNS servers are on other TLDs). A records are required for your
hostnames to ensure that other DNS servers can reach your DNS servers. Note that there will be problems if
your DNS servers do not have these same A records. 
NS INFO NS records at your nameservers Your NS records at your nameservers are:

ns0.centalace.com. [211.144.68.67] [TTL=300]
ns0.cobeltees.com. [211.144.68.59] [TTL=300]

FAIL Open DNS servers ERROR: One or more of your nameservers reports that it is an open DNS server.
This usually means that anyone in the world can query it for domains it is not authoritative for (it is possible
that the DNS server advertises that it does recursive lookups when it does not, but that shouldn't happen).
This can cause an excessive load on your DNS server. Also, it is strongly discouraged to have a DNS server
be both authoritative for your domain and be recursive (even if it is not open), due to the potential for cache
poisoning (with no recursion, there is no cache, and it is impossible to poison it). Also, the bad guys could
use your DNS server as part of an attack, by forging their IP address. Problem record(s) are:
Server 211.144.68.67 reports that it will do recursive lookups. [test]
Server 211.144.68.59 reports that it will do recursive lookups. [test]

See this page for info on closing open DNS servers.

PASS Mismatched glue OK. The DNS report did not detect any discrepancies between the glue provided by
the parent servers and that provided by your authoritative DNS servers.
PASS No NS A records at nameservers OK. Your nameservers do include corresponding A records when
asked for your NS records. This ensures that your DNS servers know the A records corresponding to all
your NS records. 
PASS All nameservers report identical NS records OK. The NS records at all your nameservers are identical.  
PASS All nameservers respond OK. All of your nameservers listed at the parent nameservers responded. 
PASS Nameserver name validity OK. All of the NS records that your nameservers report seem valid (no IPs
or partial domain names). 
PASS Number of nameservers OK. You have 2 nameservers. You must have at least 2 nameservers
(RFC2182 section 5 recommends at least 3 nameservers), and preferably no more than 7. 
PASS Lame nameservers OK. All the nameservers listed at the parent servers answer authoritatively for
your domain. 
PASS Missing (stealth) nameservers OK. All 2 of your nameservers (as reported by your nameservers) are
also listed at the parent servers. 
PASS Missing nameservers 2 OK. All of the nameservers listed at the parent nameservers are also listed as
NS records at your nameservers.  
PASS No CNAMEs for domain OK. There are no CNAMEs for vhufeaseminsa.com. RFC1912 2.4 and RFC2181
10.3 state that there should be no CNAMEs if an NS (or any other) record is present. 
PASS No NSs with CNAMEs OK. There are no CNAMEs for your NS records. RFC1912 2.4 and RFC2181 10.3
state that there should be no CNAMEs if an NS (or any other) record is present. 
WARN Nameservers on separate class C's WARNING: All of your nameservers (listed at the parent
nameservers) are in the same Class C (technically, /24) address space, which means that they are probably
at the same physical location. Your nameservers should be at geographically dispersed locations. You should
not have all of your nameservers at the same location. RFC2182 3.1 goes into more detail about secondary
nameserver location. 
PASS All NS IPs public OK. All of your NS records appear to use public IPs. If there were any private IPs,
they would not be reachable, causing DNS delays. 
PASS TCP Allowed OK. All your DNS servers allow TCP connections. Although rarely used, TCP connections
are occasionally used instead of UDP connections. When firewalls block the TCP DNS connections, it can
cause hard-to-diagnose problems. 
INFO Nameservers versions Your nameservers have the following versions:

211.144.68.67: "9.2.4"
211.144.68.59: "9.2.4"

PASS Stealth NS record leakage Your DNS servers do not leak any stealth NS records (if any) in 
non-NS requests. 
SOA INFO SOA record Your SOA record [TTL=300] is:
Primary nameserver: ns0.cobeltees.com.
Hostmaster E-mail address: ns0.centalace.com.
Serial #: 2004042903
Refresh: 12000
Retry: 1800
Expire: 604800
Default TTL: 300

PASS NS agreement on SOA serial # OK. All your nameservers agree that your SOA serial number
is 2004042903. That means that all your nameservers are using the same data (unless you have 
different sets of data with the same serial number, which would be very bad)! Note that the DNS
Report only checks the NS records listed at the parent servers (not any stealth servers).

PASS SOA MNAME Check OK. Your SOA (Start of Authority) record states that your master (primary)
name server is: ns0.cobeltees.com.. That server is listed at the parent servers, which is correct.

PASS SOA RNAME Check OK. Your SOA (Start of Authority) record states that your DNS 
contact E-mail address is: ns0[at]centalace.com. (techie note: we have changed the initial
'.' to an '[at]' for display purposes).  
PASS SOA Serial Number OK. Your SOA serial number is: 2004042903. This appears to be in the
recommended format of YYYYMMDDnn, where 'nn' is the revision. So this indicates that your DNS
was last updated on 29 Apr 2004 (and was revision #3). This number must be incremented every
time you make a DNS change. 
PASS SOA REFRESH value OK. Your SOA REFRESH interval is : 12000 seconds. This seems normal
(about 3600-7200 seconds is good if not using DNS NOTIFY; RFC1912 2.2 recommends a value
between 1200 to 43200 seconds (20 minutes to 12 hours)). This value determines how often
secondary/slave nameservers check with the master for updates. 
PASS SOA RETRY value OK. Your SOA RETRY interval is : 1800 seconds. This seems normal
(about 120-7200 seconds is good). The retry value is the amount of time your secondary/slave
nameservers will wait to contact the master nameserver again if the last attempt failed. 
PASS SOA EXPIRE value OK. Your SOA EXPIRE time: 604800 seconds. This seems normal (about
1209600 to 2419200 seconds (2-4 weeks) is good). RFC1912 suggests 2-4 weeks. This is how
long a secondary/slave nameserver will wait before considering its DNS data stale if it can't
reach the primary nameserver. 
WARN SOA MINIMUM TTL value WARNING: Your SOA MINIMUM TTL is : 300 seconds. This
seems low (unless you are just about to update your DNS). You should consider increasing
this value to somewhere between 3600 and 10800. RFC2308 suggests a value of 1-3 hours.
This value used to determine the default (technically, minimum) TTL (time-to-live) for DNS
entries, but now is used for negative caching. 
MX INFO MX Record Your 1 MX record is:
10 mail.vhufeaseminsa.com. [TTL=300] IP=211.144.68.67 [TTL=300] [CN]

PASS Low port test OK. Our local DNS server that uses a low port number can get your
MX record. Some DNS servers are behind firewalls that block low port numbers. This does
not guarantee that your DNS server does not block low ports (this specific lookup must be
cached), but is a good indication that it does not. 
PASS Invalid characters OK. All of your MX records appear to use valid hostnames, without
any invalid characters. 
PASS All MX IPs public OK. All of your MX records appear to use public IPs. If there were
any private IPs, they would not be reachable, causing slight mail delays, extra resource
usage, and possibly bounced mail. 
PASS MX records are not CNAMEs OK. Looking up your MX record did not just return a CNAME.
If an MX record query returns a CNAME, extra processing is required, and some mail servers
may not be able to handle it. 
PASS MX A lookups have no CNAMEs OK. There appear to be no CNAMEs returned for
A records lookups from your MX records (CNAMEs are prohibited in MX records, according
to RFC974, RFC1034 3.6.2, RFC1912 2.4, and RFC2181 10.3). 
PASS MX is host name, not IP OK. All of your MX records are host names (as opposed
to IP addresses, which are not allowed in MX records). 
INFO Multiple MX records NOTE: You only have 1 MX record. If your primary mail server is
down or unreachable, there is a chance that mail may have troubles reaching you. In the
past, mailservers would usually re-try E-mail for up to 48 hours. But many now only re-try
for a couple of hours. If your primary mailserver is very reliable (or can be fixed quickly if
it goes down), having just one mailserver may be acceptable. 
PASS Differing MX-A records OK. I did not detect differing IPs for your MX records (this
would happen if your DNS servers return different IPs than the DNS servers that are
authoritative for the hostname in your MX records). 
PASS Duplicate MX records OK. You do not have any duplicate MX records (pointing to the
same IP). Although technically valid, duplicate MX records can cause a lot of confusion,
and waste resources. 
FAIL Reverse DNS entries for MX records ERROR: The IP of one or more of your mail
server(s) have no reverse DNS (PTR) entries (if you see "Timeout" below, it may mean that
your DNS servers did not respond fast enough). RFC1912 2.1 says you should have a reverse
DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will
not accept mail from mailservers with no reverse DNS entry. You can double-check using the
'Reverse DNS Lookup' tool at the DNSstuff site (it contacts your servers in real time; the reverse
DNS lookups in the DNS report use our local caching DNS server). The problem MX records are:
67.68.144.211.in-addr.arpa [No reverse DNS entry (rcode: 3 ancount: 0) (check it)]

Mail FAIL Connect to mail servers ERROR: I could not complete a connection to any of your mailservers!

mail.vhufeaseminsa.com: Timed out [Last data sent: [Did not connect]]

If this is a timeout problem, note that the DNS report only waits about 40 seconds for responses, so your
mail *may* work fine in this case but you will need to use testing tools specifically designed for such
situations to be certain. 
WWW
 INFO WWW Record Your www.vhufeaseminsa.com A record is:

www.vhufeaseminsa.com.  A  211.144.68.87 [TTL=300] [CN]
www.vhufeaseminsa.com.  A  211.144.68.67 [TTL=300] [CN]

PASS All WWW IPs public OK. All of your WWW IPs appear to be public IPs. If there were any private IPs,
they would not be reachable, causing problems reaching your web site. 
PASS CNAME Lookup OK. Some domains have a CNAME record for their WWW server that requires an extra
DNS lookup, which slightly delays the initial access to the website and use extra bandwidth. There are no
CNAMEs for www.vhufeaseminsa.com, which is good. 

Legend:

Rows with a FAIL indicate a problem that in most cases really should be fixed. 
Rows with a WARN indicate a possible minor problem, which often is not worth pursuing. 

Note that all information is accessed in real-time (except where noted), so this is the freshest information
about your domain. 
Note that automated usage is not tolerated; please only view the DNS report directly with your web browser.
--------------------------------------------------------------------------------

© Copyright 2000-2006 DNSstuff.com

I'm guessing that the failures to resolve are when the parser can't hang around long enough - dealing with a dozen or so cases a second. The IP points to ( http://www.dnsstuff.com/tools/whois.ch?ip=211.144.68.67 )

inetnum: 211.144.64.0 - 211.144.95.255

netname: COLNET

descr: Oriental Cable Network Co., Ltd.

descr: 9/F, Broadcasting&TV Building, No.651 Nanjing Rd.(W)

descr: Shanghai, P.R.China 200041

country: CN

e-mail: abuse[at]scn.com.cn

Possibly not noted for responsiveness to complaints - the PRC's cunning plan to destroy the capitalist/imperialist devil, whatever your preference. Reporting spamvertized links is not the primary task of SpamCop anyway ... some would say don't let it bother you.

No thoughts offhand on your other matters.

[Aaagh ... what happened to the console? I'm seeing that post stretching a yard wide. "It wasn't me officer, she was dead when I arrived."]

Link to comment
Share on other sites

[Aaagh ... what happened to the console? I'm seeing that post stretching a yard wide. "It wasn't me officer, she was dead when I arrived."]

The long lines copied off from the web-page (no line breaks included) and then inserted into the 'codebox' wrapper .... I went through three or four times, adding in a number of 'returns' .. not enough in all the right places, but did manage to 'scrunch' it up quite a bit .....

Now as to why raydragon chose to post the spam rather than a Tracking URL ...????

08/20/06 20:47:15 dns vhufeaseminsa.com

No DNS for this address

(host doesn't exist)

08/20/06 20:49:20 Slow traceroute vhufeaseminsa.com

Trace vhufeaseminsa.com failed, no such host

whois -h whois.crsnic.net vhufeaseminsa.com ...

Redirecting to BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN

whois -h whois.dns.com.cn vhufeaseminsa.com ...

Domain Name.......... vhufeaseminsa.com

Creation Date........ 2006-08-17 16:22:05

Registration Date.... 2006-08-17 16:22:05

Expiry Date.......... 2007-08-17 16:22:05

Organisation Name.... Wang Pang

Organisation Address. SH

Organisation Address.

Organisation Address. SH

Organisation Address. 610021

Organisation Address. SH

Organisation Address. CN

Admin Name........... Wang Pang

Admin Address........ SH

Admin Address........

Admin Address........ SH

Admin Address........ 610021

Admin Address........ SH

Admin Address........ CN

Admin Email.......... manadolapik[at]yahoo.com.cn

Admin Phone.......... +86.2176885541

Admin Fax............ +86.2176885541

Name Server.......... ns0.centalace.com

Name Server.......... ns0.cobeltees.com

available again .....

08/20/06 20:57:22 dns vhufeaseminsa.com

Canonical name: vhufeaseminsa.com

Addresses:

211.144.68.87

211.144.68.67

08/20/06 20:58:11 Slow traceroute www.vhufeaseminsa.com

Trace www.vhufeaseminsa.com (211.144.68.67) ...

08/20/06 20:58:38 dns www.vhufeaseminsa.com

Canonical name: www.vhufeaseminsa.com

Addresses:

211.144.68.67

211.144.68.87

whois -h whois.apnic.net 211.144.68.87 ...

inetnum: 211.144.64.0 - 211.144.95.255

netname: COLNET

descr: Oriental Cable Network Co., Ltd.

descr: 9/F, Broadcasting&TV Building, No.651 Nanjing Rd.(W)

descr: Shanghai, P.R.China 200041

country: CN

admin-c: GP192-AP

tech-c: YY135-AP

mnt-by: MAINT-CNNIC-AP

mnt-lower: MAINT-CNNIC-AP

changed: ipas[at]cnnic.net.cn 20060725

status: ALLOCATED PORTABLE

source: APNIC

person: Guifei Pang

nic-hdl: GP192-AP

e-mail: antispam_p[at]scn.com.cn

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...