Spamcop reports with no information

[k8ojMG4qc]

I have received a "[spamCop] summary report" from sc-smtp1-bulkmx.soma.ironport.com seeming to claim that a mail server under my control is sending spam:

IP_Address Start/Length Trap User Mole Simp Comments RDNS

www.xxx.yyy.zzz new/0 0 0 0 0 mymailserver.domain.tld.

Contrary to the Spamcop FAQs, there is no "tracking" URL provided. I have checked the abuse contact as registered with whois and at abuse.net for our domain and this summary report is the only email received (from Spamcop). I created a Spamcop ISP account and looked up the IP address only to be given the following information:

ISP control center

* www.xxx.yyy.zzz

Most recent spam reported about

... which is not helpful at all.

Where or how can I find at least rudimentary information (sender/recipient, timestamp, message-id) about this incident?

[StevenUnderwood]

All the zeroes indicate no new reports have been received (I think in the last 24 hours).

If you provide an IP address, people here with paid accounts may be able to provide some additional information.

Strange hos we never get complaints about ISP reports and tonight we have 2 different people complaining about them

[Wazoo]

If you want 'any' help 'here' .. you'll have to provide the IP address in question.

If you want 'help' from the folks that have access to the database, I'll direct you to the SpamCop FAQ and or the SpamCopWiki for the answers that have already been provided. Links at the top of this very page.

[k8ojMG4qc]

fair enough then... 131.252.208.62

[Wazoo]

As only a free-reporting account holder, I can't look up any history (someone will be along later and take that shot)

However, at present, 131.252.208.62 not listed in bl.spamcop.net

http://www.senderbase.org/?searchBy=ipaddr...=131.252.208.62

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 3.2 .. -70%

Last 30 days .. 2.7 .. -90%

Average ........ 3.7

Not your typical spammer infested numbers.

http://groups.google.com/groups?scoring=d&...2+group:*abuse*

only showing a couple of entries from 2004

Spamtrap hits do not generate "notifications" .. However, based on your referenced listing line of "reports" .. this would mean that those reports would have gone to;

Parsing input: 131.252.208.62

host 131.252.208.62 = enclave.cat.pdx.edu. (cached)

host 131.252.208.62 = enclave.cat.pdx.edu. (cached)

Routing details for 131.252.208.62

[refresh/show] Cached whois for 131.252.208.62 : abuse[at]pdx.edu

Using abuse net on abuse[at]pdx.edu

abuse net pdx.edu = abuse[at]pdx.edu

Using best contacts abuse[at]pdx.edu

Is this a monitored address? The e-mail that generated the complaint would be included in those reports.

Reports would not have gone out if they were generated by a Mole Reporter, but Mole Reports also can not generate a SpamCopDNSBL listing on thier own .....

Per SenderBase's "Magnitude" Explained .. we're looking at something like 1,000 e-mails a day. Once upon a time there was a 2% threshold, however that has changed a bit, now based on 'reputation points' .. please see What is on the list? for some of the math now involved. Much more data available in the SpamCop FAQ and/or the SpamCopWiki .. links at the top of this very page.

[k8ojMG4qc]

We are not currently blacklisted, which is good. But the spontaneous appearance of enclave in the summary report (with all 0s, which is additionally confusing) lead me to suspect some sort of reported incident. If it was a mole report, the mole column should be > 0, shouldn't it?

Yes, I (and others) read the pdx.edu abuse contact each day. I am aware of the 2004 incidents, but that hardly seems relevant now.

To access "history" of this report -- which would give me the information I need to do something about it (?) -- I would need to pay Spamcop money?

[turetzsr]

<snip>

To access "history" of this report -- which would give me the information I need to do something about it (?) -- I would need to pay Spamcop money?

...Paid reporters do have access to limited information regarding reports (other than those due to SpamTraps), so you could go that route. However, a couple of them often happen by and provide a list as a reply to a forum post such as this.

...Alternatively, you could look at the link in the "SpamCop FAQ" (see link near top of page) labeled "SpamCop's System & Active Staff User Guide."

...Good luck!

[dra007]

Report History:

-------------------------------------------------------------------------

Submitted: Thursday, August 24, 2006 10:13:32 AM -0400:

Considered UNSOLICITED BULK EMAIL from you

1890284153 ( 131.252.208.62 ) To: uube[at]devnull.spamcop.net

------------------------------------------------------------------------

not much in the reported history

[Wazoo]

Thanks ... and this would pretty much indicate that the probable cause boils down to "misdirected bounces" that hit spamtraps. And for that, you're going to have to contact the paid staff. All this is described in the SpamCop FAQ / SpamCopWiki / Why am I Blocked? Pinned item .... in addition to countless previous Topics/Discussions found in the Blocking List Help Forum section .....

[k8ojMG4qc]

Thanks.

I'm still confused why Trap wasn't 1 (instead of 0) in the summary report, but dra007's information will get me somewhere.

[StevenUnderwood]

Thanks.

I'm still confused why Trap wasn't 1 (instead of 0) in the summary report, but dra007's information will get me somewhere.

I agree with that confusion. You should ask that question while conversing with the paid staff.