k8ojMG4qc Posted August 25, 2006 Share Posted August 25, 2006 I have received a "[spamCop] summary report" from sc-smtp1-bulkmx.soma.ironport.com seeming to claim that a mail server under my control is sending spam: IP_Address Start/Length Trap User Mole Simp Comments RDNS www.xxx.yyy.zzz new/0 0 0 0 0 mymailserver.domain.tld. Contrary to the Spamcop FAQs, there is no "tracking" URL provided. I have checked the abuse contact as registered with whois and at abuse.net for our domain and this summary report is the only email received (from Spamcop). I created a Spamcop ISP account and looked up the IP address only to be given the following information: ISP control center * www.xxx.yyy.zzz Most recent spam reported about ... which is not helpful at all. Where or how can I find at least rudimentary information (sender/recipient, timestamp, message-id) about this incident? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 25, 2006 Share Posted August 25, 2006 All the zeroes indicate no new reports have been received (I think in the last 24 hours). If you provide an IP address, people here with paid accounts may be able to provide some additional information. Strange hos we never get complaints about ISP reports and tonight we have 2 different people complaining about them Link to comment Share on other sites More sharing options...
Wazoo Posted August 25, 2006 Share Posted August 25, 2006 If you want 'any' help 'here' .. you'll have to provide the IP address in question. If you want 'help' from the folks that have access to the database, I'll direct you to the SpamCop FAQ and or the SpamCopWiki for the answers that have already been provided. Links at the top of this very page. Link to comment Share on other sites More sharing options...
k8ojMG4qc Posted August 25, 2006 Author Share Posted August 25, 2006 fair enough then... 131.252.208.62 Link to comment Share on other sites More sharing options...
Wazoo Posted August 25, 2006 Share Posted August 25, 2006 As only a free-reporting account holder, I can't look up any history (someone will be along later and take that shot) However, at present, 131.252.208.62 not listed in bl.spamcop.net http://www.senderbase.org/?searchBy=ipaddr...=131.252.208.62 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 3.2 .. -70% Last 30 days .. 2.7 .. -90% Average ........ 3.7 Not your typical spammer infested numbers. http://groups.google.com/groups?scoring=d&...2+group:*abuse* only showing a couple of entries from 2004 Spamtrap hits do not generate "notifications" .. However, based on your referenced listing line of "reports" .. this would mean that those reports would have gone to; Parsing input: 131.252.208.62 host 131.252.208.62 = enclave.cat.pdx.edu. (cached) host 131.252.208.62 = enclave.cat.pdx.edu. (cached) Routing details for 131.252.208.62 [refresh/show] Cached whois for 131.252.208.62 : abuse[at]pdx.edu Using abuse net on abuse[at]pdx.edu abuse net pdx.edu = abuse[at]pdx.edu Using best contacts abuse[at]pdx.edu Is this a monitored address? The e-mail that generated the complaint would be included in those reports. Reports would not have gone out if they were generated by a Mole Reporter, but Mole Reports also can not generate a SpamCopDNSBL listing on thier own ..... Per SenderBase's "Magnitude" Explained .. we're looking at something like 1,000 e-mails a day. Once upon a time there was a 2% threshold, however that has changed a bit, now based on 'reputation points' .. please see What is on the list? for some of the math now involved. Much more data available in the SpamCop FAQ and/or the SpamCopWiki .. links at the top of this very page. Link to comment Share on other sites More sharing options...
k8ojMG4qc Posted August 25, 2006 Author Share Posted August 25, 2006 We are not currently blacklisted, which is good. But the spontaneous appearance of enclave in the summary report (with all 0s, which is additionally confusing) lead me to suspect some sort of reported incident. If it was a mole report, the mole column should be > 0, shouldn't it? Yes, I (and others) read the pdx.edu abuse contact each day. I am aware of the 2004 incidents, but that hardly seems relevant now. To access "history" of this report -- which would give me the information I need to do something about it (?) -- I would need to pay Spamcop money? Link to comment Share on other sites More sharing options...
turetzsr Posted August 25, 2006 Share Posted August 25, 2006 <snip> To access "history" of this report -- which would give me the information I need to do something about it (?) -- I would need to pay Spamcop money? ...Paid reporters do have access to limited information regarding reports (other than those due to SpamTraps), so you could go that route. However, a couple of them often happen by and provide a list as a reply to a forum post such as this. ...Alternatively, you could look at the link in the "SpamCop FAQ" (see link near top of page) labeled "SpamCop's System & Active Staff User Guide." ...Good luck! Link to comment Share on other sites More sharing options...
dra007 Posted August 25, 2006 Share Posted August 25, 2006 Report History: ------------------------------------------------------------------------- Submitted: Thursday, August 24, 2006 10:13:32 AM -0400: Considered UNSOLICITED BULK EMAIL from you 1890284153 ( 131.252.208.62 ) To: uube[at]devnull.spamcop.net ------------------------------------------------------------------------ not much in the reported history Link to comment Share on other sites More sharing options...
Wazoo Posted August 25, 2006 Share Posted August 25, 2006 Thanks ... and this would pretty much indicate that the probable cause boils down to "misdirected bounces" that hit spamtraps. And for that, you're going to have to contact the paid staff. All this is described in the SpamCop FAQ / SpamCopWiki / Why am I Blocked? Pinned item .... in addition to countless previous Topics/Discussions found in the Blocking List Help Forum section ..... Link to comment Share on other sites More sharing options...
k8ojMG4qc Posted August 25, 2006 Author Share Posted August 25, 2006 Thanks. I'm still confused why Trap wasn't 1 (instead of 0) in the summary report, but dra007's information will get me somewhere. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 25, 2006 Share Posted August 25, 2006 Thanks. I'm still confused why Trap wasn't 1 (instead of 0) in the summary report, but dra007's information will get me somewhere. I agree with that confusion. You should ask that question while conversing with the paid staff. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.