jongrose Posted January 30, 2007 Posted January 30, 2007 This is sort of a strange question, and I'm not sure this is the appropriate section of the forum, but it does have to do with the BL. I received a reply from an ISP to a report I filed stating that they have removed a user's ability to send email through their server (which strangely enough appears to be a name server & no MX records exist for that IP). I checked the SCBL and the IP they mentioned is not listed. However, their sending IP is listed in SpamHaus's XBL (and hence, the CBL). The email I report that generated their reply (which, incidentally, was not sent to my SC account) is this one: http://www.spamcop.net/sc?id=z1205455016z1...7b51f0afb9aa03z Here is a copy of their email with my details expunged: Return-Path: <spamcop[at]devnull.spamcop.net> Delivered-To: spamcop-net-_______[at]spamcop.net Received: (qmail 30017 invoked from network); 30 Jan 2007 12:43:38 -0000 Received: from unknown (192.168.1.101) by filter7.cesmail.net with QMQP; 30 Jan 2007 12:43:38 -0000 Received: from sc-smtp4-bulkmx.soma.ironport.com (204.15.82.126) by mailgate.cesmail.net with SMTP; 30 Jan 2007 12:43:38 -0000 Received: from sc-app5.spamcop.net ([204.15.82.24]) by sc-smtp4-bulkmx.soma.ironport.com with SMTP; 30 Jan 2007 04:43:38 -0800 X-SpamCop-Reply-Ids: 2117213292 X-Spamcop-Return-Path: <hcenter[at]list.ru> Received: from sc-smtp1-bulkmx.soma.ironport.com (sc-smtp1-bulkmx.soma.ironport.com [204.15.82.123]) by sc-app5.soma.ironport.com (Postfix) with ESMTP id 3425D2F8D7 for <2117213292[at]reports.spamcop.net>; Tue, 30 Jan 2007 04:42:19 -0800 (PST) Received: from mx33.mail.ru ([194.67.23.194]) by sc-smtp1-bulkmx.soma.ironport.com with ESMTP; 30 Jan 2007 04:42:18 -0800 Received: from [87.228.52.120] (port=9188 helo=hc3rw7f3s7xstv) by mx33.mail.ru with smtp id 1HBsIj-000Ft9-00 for 2117213292[at]reports.spamcop.net; Tue, 30 Jan 2007 15:41:29 +0300 Message-ID: <002201c7446b$____________[at]hc3rw7f3s7___> From: =?koi8-r?B?08zV1sLBINDPxMTF0tbLySBoY2VudGVyLmluZm8=?= <hcenter[at]list.ru> To: <2117213292[at]reports.spamcop.net> Subject: Spamcop report id:2117213292;body=Hello SpamCop user, Date: Tue, 30 Jan 2007 15:40:45 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="koi8-r"; reply-type=original Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-SpamCop-Checked: 192.168.1.101 204.15.82.126 204.15.82.24 204.15.82.123 194.67.23.194 87.228.52.120 X-SpamCop-Disposition: Blocked xbl.spamhaus.org Good afternoon! The User sending jv with server 85.249.136.194 is removed with server. We Ask to release ip address. ----------------------------------------------- ó Õ×ÃÖÅÎÉÅÃ, ÓÌÕÖÂà ÃÃÄÄÅÒÖËÉ ÈÃÓÔÉÎÇ × ÃÃÓË×Å Ã10 info[at]hcenter.ru http://www.hcenter.ru support[at]hcenter.info http://www.hcenter.info I never reply to any emails sent to reporting addresses for fear of exposing my real identity. But, this is a weird case. Should I contact them and tell them that they are not in SC, but actually in another DNSbl? Or should I forward it to the deputies? Or just ignore it? P.S. - I noticed someone was saying that reports to abuse[at]infobox.ru were going unanswered, but this one was apparently answered, acted on, and responded to.
StevenUnderwood Posted January 30, 2007 Posted January 30, 2007 This is sort of a strange question, and I'm not sure this is the appropriate section of the forum, but it does have to do with the BL. I usually report these types of things to the deputies to handle.
jongrose Posted January 30, 2007 Author Posted January 30, 2007 I usually report these types of things to the deputies to handle. That's what I'll do, thanks.
Miss Betsy Posted January 30, 2007 Posted January 30, 2007 Lots of people ignore responses to report ids. IMHO, it is polite to answer them even if they seem fishy. You do have to mask your email address or send from a throwaway account which is a bit of trouble. If the message doesn't indicate that a real white hat made a mistake and is sorry, it is an opportunity to 'educate' the sender (in a polite manner). If you have time you can write a lot more explanation than the deputies probably have time for. OTOH, the deputies often do not like our explanations and probably would rather do it themselves. Miss Betsy
jongrose Posted January 31, 2007 Author Posted January 31, 2007 Lots of people ignore responses to report ids. IMHO, it is polite to answer them even if they seem fishy. You do have to mask your email address or send from a throwaway account which is a bit of trouble. Too bad you can't reply from the reporting pseudonym address. Several of the other email systems I use, like Yahoo and Hushmail allow you to do this.
StevenUnderwood Posted January 31, 2007 Posted January 31, 2007 Too bad you can't reply from the reporting pseudonym address. Several of the other email systems I use, like Yahoo and Hushmail allow you to do this. It is not easy, but I have done that on my own, usually from my webmail account (hint: identities).
Recommended Posts
Archived
This topic is now archived and is closed to further replies.