QuantumMechanic Posted February 2, 2007 Share Posted February 2, 2007 203.223.152.224 (gabbrands.com) I got an email from this IP, the email was reported, and then I get a message back from jaring.my saying that this IP is nothing to do with them. Looking at the DNS it _is_ nothing to do with them it seems. I am guessing that the DNS was incorrect at the time of spam submission or that spamcop.net messed up somehow or is using old information. the past reports page is the only thing I have to go on: [moderator edit links removed at member request. Essential detail was Hostname verified: mx02.gabnewsline.com cisx received mail from sending system 203.223.152.231 Tracking message source: 203.223.152.231: Routing details for 203.223.152.231 [refresh/show] Cached whois for 203.223.152.231 : network[at]aims.com.my sysadm[at]aims.com.my Using abuse net on network[at]aims.com.my abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my Using best contacts postmaster[at]asianetcom.com abuse[at]mol.net.my abuse[at]gblx.net webmaster[at]asianetcom.com postmaster[at]asiaglobalcrossing.com abuse[at]jaring.my abuse[at]gblx.ad.jp postmaster[at]gblx.ad.jp postmaster[at]aims.com.my abuse[at]mol.net.my bounces (2020 sent : 1225 bounces) Using abuse#mol.net.my[at]devnull.spamcop.net for statistical tracking. Reports disabled for postmaster[at]aims.com.my Using postmaster#aims.com.my[at]devnull.spamcop.net for statistical tracking. Message is 30 hours old 203.223.152.231 not listed in dnsbl.njabl.org 203.223.152.231 not listed in dnsbl.njabl.org 203.223.152.231 not listed in cbl.abuseat.org 203.223.152.231 not listed in dnsbl.sorbs.net 203.223.152.231 not listed in accredit.habeas.com 203.223.152.231 not listed in plus.bondedsender.org 203.223.152.231 not listed in iadb.isipp.com Finding links in message body Parsing text part Resolving link obfuscation ht tp:// mx02.gabnews line.com/index.php?l=gab_1&e=x Host mx02.gabnewsline.com (checking ip) = 203.223.152.231 host 203.223.152.231 = mx02.gabnewsline.com (cached) h ttp:// mx02.gabnews line.com/t/c/182/gab_1/pz123321.html Host mx02.gabnewsline.com (checking ip) = 203.223.152.231 host 203.223.152.231 = mx02.gabnewsline.com (cached) Tracking link: htt p:// mx02.gabnew sline.com/t/c/182/gab_1/pz123321.html No recent reports, no history available Resolves to 203.223.152.231 Routing details for 203.223.152.231 [refresh/show] Cached whois for 203.223.152.231 : network[at]aims.com.my sysadm[at]aims.com.my Using abuse net on network[at]aims.com.my abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my Using best contacts postmaster[at]asianetcom.com abuse[at]mol.net.my abuse[at]gblx.net webmaster[at]asianetcom.com postmaster[at]asiaglobalcrossing.com abuse[at]jaring.my abuse[at]gblx.ad.jp postmaster[at]gblx.ad.jp postmaster[at]aims.com.my abuse[at]mol.net.my bounces (2020 sent : 1225 bounces) Using abuse#mol.net.my[at]devnull.spamcop.net for statistical tracking. Reports disabled for postmaster[at]aims.com.my Using postmaster#aims.com.my[at]devnull.spamcop.net for statistical tracking. Tracking link: ht tp:// mx02.gabnews line.com/index.php?l=gab_1&e=x No recent reports, no history available Resolves to 203.223.152.231 Routing details for 203.223.152.231 [refresh/show] Cached whois for 203.223.152.231 : network[at]aims.com.my sysadm[at]aims.com.my Using abuse net on network[at]aims.com.my abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my Using best contacts postmaster[at]asianetcom.com abuse[at]mol.net.my abuse[at]gblx.net webmaster[at]asianetcom.com postmaster[at]asiaglobalcrossing.com abuse[at]jaring.my abuse[at]gblx.ad.jp postmaster[at]gblx.ad.jp postmaster[at]aims.com.my abuse[at]mol.net.my bounces (2020 sent : 1225 bounces) Using abuse#mol.net.my[at]devnull.spamcop.net for statistical tracking. Reports disabled for postmaster[at]aims.com.my Using postmaster#aims.com.my[at]devnull.spamcop.net for statistical tracking. Reports regarding this spam have already been sent: Re: 203.223.152.231 (Administrator of network where email originates) Reportid: 2125935768 To: abuse[at]gblx.net Reportid: 2125935779 To: postmaster[at]gblx.ad.jp Reportid: 2125935784 To: abuse[at]jaring.my Reportid: 2125935788 To: postmaster#aims.com.my[at]devnull.spamcop.net Reportid: 2125935797 To: webmaster[at]asianetcom.com Reportid: 2125935798 To: postmaster[at]asiaglobalcrossing.com Reportid: 2125935804 To: abuse[at]gblx.ad.jp Reportid: 2125935805 To: postmaster[at]asianetcom.com Reportid: 2125935808 To: abuse#mol.net.my[at]devnull.spamcop.net If reported today, reports would be sent to: Re: 203.223.152.231 (Administrator of network where email originates) postmaster[at]gblx.ad.jp abuse[at]gblx.ad.jp abuse[at]jaring.my postmaster[at]asiaglobalcrossing.com webmaster[at]asianetcom.com abuse#mol.net.my[at]devnull.spamcop.net abuse[at]gblx.net postmaster#aims.com.my[at]devnull.spamcop.net postmaster[at]asianetcom.com Re: h ttp:// mx02.gabnews line.com/index.php?l=gab_1&a... (Administrator of network hosting website referenced in spam) postmaster[at]asianetcom.com postmaster#aims.com.my[at]devnull.spamcop.net abuse[at]gblx.net abuse#mol.net.my[at]devnull.spamcop.net webmaster[at]asianetcom.com postmaster[at]asiaglobalcrossing.com abuse[at]jaring.my abuse[at]gblx.ad.jp postmaster[at]gblx.ad.jp Re: htt p:// mx02.gabnews line.com/t/c/182/gab_1/pz123... (Administrator of network hosting website referenced in spam) (ditto) 2 links in this post removed.] Link to comment Share on other sites More sharing options...
Farelf Posted February 2, 2007 Share Posted February 2, 2007 203.223.152.224 (gabbrands.com) I got an email from this IP, the email was reported, and then I get a message back from jaring.my saying that this IP is nothing to do with them. Suggest you pass the jaring email on to deputies[at]admin.spamcop.net. There may be some sort of whois problem with the address range - I notice grabbrands.com has WhoisGuard Protection enabled (from SenderBase). What thet does to the resolution I have no idea but WhoIs on the IP address comes up with aims.com.my for the range 203.223.128.0 - 203.223.159.255 and abuse.net for aims.com.my givesLook up an address in the abuse.net contact database postmaster[at]aims.com.my (for aims.com.my) abuse[at]mol.net.my (for aims.com.my) abuse[at]gblx.ad.jp (for aims.com.my) postmaster[at]gblx.ad.jp (for aims.com.my) webmaster[at]asianetcom.com (for aims.com.my) postmaster[at]asianetcom.com (for aims.com.my) postmaster[at]asiaglobalcrossing.com (for aims.com.my) abuse[at]gblx.net (for aims.com.my) abuse[at]jaring.my (for aims.com.my) Which is where we came in. Seems like if there is any massaging to be done it might have to be done by a Deputy. Link to comment Share on other sites More sharing options...
QuantumMechanic Posted February 2, 2007 Author Share Posted February 2, 2007 Thanks, I have done as you suggested. Link to comment Share on other sites More sharing options...
petzl Posted February 3, 2007 Share Posted February 3, 2007 Thanks, I have done as you suggested. Just "digging" IP 203.223.152.224 is APPLIED INFORMATION MANAGEMENT SERVICES IP range 203.223.146.0 to 203.223.156.255 Country Malaysia website http://www.aims.com.my/ AIMS Customer Care T : +603 2054 2600 Hotline: 1-300-88-HELP e: customer.care[at]aims.com.my Kuala Lumpur. Ground floor, Menara Aik Hua, Cangkat Raja Chulan, 50200 Kuala Lumpur. T +603 2031 4988 F +603 2031 8948 e: info[at]aims.com.my w: www.aims.com.my Link to comment Share on other sites More sharing options...
Farelf Posted February 3, 2007 Share Posted February 3, 2007 Thanks for the above petzl. The other side of the situation ... INFO Domain A Lookup Your gabbrands.com A record is: gabbrands.com. A 203.223.152.224 [TTL=1800] There neems to be an unresponsive DNS at the moment which may explain some glitching in resolution using DNSStuff tools at odd times. Link to comment Share on other sites More sharing options...
iixii Posted February 25, 2007 Share Posted February 25, 2007 Seems like if there is any massaging to be done it might have to be done by a Deputy. Why? abuse.net is just an independent service that Spamcop relies on, but no Spamcop deputy maintains it. If there's an error in their database, it has to be fixed by abuse.net - which has obviously happened in the meantime, as it now returns the single contact address network[at]aims.com.my for aims.com.my. Link to comment Share on other sites More sharing options...
bobbear Posted February 25, 2007 Share Posted February 25, 2007 Yeah - looks just like an abuse.net c/up: abuse net aims.com.my = postmaster[at]asianetcom.com, abuse[at]mol.net.my, abuse[at]gblx.net, webmaster[at]asianetcom.com, postmaster[at]asiaglobalcrossing.com, abuse[at]jaring.my, abuse[at]gblx.ad.jp, postmaster[at]gblx.ad.jp, postmaster[at]aims.com.my Seems like it should be: abuse net aims.com.my = sysadm[at]aims.com.my; network[at]aims.com.my; customer.care[at]aims.com.my; info[at]aims.com.my best guess of any or all of the above....I wish more networks had an abuse reporting address (that actually worked & didn't have a spam filter on it, that is....) Link to comment Share on other sites More sharing options...
Farelf Posted February 25, 2007 Share Posted February 25, 2007 Why? abuse.net is just an independent service that Spamcop relies on, but no Spamcop deputy maintains it. If there's an error in their database, it has to be fixed by abuse.net - which has obviously happened in the meantime, as it now returns the single contact address network[at]aims.com.my for aims.com.my.Abuse address lookups/report routing have been and continue to be over-ridden by Deputy intervention on a regular basis. I have no idea whether any of this feeds back to abuse.net but I suspect not - some/many of those interventions have nothing to do with abuse.net (though others do) - going by the occasional explanations of specific cases seen in these forums. There is a whole SC newsgroup - spamcop.routing - which goes into "cases" where the abuse.net result is apparently incorrect and in some instances the posters say they give their evidence to abuse.net (obviating any need for the Deputies to do so in those cases). I guess in other instances these posters may comment on SC intervention which appears to need changing. I'm not sure how much notice the Deputies might take of the newsgroup these days (having seen one comment from one experienced poster there that it appeared no notice was being taken in regard to one issue). You should go there and have a look for yourself. And be thankful there are people around like Claudio Valderrama C. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.