Jump to content

Receiving Alerts and Summary Reports Indicating SPAM Activity But No Actual SPAM Reports


aardvark

Recommended Posts

Posted

Hi

We are a web-hoster running our own network (member of RIPE). We've been receiving alerts related to a customer sending spam but we haven't yet received any reports (i.e. copies of spam) from either spamcop or directly from the public. These two IPs don't appear to have been listed yet which given the figures below I find strange. We do have a contact email address listed in the RIPE database and I would have expected spam reports to go there. This has been going on for 4-5 days. We would like to get this cleaned up but we need to see copies of the spam before terminating the customer.

IP_Address Start/Length Trap User Mole Simp Comments

RDNS

82.1..... Apr 25 16h/4 10 3 0 1

customerdomain.com

82.1..... Apr 25 16h/4 24 14 1 0

customerdomain.com

Posted
... IP_Address Start/Length Trap User Mole Simp Comments. ...
There are no reports sent from moles - never knew anything issued to the ISP at all, actually (live and learn). I'm sure SC admin or a deputy could answer your query in a flash (given IP address in question) - can you email service[at]admin.spamcop.net or deputies[at]admin.spamcop.net?
Posted
IP_Address Start/Length Trap User Mole Simp Comments

RDNS

82.1..... Apr 25 16h/4 10 3 0 1

customerdomain.com

82.1..... Apr 25 16h/4 24 14 1 0

customerdomain.com

Confused. How do you expect anyone here to look anything up with no actual data provided? The numbers indicate that user reports were created by SpamCop.net users, but would then assume that they are going to the IP Block owner rather than you .... could have been answered if the IP address had been offered.

Your words "receiving alerts" seem to be totally undefined .... alerts from whom????

Getting listed on the SpamCopDNSBL is based on the results of a bit of math. The numbers you offer do not include the majority of the variables involved.

Posted

Confused. How do you expect anyone here to look anything up with no actual data provided? The numbers indicate that user reports were created by SpamCop.net users, but would then assume that they are going to the IP Block owner rather than you .... could have been answered if the IP address had been offered.

Your words "receiving alerts" seem to be totally undefined .... alerts from whom????

I'm not listing the specific IPs or domains as we have to be protective of customer privacy.The alerts are coming from Spamcop, see header below.

We are the IP block owner.

I was looking for generic advice, I will email spamcop about this.

----- Forwarded Message -----

From: "SpamCop robot" <summaries[at]admin.spamcop.net>

To: abuse[at]..

Sent: Wednesday, 30 April, 2008 4:45:29 AM GMT +00:00 GMT Britain, Ireland, Portugal

Subject: [spamCop] summary report

[ SpamCop Summary Report ]

-- See footer for key to columns and notes about this report --

Posted

The only way we can give generic advice about spamcop is if a user (or receiver of summary reports) posts here about a problem or a solution.

There have been a handful of posts from people who are getting summary reports and don't know what to do with them, but none of the regular posters have signed up with spamcop to receive those summaries so we don't have first hand experience. And since the questioners were confused to start with and didn't come back to explain what happened, we just don't have a lot to work with.

I don't understand the comment about IP addresses having to do with privacy. If the IP address (not email address) is being used, it can't be 'private' - the whole point of the internet is to exchange information.

Miss Betsy

Posted

I was looking for generic advice, I will email spamcop about this.

Generic advice: email deputies[at]spamcop.net

The only other thing you could do is setup a free reporting account (different email address than you have your alerts setup to receive and enter the IP address there and you can see where reports should be going to. Usually, the information you are receieving indicates you have an ISP account setup and you have configured it not to receive the actual reports, only a summary.

Posted

Go to http://www.spamcop.net/bl.shtml, put in one of the IP addresses, and click the button. Then click on Trace IP. This will tell you where reports regarding those IP addresses are going, and why. I'm not sure that withholding IP addresses is really protecting anyone, since those addresses are by necessity public, but that is the first thing I would do had you given us the IP addresses involved.

I have noticed that sometimes a bad entry in abuse net will override a good entry in the RIR databases, not sure why SpamCop decided to use the data that to me seems to be less official, but that was their choice. As was said before, you will probably need to email the deputies, but you will need to provide them with the IP addresses invovled.

Note that if the complaint involves spamvertised URLs, rather than actual spam originating from the IP addresses, reports go to the owner of the IP address hosting the domain. Said spamvertised URL reports do not cause a listing of any kind, they are merely to inform the network owner that they may have a problem customer on their network, or a hijacked machine acting as a proxy webhost for one of the criminal spam groups out there. But again, the only point that a domain name comes into play is to look up the IP addresses where it is hosted.

Posted
I was looking for generic advice

To which the response from 'here' would be to read the FAQs / Wiki entries that have been developed to answer such questions.

Subject: [spamCop] summary report

Semantics .... you call these 'alerts' ... what they really are is exactly as Titled .. Summary Reports that you signed up to receive from SpamCop.net.

The EU community/consortium is in fact trying to include an IP Address as part of the data considered to be 'personal information' and therefore a security/legal issue .... yet another smash-up between technology, law, and folks involved that may not have a handle on either or both ....

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...