alfredo Posted January 29, 2004 Share Posted January 29, 2004 Hi! Sorry my bad english: Where spamcop get the reporting addresses when a people from my networks send a spam? The reporting adresses listed are incorrect. The correct address already are on whois.registro.br and on my SOA zone. The spam advise now is sent to nic br and to embratel (a company that sells internet links on brasil), not to my ISP and I only know that my network is in spamcop when we are blocked. Thanks! Link to comment Share on other sites More sharing options...
Jeff G. Posted January 29, 2004 Share Posted January 29, 2004 You posted from 63.208.216.130. SpamCop parses that as follows: Parsing input: 63.208.216.130 host 63.208.216.130 (getting name) no name No recent reports, no history available [report history] Resolves to 63.208.216.130 Tracking ip 63.208.216.130 Routing details for 63.208.216.130 [refresh/show] Cached whois for 63.208.216.130 : abuse[at]level3.com Using abuse net on abuse[at]level3.com abuse net level3.com = abuse[at]level3.net, spamtool[at]level3.net, abuse[at]level3.com Using best contacts abuse[at]level3.net spamtool[at]level3.net abuse[at]level3.com abuse[at]level3.net redirects to level3[at]admin.spamcop.net spamtool[at]level3.net redirects to level3[at]admin.spamcop.net abuse[at]level3.com redirects to level3[at]admin.spamcop.net Statistics: 63.208.216.130 not listed in bl.spamcop.net More Information.. 63.208.216.130 not listed in dnsbl.njabl.org 63.208.216.130 not listed in dnsbl.njabl.org 63.208.216.130 not listed in cbl.abuseat.org 63.208.216.130 not listed in dnsbl.sorbs.net 63.208.216.130 not listed in relays.ordb.org. Replacing internal level3 alias abuse net level3.net = abuse[at]level3.net, spamtool[at]level3.net Reporting addresses: abuse[at]level3.net spamtool[at]level3.net 63.208.216.130 is in the following netblock, which Level 3 has not SWIPped: OrgName: Level 3 Communications, Inc. OrgID: LVLT Address: 1025 Eldorado Blvd. City: Broomfield StateProv: CO PostalCode: 80021 Country: US NetRange: 63.208.0.0 - 63.215.255.255 CIDR: 63.208.0.0/13 NetName: LEVEL4-CIDR NetHandle: NET-63-208-0-0-1 Parent: NET-63-0-0-0-0 NetType: Direct Allocation NameServer: NS1.LEVEL3.NET NameServer: NS2.LEVEL3.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-05-28 Updated: 2001-05-30 TechHandle: LC-ORG-ARIN TechName: level Communications TechPhone: +1-877-453-8353 TechEmail: ipaddressing[at]level3.com OrgAbuseHandle: APL8-ARIN OrgAbuseName: Abuse POC LVLT OrgAbusePhone: +1-877-453-8353 OrgAbuseEmail: abuse[at]level3.com OrgTechHandle: TPL1-ARIN OrgTechName: Tech POC LVLT OrgTechPhone: +1-877-453-8353 OrgTechEmail: ipaddressing[at]level3.com OrgTechHandle: ARINC4-ARIN OrgTechName: ARIN Contact OrgTechPhone: +1-800-436-8489 OrgTechEmail: arin-contact[at]genuity.com # ARIN WHOIS database, last updated 2004-01-28 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. Link to comment Share on other sites More sharing options...
alfredo Posted January 29, 2004 Author Share Posted January 29, 2004 Hi! The IP that I used to post is 200.251.233.8 or 200.251.232.167. The "Trace IP" option from spamcop (for our main mail server) tells: Parsing input: 200.251.232.173 host 200.251.232.173 = mail01.pocos-net.com.br (cached) Reporting addresses: mail-abuse[at]nic.br abuse[at]embratel.net.br ------------- I want to add abuse[at]pocos-net.com.br or admin[at]pocos-net.com.br or postmaster or dir[at]pocos-net.com.br, that are adresses on SOA record of this domain and on my registry contacts on registro.br Thanks ! Link to comment Share on other sites More sharing options...
Merlyn Posted January 29, 2004 Share Posted January 29, 2004 Hi! Sorry my bad english: Where spamcop get the reporting addresses when a people from my networks send a spam? The reporting adresses listed are incorrect. The correct address already are on whois.registro.br and on my SOA zone. The spam advise now is sent to nic br and to embratel (a company that sells internet links on brasil), not to my ISP and I only know that my network is in spamcop when we are blocked. Thanks! Looks like mail-abuse[at]nic.br if you check the info below. Querying whois.nic.br with "pocos-net.com.br"... % Copyright registro.br % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to domain name and IP number registrations % By submitting a whois query, you agree to use this data % only for lawful purposes. % 2004-01-29 12:20:08 (BRST -02:00) domain: POCOS-NET.COM.BR owner: GRAFIX SISTEMAS DE TELECOMUNICACOES S/C LTDA ownerid: 000.365.535/0001-66 responsible: Flávio Marcon address: R. Prefeito Chagas, 305, Loja 20 address: 37701-010 - Poços de Caldas - MG phone: (035) 7226500 [] owner-c: TEV4 admin-c: REM6 tech-c: REM6 billing-c: TEV4 nserver: SERVER01.POCOS-NET.COM.BR 200.251.232.2 nsstat: 20040128 AA nslastaa: 20040128 nserver: SERVER02.POCOS-NET.COM.BR 200.251.232.5 nsstat: 20040128 AA nslastaa: 20040128 nserver: SERVER03.POCOS-NET.COM.BR 200.251.232.167 nsstat: 20040128 AA nslastaa: 20040128 created: 19960617 #9712 updated: 19980202 changed: 20020814 status: published nic-hdl-br: REM6 person: Renato E. Miguel e-mail: renatec[at]RENATEC.COM.BR address: Av. Prefeito Chagas, 305, Centro address: 37701-010 - Poços de Caldas - MG phone: (035) 7224533 [] created: 19980202 changed: 20000412 nic-hdl-br: TEV4 person: Grafix Sist. Telec. Ltda. e-mail: dir[at]POCOS-NET.COM.BR address: R. Prefeito Chagas, 305, Loja 20 address: 37701-010 - Pocos de Caldas - MG phone: (035) 722-6500 [] created: 20000203 changed: 20011212 remarks: Security issues should also be addressed to remarks: nbso[at]nic.br, http://www.nbso.nic.br/ remarks: Mail abuse issues should also be addressed to remarks: mail-abuse[at]nic.br % whois.registro.br accepts only direct match queries. % Types of queries are: domains (.BR), BR POCs, CIDR blocks, % IP and AS numbers. Link to comment Share on other sites More sharing options...
Jeff G. Posted January 29, 2004 Share Posted January 29, 2004 OK, looking more closely at the trace, then ( http://www.spamcop.net/sc?track=200.251.232.173 or http://members.spamcop.net/sc?track=200.251.232.173 or http://mailsc.spamcop.net/sc?track=200.251.232.173 , depending on your service): Parsing input: 200.251.232.173 host 200.251.232.173 = mail01.pocos-net.com.br (cached) [report history] Resolves to 200.251.232.173 Tracking ip 200.251.232.173 Routing details for 200.251.232.173 [refresh/show] Cached whois for 200.251.232.173 : mail-abuse[at]nic.br abuse[at]embratel.net.br Using abuse net on mail-abuse[at]nic.br abuse net nic.br = mail-abuse[at]nic.br, antispambr[at]abuse.net, postmaster[at]nic.br Using abuse net on abuse[at]embratel.net.br abuse net embratel.net.br = abuse[at]embratel.net.br Using best contacts mail-abuse[at]nic.br antispambr[at]abuse.net abuse[at]embratel.net.br postmaster[at]nic.br antispambr[at]abuse.net redirects to spambr[at]admin.spamcop.net I refuse to bother postmaster[at]nic.br Statistics: 200.251.232.173 listed in bl.spamcop.net (127.0.0.2) More Information.. 200.251.232.173 not listed in dnsbl.njabl.org 200.251.232.173 not listed in dnsbl.njabl.org 200.251.232.173 not listed in cbl.abuseat.org 200.251.232.173 not listed in dnsbl.sorbs.net 200.251.232.173 not listed in relays.ordb.org. Reporting addresses: mail-abuse[at]nic.br abuse[at]embratel.net.br As it turns out, SpamCop Users reported spam received from this IP Address three times yesterday, according to the Report History: Submitted: Wednesday 2004/01/28 19:35:16 -0500: grow your member now 643143618 ( http://www.nepzzz.com/m001p/byebye.html ) To: anti-spam#chinanet.cn.net[at]devnull.spamcop.net 643143615 ( http://www.bunnd.com/vp5 ) To: anti-spam#chinanet.cn.net[at]devnull.spamcop.net 643143611 ( http://www.nepzzz.com/m001p/byebye.html ) To: postmaster[at]cta.cq.cn 643143608 ( http://www.bunnd.com/vp5 ) To: postmaster[at]cta.cq.cn 643143605 ( http://www.nepzzz.com/m001p/byebye.html ) To: cqrx[at]online.cq.cn 643143602 ( http://www.bunnd.com/vp5 ) To: cqrx[at]online.cq.cn 643143600 ( http://www.nepzzz.com/m001p/byebye.html ) To: abuse[at]cta.cq.cn 643143598 ( http://www.bunnd.com/vp5 ) To: abuse[at]cta.cq.cn 643143595 ( 200.251.232.173 ) To: spamcop[at]imaphost.com 643143590 ( 200.251.232.173 ) To: abuse[at]embratel.net.br 643143585 ( 200.251.232.173 ) To: mail-abuse[at]nic.br 643143577 ( 200.251.232.173 ) To: spambr[at]admin.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday 2004/01/28 17:59:20 -0500: {spam?} size? 642167829 ( http://www.nepzzz.com/m001p/byebye.html ) To: anti-spam#chinanet.cn.net[at]devnull.spamcop.net 642167826 ( http://www.bunnd.com/vp5 ) To: anti-spam#chinanet.cn.net[at]devnull.spamcop.net 642167817 ( http://www.nepzzz.com/m001p/byebye.html ) To: postmaster[at]cta.cq.cn 642167814 ( http://www.bunnd.com/vp5 ) To: postmaster[at]cta.cq.cn 642167808 ( http://www.nepzzz.com/m001p/byebye.html ) To: cqrx[at]online.cq.cn 642167805 ( http://www.bunnd.com/vp5 ) To: cqrx[at]online.cq.cn 642167795 ( http://www.nepzzz.com/m001p/byebye.html ) To: abuse[at]cta.cq.cn 642167790 ( http://www.bunnd.com/vp5 ) To: abuse[at]cta.cq.cn 642167781 ( 200.251.232.173 ) To: spamcop[at]imaphost.com 642167771 ( 200.251.232.173 ) To: abuse[at]embratel.net.br 642167758 ( 200.251.232.173 ) To: mail-abuse[at]nic.br 642167747 ( 200.251.232.173 ) To: spambr[at]admin.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday 2004/01/28 16:43:35 -0500: enlarge your member naturally 641690411 ( http://www.nepzzz.com/m001p/byebye.html ) To: mole[at]devnull.spamcop.net 641690407 ( http://www.bunnd.com/vp5 ) To: mole[at]devnull.spamcop.net 641690389 ( 200.251.232.173 ) To: mole[at]devnull.spamcop.net "Routing details for 200.251.232.173" shows: Reports routes for 200.251.232.173: routeid:7583005 200.251.0.0 - 200.251.255.255 to:mail-abuse[at]nic.br Administrator found from whois records routeid:7583004 200.251.0.0 - 200.251.255.255 to:abuse[at]embratel.net.br Administrator found from whois records "Cached whois for 200.251.232.173" shows: Tracking details Display data: "whois 200.251.232.173[at]whois.arin.net" (Getting contact from whois.arin.net ) Redirect to whois.lacnic.net : Display data: "whois 200.251.232.173[at]whois.lacnic.net" (Getting contact from whois.lacnic.net) Redirect to whois.nic.br : Display data: "whois 200.251.232.173[at]whois.nic.br" (Getting contact from whois.nic.br) Backup contact owner-c = tev4 Using NS name server01.pocos-net.com.br to find domain and contact Display data: "whois pocos-net.com.br[at]whois.nic.br" (Getting contact from whois.nic.br) Backup contact owner-c = tev4 nic.br abuse address in remarks/descr field rem6 = renatec[at]renatec.com.br whois.nic.br pocos-net.com.br = renatec[at]renatec.com.br nic.br abuse address in remarks/descr field gse6 = abuse[at]embratel.net.br whois.nic.br found abuse contacts for 200.251.232.173 = abuse[at]embratel.net.br whois: 200.251.232.0 - 200.251.233.255 = mail-abuse[at]nic.br, abuse[at]embratel.net.br Routing details for 200.251.232.173 Using abuse net on mail-abuse[at]nic.br abuse net nic.br = mail-abuse[at]nic.br, antispambr[at]abuse.net, postmaster[at]nic.br Using abuse net on abuse[at]embratel.net.br abuse net embratel.net.br = abuse[at]embratel.net.br Using best contacts mail-abuse[at]nic.br antispambr[at]abuse.net abuse[at]embratel.net.br postmaster[at]nic.br antispambr[at]abuse.net redirects to spambr[at]admin.spamcop.net I refuse to bother postmaster[at]nic.br A direct query of pocos-net.com.br at whois.nic.br shows: 01/29/04 09:23:16 whois pocos-net.com.br[at]whois.nic.br whois -h whois.nic.br pocos-net.com.br ... % Copyright registro.br % The data below is provided for information purposes % and to assist persons in obtaining information about or % related to domain name and IP number registrations % By submitting a whois query, you agree to use this data % only for lawful purposes. % 2004-01-29 12:24:08 (BRST -02:00) domain: POCOS-NET.COM.BR owner: GRAFIX SISTEMAS DE TELECOMUNICACOES S/C LTDA ownerid: 000.365.535/0001-66 responsible: Flávio Marcon address: R. Prefeito Chagas, 305, Loja 20 address: 37701-010 - Poços de Caldas - MG phone: (035) 7226500 [] owner-c: TEV4 admin-c: REM6 tech-c: REM6 billing-c: TEV4 nserver: SERVER01.POCOS-NET.COM.BR 200.251.232.2 nsstat: 20040128 AA nslastaa: 20040128 nserver: SERVER02.POCOS-NET.COM.BR 200.251.232.5 nsstat: 20040128 AA nslastaa: 20040128 nserver: SERVER03.POCOS-NET.COM.BR 200.251.232.167 nsstat: 20040128 AA nslastaa: 20040128 created: 19960617 #9712 updated: 19980202 changed: 20020814 status: published nic-hdl-br: REM6 person: Renato E. Miguel e-mail: renatec[at]RENATEC.COM.BR address: Av. Prefeito Chagas, 305, Centro address: 37701-010 - Poços de Caldas - MG phone: (035) 7224533 [] created: 19980202 changed: 20000412 nic-hdl-br: TEV4 person: Grafix Sist. Telec. Ltda. e-mail: dir[at]POCOS-NET.COM.BR address: R. Prefeito Chagas, 305, Loja 20 address: 37701-010 - Pocos de Caldas - MG phone: (035) 722-6500 [] created: 20000203 changed: 20011212 remarks: Security issues should also be addressed to remarks: nbso[at]nic.br, http://www.nbso.nic.br/ remarks: Mail abuse issues should also be addressed to remarks: mail-abuse[at]nic.br % whois.registro.br accepts only direct match queries. % Types of queries are: domains (.BR), BR POCs, CIDR blocks, % IP and AS numbers. Please review "How can I get SpamCop reports about my network?" at http://www.spamcop.net/fom-serve/cache/94.html. You should create an abuse.net listing for each of the domains you manage per http://www.abuse.net/addnew.html . Link to comment Share on other sites More sharing options...
alfredo Posted January 29, 2004 Author Share Posted January 29, 2004 Yes this is correct and you see on the bottom: Mail abuse issues should also be addressed to mail-abuse[at]nic.br. NIC BR and Embratel does not send the spamcop message to us and if they send, is too late. If spamcop sent the messages to: renatec[at]RENATEC.COM.BR or dir[at]POCOS-NET.COM.BR that are the registred addresses will be great, then the message will be redirected to me by these persons, but the ideal is: abuse[at]pocos-net.com.br Link to comment Share on other sites More sharing options...
alfredo Posted January 29, 2004 Author Share Posted January 29, 2004 You should create an abuse.net listing for each of the domains you manage per http://www.abuse.net/addnew.html . Thank you all and JeffG! I will try this! []'s Alfredo Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.