![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: seeking for range query
Mike Easter
MikeE at ster.invalid
Mon Jul 25 06:54:39 EDT 2005
Gasti Gillen wrote:
University of Graz in Austria
> I am not to sure if this is the right ng for his posting.
>
> If not, please notify me where to post it.
This is not a bad place to start. There are more admin types [and also
kooks] in news.admin.net-abuse.email.
> I am looking for a free tool or web site which I can use to make a
> whole range query (e.g. 143.50.*.*) to find out which of the
> addresses in my B-Class net are listed on the common worldwide lists.
I know of no such animal. That entire /16 is under the University's
aegis, as you have mentioned. Some ideas come to mind from an
administration point of view. The /16 could be portscanned for
'important' ports by the admin, not the curious. The output servers for
the mail could be individually looked up someplace like dnsstuff. The 6
IPs I've listed below don't show up anywhere.
I can put the /16 into the tool at senderbase to see which servers have
a record of outputting mail and see only these:
Addresses in 143.50.0.0/16 used to send email
address | hostname |DNS Verified | Daily Mag | Monthly Mag
143.50.13.36 herakles.kfunigraz.ac.at Y 4.7 4.7
143.50.212.116 inode116.kfunigraz.ac.at Y 0.0 3.5
143.50.129.26 teutates.kfunigraz.ac.at Y 3.4 3.5
143.50.212.176 inode176.kfunigraz.ac.at Y 0.0 3.1
143.50.5.28 mbug28.kfunigraz.ac.at Y 2.5 2.8
143.50.5.29 mbug29.kfunigraz.ac.at Y 2.3 2.7
... where 'Daily Mag' I've abbreviated for magnitude which is a
logarithm of the output; similarly for Monthly, where monthly means per
day over the past month.
The bottom 2 in this case are the MXes, the top 4 are output servers,
where there's been some change recently for 2 of the servers whose
output has gone to zero. That is, inode116 had a big jump up in its
monthly output from its previous average, as did inode176 -- but now
they have fallen off to zero. For that type of conversation and
investigation, senderbase is the only free 'assayer' of such information
I know. The person who can access the logs for the inodes could
evaluate why they had a jump in their output activity.
I've gotten into arguments in nanae about senderbase information,
because a number of mail admins don't respect its assessments.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list