[SC-Help] Re: Understanding SC's Reports

[antioch]

"Mike Easter" <MikeE at ster.invalid> wrote in message 
news:e3r007$1ju$1 at news.spamcop.net...

> One example of spams which are in a .gif are stock spams.  Typically the 
> only thing which will come out of the spamcop parse will be spamcop 
> identifying the IP of the source and offering to report that spamsource IP 
> to the spamsource provider.

Stock reports - yes they are the ones I am getting

> The method by which SC spamcop determines a notify is based on a lookup in 
> the regional registrar for the IP block.
> All of the IPs of the world which are routing can be found in the whois 
> lookup of one of the RIR regional internet registrars, arin, ripe, lacnic, 
> apnic, afrinic.  There is a lot of 'organization' about ICANN and its ASO 
> and NRO and those registrars.

They are some I have used in the past.

> SC uses those databases db/s to determine the contact information for the 
> IP's block, and also uses the abuse.net registered contact or its default 
> suggestions for a domainname derived from the RIR contact, and also uses 
> its own experience with addresses which bounce, and also uses its own 
> database of human adjustments referred to as 'routing' information.  SC 
> also uses any information which a provider or other admin has provided 
> about whether it wants to be notified or not, or alternate addresses for 
> notifying,.  In addition, sometimes there are third parties which may be 
> notified about an IP or about all IPs.

Interesting info.

CLIPPED

>> spamcop at imaphost
>> Sorry this email is too old etc etc but goes on and gives more info
>> plus 'If reported....then at bottom Re 144 ... ... 3rd party interest
>> in email rep
>
> All of that is about the reporter fulfilling hir responsibilities about
> reporting spam.

So I have done another 10 or more and got all the reports back and saved.  I 
did it as you said and by God it was fast.  They must have one hell of a 
computer/programme.
This is what I mean - unless I know what I am reading in these reports, then 
I have no idea what I am supposed to do next.  In partic on the ones that 
ask if this is a spam.

>> Not according to 'Her indoors'
>
> I don't understand 'her indoors'

Are you from the other side of the pond?
Her indoors OR she who must be obeyed - its the wife :-) :-)

>>> I also 'recommend' using the webparser first for most people.  T

Done that way.

> You can also do it with an old one;  all you have to do is parse
> something you have already reported, and then copy the tracking url, and 
> then cancel the report.

That is handy.

>>> May be saved for future reference:

> http://www.spamcop.net/sc?id=z939018156zce3ff9ab3b5765265194cea1472a5ccez

 its the info contained in them I don't
 understand. That is what I was asking

> We can talk about that.  I have a way I like to use to abbreviate the
> Received headerlines.  I'll use one of mine from above as an example.
> In the above example there's only one line:
> Abbreviated Received traceline *comment
> from my.flirt.com.ua ([58.51.7.200]) by
> mx-roseate.atl.sa.earthlink.net *sourceline

Sorry - you have lost me already.

> SC determines that source IP and determines the notifies for it, and also 
> determines a spamvertised link and determines the notifies for it. In 
> addition, SC offers to report to the 3rd party at imaphost.com --  which 
> is another story and which I routinely uncheck.
>
>>> When you submit a spam to the webparser, it can give you its verbose 
>>> output if you configure for that in the preferences.

CLIPPED

 there are a number of choices, the 4th one
> of which is "Show Technical Details during reporting"   I like those
> technical details.

Thanks for that - yes I did spot it

>> That verbose
>>> output tells you a lot about what is the parser's logic in its
>>> processes.  If you think the faq was difficult to understand and
>>> navigate, you'll find the parser verbose particularl confusing.
>> But it too is worth getting oriented with.

This is what I want to be able to do, otherwise the whole point of coming 
here is rather pointless.
> The preference for show techical details is /more/ verbose or wordy, not 
> less.

As I found out when making the choices.

Additional Info
As I went in and did the first parse/report as you suggested, I got a report 
for an email that I have never received.  It certainly was not the one I had 
copied and pasted.
Panic set in - what the hell had I done - red card coming I thought.
So I found a contact, pasted it in there and explained what had happened. 
Then I cancelled it as a choice, there and then.
Forgot to save a copy though.  I am waiting for their reply.
I did the parse again and got a proper report the second time.

Many thanks again for your patience and help.
I see that in spam group there are a couple of threads re the stock spam.
Better go - her etc etc is wondering when/if I am going to bed.
Rgds
Antioch
'The name of the slough was Spamcop' - apologies to Bunyan