[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Re: Well that didn't take long...

Galen abuse at whathostingshould.be
Fri Mar 17 01:39:41 EST 2006 

In news:dvdglb$prv$1 at news.spamcop.net,
Jeff G. had this to say:

> Galen wrote:
>> Unfortunately we didn't get a copy of the emails - just our admins
>> telling us "yes it was from your IP address and it was legit" so we
>> can't go much further (unless someone knows how to find the spams
>> that were reported using my IP address for the mail server:
>> 69.16.211.62 in case you want to know it) and we're not the owners of
>> the DNS we now need to wait to be blacklisted...
>
> Report History for 69.16.211.62 follows:
>
> Submitted: Thursday 2006/03/16 20:01:59 -0500:
> Pendências 2006 junto a Receita Federal
> 1691876474 ( http:// wwreceitafazenda.net/atualizao2006/atual... ) To:
> soporte at arsys.es
> 1691876473 ( http:// wwreceitafazenda.net/atualizao2006/atual... ) To:
> postmaster at arsys.es
> 1691876471 ( 69.16.211.62 ) To: spamcop at imaphost.com
> 1691876465 ( 69.16.211.62 ) To: abuse at liquidweb.com
>
> ------------------------------------------------------------------------
> --------
>
> Submitted: Thursday 2006/03/16 18:31:14 -0500:
> =?iso-8859-1?q?Pend=EAncias_2006_junto_a_Receita_Federal?=
> 1691940566 ( http:// wwreceitafazenda.net/atualizao2006/atual... ) To:
> soporte at arsys.es
> 1691940565 ( http:// wwreceitafazenda.net/atualizao2006/atual... ) To:
> postmaster at arsys.es
> 1691940564 ( http:// lists.freebsd.org/mailman/listinfo/freeb... ) To:
> network-abuse at cc.yahoo-inc.com
> 1691940563 ( 69.16.211.62 ) To: spamcop at imaphost.com
> 1691940561 ( 69.16.211.62 ) To: abuse at liquidweb.com
>
> ------------------------------------------------------------------------
> --------
>
> Submitted: Thursday 2006/03/16 14:48:33 -0500:
> Pendências 2006 junto a Receita Federal
> 1691674030 ( 69.16.211.62 ) To: abuse at liquidweb.com
>
> ------------------------------------------------------------------------
> --------
>
> Submitted: Thursday 2006/03/16 07:44:34 -0500:
> Pendências 2006 junto a Receita Federal
> 1691337112 ( 69.16.211.62 ) To: abuse at liquidweb.com
>
>> Hmm... I wonder if I
>> can ping the middleman and see if I can get the IP address abuse
>> directly and retain control of it? That'd make the process speedier
>> and easier for us to take additional actions such as moving it up the
>> ladder because we can pull raw logs and see their actual IP address
>> they connected to (even if a proxy is used I understand) or if maybe
>> I can attempt to prove to SC that we're the owners *lessees really or
>> is that leasers?* who should be held accountable and the IP addresses
>> technically just belong to our bandwidth providers? Any idea how I'd
>> go about that?
>
> Please see "How can I get SpamCop reports about my network?" at
> http://www.spamcop.net/fom-serve/cache/94.html .


Thank you! I think? Where did you GET that information??? I've pressed EVERY 
single button and played with EVERY single option!?! I could NOT get that 
report at all.

I created an ISP account when we first did this but, as I'm *JUST* the 
renter of the IP address I can't get it to say anything OTHER than third 
party which means I only get a very basic note (as included in another 
response just a few minutes ago so I'll save some bytes as I KNOW what 
bandwidth can cost these days) saying that, well, something was 
submitted....

Here's what I see on my "show routes" page:

[delete]  69.16.211.62 69.16.211.62 Third party interested in daily 
aggregate summary reports
[delete]  69.16.211.63 69.16.211.63 Third party interested in daily 
aggregate summary reports

Those are my primary and secondary IP addresses and I don't own them but 
rather get them from my upstream provider who is, as you guessed it, the 
dailydns which is a fake (well it exists but it's not really accessible or 
anything) address mean to be there so resellers can hide that they're 
reselling someone else's bandwidth. Duh? We're all, in one way or another, 
reselling SOMETHING and bandwidth is always resold. I don't know one single 
independent hosting company that's actually a backbone provider.

Now, when I click on the control center and go ahead and input the IP 
address (just the one in this case as there's been no routing troubles) I 
get back:

69.16.211.62
Most recent spam reported about 13 hours ago

A review of the abuse.net's settings shows that (and SC's settings by the 
way) that only the domain can be the abuse address. That IP addresses are 
discarded which, really, isn't doing me a lot of good.

The information you gave above is, really, all I need/want to be able to 
cancel an account when we get a spammer... Coupled with server logs I can 
easily pull out a time-frame and verify that the act took place and the 
account needs to be suspended. How do I get that information?

I don't own the IP addresses and so the abuse address is different. It goes 
to my upstream provider and data center at LiquidWeb. I've pinged them but, 
well, they don't seem too keen on fixing it even though it's covered for at 
least the next year - paid for in full thanks...

When I go ahead and click on the more information links I get, well, nothing 
and I'm guessing that's because the abuse address for that IP is set to 
something else. I don't want to be the ONLY one to get the complaints but 
without the stuff you gave above I can't really DO anything. It doesn't even 
tell me WHO it was or the referring URL or anything. It's just the report 
that I gave as "evidence" to the other person...

I think I've clicked every single option on the site now... I'll keep 
clicking but, well, thanks. It reminds me (we bought PLENTY of bandwidth and 
space) to ask about setting up traps sometime... That should be interesting.

Anyhow, thanks. I think? It didn't get me any further really but, well, it's 
interesting to say the least.

Galen

More information about the SpamCop-List mailing list