[Scspamcop] Re: Don't understand reporting address
Patto
nobody at devnull.spamcop.net
Mon Apr 7 00:35:06 EDT 2008
Mike Easter wrote:
> Patto wrote:
>> 221.186.69.122 is NTT/OCN -> abuse at ocn.ad.jp
>>
>> Why does SpamCop want to report to report_spam at hotmail.com ?
>>
>> Yes, I can see the following, but I still don't understand:
>> ----------------------------------------------------------------------
> ----
>> Parsing input: http://sns24.com/secret14/
>> Host sns24.com (checking ip) = 221.186.69.122
>> host 221.186.69.122 = pc2.i-s-n-24-unet.ocn.ne.jp (cached)
>> Routing details for 221.186.69.122
>> Cached whois for 221.186.69.122 : kira_domain at hotmail.com
>> Using abuse net on kira_domain at hotmail.com
>> abuse net hotmail.com = abuse at hotmail.com, report_spam at hotmail.com
>> Using best contacts abuse at hotmail.com report_spam at hotmail.com
>> abuse at hotmail.com redirects to report_spam at hotmail.com
>
> It is a 'dumb' algorithm and it follows the algostrategies. It follows
> the 'trail' of determining the admin/tech contact handle at the
> appropriate RIR regional internet registrar, which in this case is
> whois.nic.jp, particularly the 'little tiny' 8 IP netblock
>
> 221.186.69.120 - 221.186.69.127
> admin-c: OS441JP
> tech-c: OS441JP
>
> ... from that SC derives...
>
> whois -h whois.nic.ad.jp os441jp
> a. [JPNIC Handle] OS441JP
> c. [Last, First] Suzuki, Osamu
> d. [E-Mail] kira_domain at hotmail.com
>
> ... then it uses abuse.net lookup on the domainname of the nic.ad.jp
> contact, which turns out to be the abuse.net reg'd hotmail addresses.
>
> SC passed by what a human can see about the parent of the larger
> netblock:
>
> inetnum: 221.184.0.0 - 221.191.255.255
> Email address for spam or abuse complaints : abuse at ocn.ad.jp
>
> As a general rule, the algo's strategy would be more pinpointed to the
> smaller netblock, but in this case the nic.ad.jp listed contact has a
> hotmail address, which didn't work out according to the algostrategy.
Thanks, Mike, as always. You think it's worth to post an override over
in 'routing'? (So far I have reported 5 today, unchecking the Hotmail
address, and adding the OCN address.)
More information about the SCspamcop
mailing list