|
| Re: Don't understand reporting address |
 |
Sun, 6 Apr 2008 21:13:04 -0700 |
Patto wrote:
> 221.186.69.122 is NTT/OCN -> abuse@ocn.ad.jp
>
> Why does SpamCop want to report to report_spam@hotmail.com ?
>
> Yes, I can see the following, but I still don't understand:
> ----------------------------------------------------------------------
----
> Parsing input: http://sns24.com/secret14/
> Host sns24.com (checking ip) = 221.186.69.122
> host 221.186.69.122 = pc2.i-s-n-24-unet.ocn.ne.jp (cached)
> Routing details for 221.186.69.122
> Cached whois for 221.186.69.122 : kira_domain@hotmail.com
> Using abuse net on kira_domain@hotmail.com
> abuse net hotmail.com = abuse@hotmail.com, report_spam@hotmail.com
> Using best contacts abuse@hotmail.com report_spam@hotmail.com
> abuse@hotmail.com redirects to report_spam@hotmail.com
It is a 'dumb' algorithm and it follows the algostrategies. It follows
the 'trail' of determining the admin/tech contact handle at the
appropriate RIR regional internet registrar, which in this case is
whois.nic.jp, particularly the 'little tiny' 8 IP netblock
221.186.69.120 - 221.186.69.127
admin-c: OS441JP
tech-c: OS441JP
... from that SC derives...
whois -h whois.nic.ad.jp os441jp
a. [JPNIC Handle] OS441JP
c. [Last, First] Suzuki, Osamu
d. [E-Mail] kira_domain@hotmail.com
... then it uses abuse.net lookup on the domainname of the nic.ad.jp
contact, which turns out to be the abuse.net reg'd hotmail addresses.
SC passed by what a human can see about the parent of the larger
netblock:
inetnum: 221.184.0.0 - 221.191.255.255
Email address for spam or abuse complaints : abuse@ocn.ad.jp
As a general rule, the algo's strategy would be more pinpointed to the
smaller netblock, but in this case the nic.ad.jp listed contact has a
hotmail address, which didn't work out according to the algostrategy.
--
Mike Easter
kibitzer, not SC admin
|
| Post Reply
|
| Re: Don't understand reporting address |
 |
Mon, 7 Apr 2008 05:50:26 -0700 |
Patto wrote:
> Mike Easter wrote:
>> Patto wrote:
>>> 221.186.69.122 is NTT/OCN -> abuse@ocn.ad.jp
>>>
>>> Why does SpamCop want to report to report_spam@hotmail.com ?
>> It is a 'dumb' algorithm and it follows the algostrategies.
>> d. [E-Mail] kira_domain@hotmail.com
> Thanks, Mike, as always. You think it's worth to post an override over
> in 'routing'? (So far I have reported 5 today, unchecking the Hotmail
> address, and adding the OCN address.)
That answer depends on what your concept of 'worth it' means.
The result of notifying hotmail abuse addresses about this is worthless,
so that should be changed -- if anything, the best address would be
kira_domain because the IP and its tiny little block are not blocklisted
anywhere. That is, the structure is a /29 (ISN) under a /24 OCN Open
Computer Network under a /13 NTT Comm, that is all .jp providers of 8
IPs under 256 IPs under half a million IPs.
The idea of notifying the parent OCN instead of kira_domain for the
little block is debatable to 'not really good' because of the rep of
ocn.ad.jp. OCN is a large .jp provider with a lot of blocks much bigger
than this particular one. They also have a reputation at spamhaus for
unresponsiveness and having large blocks listed and for hosting some
spamgangs.
There are 7 significant listings for ocn at spamhaus, 3 of them are
significant blocks for one spamgang one which are /26 /28 & /29
which/who spamhaus calls 'AWG aka youngjoo aka qline' and describes
him/hisgang as "Mainly spams Japan for DEAI (date == sex) sites."
The
oldest and largest of those listings goes back to 2005. Not a pretty
picture of responsiveness of OCN to spamhaus listings for spamgangs.
This is about a spamvertised pr0n site's IP. The question is how should
it be notified by spamcop reporters. Personally I wouldn't notify about
a spamvertiser, but my guidelines aren't the same as spamcop's. Spamcop
tries to make its reporters happy while not doing anything stupid. The
reporter wants to notify. Reporters also don't like contacts with
hotmail addresses and they aren't too wild about devnulling a notify.
Questions like these are the reasons I wouldn't make a good spamcop
routing 'director' even tho' I understand a lot about how to notify and
what is the spamcop philosophy and how does spamcop behave compared to
how reporters want it to behave. I am too conflicted about what I
personally believe about notifying and what spamcop reporters expect
about notifying.
--
Mike Easter
kibitzer, not SC admin
|
| Post Reply
|
| Re: Don't understand reporting address |
 |
Mon, 7 Apr 2008 06:14:17 -0700 |
Mike Easter wrote:
> Patto wrote:
>> Thanks, Mike, as always. You think it's worth to post an override
>> over in 'routing'? (So far I have reported 5 today, unchecking the
>> Hotmail address, and adding the OCN address.)
>
> That answer depends on what your concept of 'worth it' means.
BTW this same issue also applies to all of these ISN blocks:
whois I-S-N@whois.apnic.net
inetnum: 211.130.8.224 - 211.130.8.239
netname: I-S-N
descr: Nishihara,Shinji
country: JP
admin-c: SN4245JP
inetnum: 221.186.64.208 - 221.186.64.215
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.69.120 - 221.186.69.127
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.69.160 - 221.186.69.167
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.69.168 - 221.186.69.175
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.69.96 - 221.186.69.103
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.79.240 - 221.186.79.247
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.80.16 - 221.186.80.23
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.80.32 - 221.186.80.39
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
inetnum: 221.186.80.8 - 221.186.80.15
netname: I-S-N
descr: Suzuki,Osamu
country: JP
admin-c: OS441JP
--
Mike Easter
|
| Post Reply
|
| Re: Don't understand reporting address |
 |
Mon, 7 Apr 2008 06:25:51 -0700 |
Patto wrote:
> Thanks, Mike, as always. You think it's worth to post an override over
> in 'routing'? (So far I have reported 5 today, unchecking the Hotmail
> address, and adding the OCN address.)
I would put all of those I mentioned under OCN and then I would decide
if I wanted to devnull all of the ocn blocks for spamvertisers:
whois -h whois.apnic.net ocn-jpnic-jp ...
inetnum: 220.96.0.0 - 220.99.255.255
netname: OCN-JPNIC-JP
inetnum: 219.166.0.0 - 219.167.255.255
netname: OCN-JPNIC-JP
inetnum: 220.104.0.0 - 220.111.255.255
netname: OCN-JPNIC-JP
inetnum: 221.184.0.0 - 221.191.255.255
netname: OCN-JPNIC-JP
inetnum: 222.144.0.0 - 222.151.255.255
netname: OCN-JPNIC-JP
--
Mike Easter
kibitzer, not SC admin
|
| Post Reply
|
| Don't understand reporting address |
 |
Mon, 07 Apr 2008 09:51:56 +090 |
http://www.spamcop.net/sc?id=z1776247525z4159a055c0c7a645460cdb4ce83e7125z
Spam URL http://sns24.com/secret14/ is 221.186.69.122
221.186.69.122 is NTT/OCN -> abuse@ocn.ad.jp
Why does SpamCop want to report to report_spam@hotmail.com ?
Yes, I can see the following, but I still don't understand:
--------------------------------------------------------------------------
Parsing input: http://sns24.com/secret14/
Host sns24.com (checking ip) = 221.186.69.122
host 221.186.69.122 = pc2.i-s-n-24-unet.ocn.ne.jp (cached)
Routing details for 221.186.69.122
Cached whois for 221.186.69.122 : kira_domain@hotmail.com
Using abuse net on kira_domain@hotmail.com
abuse net hotmail.com = abuse@hotmail.com, report_spam@hotmail.com
Using best contacts abuse@hotmail.com report_spam@hotmail.com
|
| Post Reply
|
|
|