1
how to handle abuse report from abuse@163.com
Question asked by Eric Bourland - March 19, 2015 at 6:39 AM
Unanswered
SmarterMail 13.3
 
Lately I have been getting abuse reports from abuse@163.com. The abuse reports mention an IP address that is NOT associated with my mail server. The reported IP 218.109.253.161 is not my mail server IP. Also, the report indicates SPF and DKIM failures -- but the domain in question, ebwebwork.com, has both of these properly configured.
 
I'm getting a few of these abuse reports from 163.com every day. They seem valid; how should I interpret them and handle them?

Thank you for your help.
 
Eric
 
Subject: Report Domain: ebwebwork.com Submitter: 163.com Report-ID: aggr_report_ebwebwork.com_20150318_163.com
 
Body of message:
This is a DMARC aggregate report for domain ebwebwork.com on 20150318. For more information please mail to abuse@163.com.
 
Report, in XML format:
 
<feedback>
  <report_metadata>
    <org_name>163.com</org_name>
    <email>abuse@163.com</email>
    <report_id>aggr_report_ebwebwork.com_20150318_163.com</report_id>
    <date_range>
      <begin>1426636800</begin>
      <end>1426723199</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>ebwebwork.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>none</p>
    <sp>none</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>218.109.253.161</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>ebwebwork.com</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>ebwebwork.com</domain>
        <result>neutral</result>
      </spf>
    </auth_results>
  </record>
</feedback>
 

1 Reply

Reply to Thread
1
Merle Wait Replied
March 19, 2015 at 9:50 AM
hmmmm... when I go to 163.com it is based in China.  Do you have clients that send emails to China.
If not, am guessing it is not legit.
 

Reply to Thread