SmarterMail 13.3

 

Lately I have been getting abuse reports from abuse@163.com. The abuse reports mention an IP address that is NOT associated with my mail server. The reported IP 218.109.253.161 is not my mail server IP. Also, the report indicates SPF and DKIM failures -- but the domain in question, ebwebwork.com, has both of these properly configured.

 

I'm getting a few of these abuse reports from 163.com every day. They seem valid; how should I interpret them and handle them?

Thank you for your help.

 

Eric

 

Subject: Report Domain: ebwebwork.com Submitter: 163.com Report-ID: aggr_report_ebwebwork.com_20150318_163.com

 

Body of message:

This is a DMARC aggregate report for domain ebwebwork.com on 20150318. For more information please mail to abuse@163.com.

 

Report, in XML format:

 

<feedback>
  <report_metadata>
    <org_name>163.com</org_name>
    <email>abuse@163.com</email>
    <report_id>aggr_report_ebwebwork.com_20150318_163.com</report_id>
    <date_range>
      <begin>1426636800</begin>
      <end>1426723199</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>ebwebwork.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>none</p>
    <sp>none</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>218.109.253.161</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>ebwebwork.com</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>ebwebwork.com</domain>
        <result>neutral</result>
      </spf>
    </auth_results>
  </record>
</feedback>