how to handle abuse report from abuse@163.com
Question asked by Eric Bourland - 3/19/2015 at 6:39 AM
Unanswered
SmarterMail 13.3
 
Lately I have been getting abuse reports from abuse@163.com. The abuse reports mention an IP address that is NOT associated with my mail server. The reported IP 218.109.253.161 is not my mail server IP. Also, the report indicates SPF and DKIM failures -- but the domain in question, ebwebwork.com, has both of these properly configured.
 
I'm getting a few of these abuse reports from 163.com every day. They seem valid; how should I interpret them and handle them?

Thank you for your help.
 
Eric
 
Subject: Report Domain: ebwebwork.com Submitter: 163.com Report-ID: aggr_report_ebwebwork.com_20150318_163.com
 
Body of message:
This is a DMARC aggregate report for domain ebwebwork.com on 20150318. For more information please mail to abuse@163.com.
 
Report, in XML format:
 
<feedback>
  <report_metadata>
    <org_name>163.com</org_name>
    <email>abuse@163.com</email>
    <report_id>aggr_report_ebwebwork.com_20150318_163.com</report_id>
    <date_range>
      <begin>1426636800</begin>
      <end>1426723199</end>
    </date_range>
  </report_metadata>
  <policy_published>
    <domain>ebwebwork.com</domain>
    <adkim>r</adkim>
    <aspf>r</aspf>
    <p>none</p>
    <sp>none</sp>
    <pct>100</pct>
  </policy_published>
  <record>
    <row>
      <source_ip>218.109.253.161</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>fail</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>ebwebwork.com</header_from>
    </identifiers>
    <auth_results>
      <spf>
        <domain>ebwebwork.com</domain>
        <result>neutral</result>
      </spf>
    </auth_results>
  </record>
</feedback>
 

2 Replies

Reply to Thread
1
Merle Wait Replied
hmmmm... when I go to 163.com it is based in China.  Do you have clients that send emails to China.
If not, am guessing it is not legit.
 
0
Eric Bourland Replied
I saw that it's from China, too. Nope, no one going to China. But the abuse report seems to be presented in valid XML format. If you think I can disregard this, then I will just mark is as Spam and move on. Thanks for your help! Eric

Reply to Thread