I'm starting to see a new reporting address crop up in reports of Chinese web hosts: cncert [at] cert.org.cn (for activities in chinaunicom.cn network space). I see from their website that they seem to be something along the lines of U.S. CERT, posting info about viruses, exploits, and security incidents.

Now, you could report a spam website to CERT in this country, and it would have about as much effect as reporting Donald Trump's bad hair to your own barber. Is there any evidence to suggest that things would be any different in reporting Chinese hosted spam websites to a Chinese CERT? Heck, their English language incident reporting page doesn't even deal with spam!

-- rick

From my Report History, it looks like they added themselves to the abuse.net listings for (at least) several IP Block/ranges. Most of the spam reported was sent to the newsgroup archives/mailing-list, probably 99% from IP Addresses already identified as an open proxy. No idea what effect they may be having, what actions being taken. However, this particular spammer is somewhat unique, a single spam (although possibly sent to several addresses, one for each newsgroup) a day from a different IP Address, each time either expanding an already identified block or opeing up yet another block ... example, one day, it comes from 59.42.130.85, the next day from 219.137.55.202, the next day from 116.29.239.114, the next day from 58.63.201.64, the next day from 125.89.247.172 .. on and on .... all from the same Host, but ....

I have no direct experience with that but suspect any results would be filtered through the cert.org.cn mission statement: "Ensure a secure national cyberspace" which is about as 'top level' as it gets. However there are a number of national and international 'partners' to whom action and/or information is expected to devolve.

The internet in China is governed by The People's Republic of China Telecommunication Regulations and cert.org.cn lists the administrative and legal extensions of same, constituting their enabling legislation and controls, under 'Relevant Laws and Standards', machine translations under:
http://translate.google.com.au/translate?h...l%3Den%26sa%3DG (then 'About Us' link, then 'Relevant laws and standards' under 'Information and documentation') - which includes 'Internet e-mail Service Management Approach' which quite specifically forbids spamming (UCE, scamming, etc.) and pre-cursor activity such as address scraping. While that prohibits deliberate activity by PRC citizens the Chinese would, in theory, apply 'reciprocity' co-operation externally as well - but of course that opens up many grey areas (including individual privacy, which is protected). And the possibility of conflicting demands on national interest. The extent to which this extends to 'Special Administrative Regions' such as Hong Kong I have no idea, ditto other instrumentalities such as the 'Red Army'.

Bottom line - cert.org.cn has the ability to 'do good', capability/capacity is unknown to me (Chinese netspace is large), spam is not a principal priority - but the related concern about intrusion into their space (particularly trojans and botnets) definitely is a high priority. It will certainly do no harm reporting to them. Some commentators believe TodayNIC and OnlineNIC are particularly responsive (world-class) in closing down rogue sites/domains which could reflect the influence of central 'guidance' in these matters if it is so. Received wisdom about the Chinese (at diplomatic level) is they are quite serious and unstinting when it comes to reciprocity but maybe mostly when they are smacked between the eyes with the disadvantages of not being so. And they're certainly not famous for volunteering it. I wouldn't compare cert.org.cn with any other CERT.

Just some observations and (mostly) opinions.

Thanks, gents.

Well, if they signed themselves up via abuse.net, then God bless 'em they're gonna get reports. Although my paranoiometer is engaged.

-- rick

It appears that they changed their address, now showing as spam[at]ccert.edu.cn .... however, I will note that I see no impact upon "my" specific spammer.