Jump to content

Replacement for l.okuyene#suburbantelecom.com[at]devnull.spamcop.net


Recommended Posts

SC is using l.okuyene#suburbantelecom.com[at]devnull.spamcop.net for reports to 41.191.108.130 WHois seems to indicate abusepoc[at]afrinic.net (afrinic also shows o.adeyemi[at]suburbantelecom.com as well as l.okuyene) and traceroute shows the upstream provider reporting address as abuse[at]ntt.net. All the above appear to work.

$ whois 41.191.108.130

OrgName: African Network Information Center

OrgID: AFRINIC

Address: 03B3 - 3rd Floor - Ebene Cyber Tower

Address: Cyber City

Address: Ebene

Address: Mauritius

City: Ebene

StateProv:

PostalCode: 0001

Country: MU

ReferralServer: whois://whois.afrinic.net

NetRange: 41.0.0.0 - 41.255.255.255

CIDR: 41.0.0.0/8

NetName: NET41

NetHandle: NET-41-0-0-0-1

Parent:

NetType: Allocated to AfriNIC

NameServer: NS1.AFRINIC.NET

NameServer: NS-SEC.RIPE.NET

NameServer: NS2.LACNIC.NET

NameServer: TINNIE.ARIN.NET

NameServer: SEC1.APNIC.NET

NameServer: SEC3.APNIC.NET

Comment:

RegDate: 2005-04-12

Updated: 2009-05-27

OrgAbuseHandle: GENER11-ARIN

OrgAbuseName: Generic POC

OrgAbusePhone: +230 4666616

OrgAbuseEmail: abusepoc[at]afrinic.net

OrgTechHandle: GENER11-ARIN

OrgTechName: Generic POC

OrgTechPhone: +230 4666616

OrgTechEmail: abusepoc[at]afrinic.net

# ARIN WHOIS database, last updated 2009-06-12 19:10

# Enter ? for additional hints on searching ARIN's WHOIS database.

Link to comment
Share on other sites

Ellen advises she has the abuse.net reporting addresses for for suburbantelecom.com. ...
Why abuse.net? Why not the whois data? The FAQ Help for abuse-desks and administrators contains the section How do I register an abuse[at] email address?. ISPs wanting to do something about spam are encouraged in that FAQ to register their abuse addresses with abuse.net and obviously SC acknowledges that (apparent) commitment. Ideally the addresses at the two places would agree however ISPs often don't have direct access to their network whois data.

Outside of that, SC reporting is alert to ISP and network requests - either to (permanently) desist from sending reports or, sometimes, to send to a special 'SpamCop' reporting address. But that's another story, as is the stopping of reports to bouncing addresses or those where the evidence is that the ISP is co-operating with the spammer.

Link to comment
Share on other sites

I looked up the abuse.net addresses for suburbantelecom.com and neither one of the addresses (the ones mentioned by the OP) is on the abuse.net list.

Not that it really matters since, apparently, suburbantelecom.com has been unresponsive to spamcop reports and is listed on several bls. That's usually the case whenever an abuse address goes to devnull. Long ago, on the ngs, IIRC, when it looked as though reports were going to a spammer or cooperating ISP, Ellen would change the report address to devnull.

FME, spamcop is very cooperative about sending spamcop reports to those who want them at the address they want. OTOH, spamcop is also very sensitive about not sending reports to those who ignore them or use them to listwash or request no reports.

A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email. Since the majority of reports seem to go to unresponsive destinations and seem to be 'unwanted', perhaps there is something in what he says. However, there have been enough people here who complain that they never got a report (because the listing resulted from spamtrap hits), that apparently reports do go to enough people who appreciate knowing there is a problem, that it is good to continue.

Miss Betsy

Link to comment
Share on other sites

<snip>

A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email.

<snip>

...For private e-mail accounts, true but not for accounts set up specifically to report abuse! To my knowledge, SpamCop only offers to send reports to abuse accounts, accounts set up on abuse.net for reporting abuse or private accounts that have requested reports. And, of course, the responsibility for avoiding any unsolicited e-mail is ours as SpamCop users, not SpamCop's!
Link to comment
Share on other sites

Early on in my spam-hunting days, like many folks who come to this forum, I used to obsess about finding every possible reporting address and making sure they all got used. Reporting was the sword of the righteous, and would instantly slay the wicked, and all that. I'm a little more nuanced (if not necessarily mature) these days, and I realize that some people want to get the reports (and will probably use them), while others don't want them (and certainly won't do anything with them if I send them anyway).

Still, I figure that anyone who publishes an abuse contact in a WHOIS record is essentially soliciting abuse-related mail to this address. Same goes in spades for someone who publishes an address with abuse.net. Both the ARIN and RIPE models for IP-WHOIS data allow specific abuse reporting contacts to be included, and if they are they ought to be used for such.

-- rick

Link to comment
Share on other sites

... I figure that anyone who publishes an abuse contact in a WHOIS record is essentially soliciting abuse-related mail to this address. Same goes in spades for someone who publishes an address with abuse.net. Both the ARIN and RIPE models for IP-WHOIS data allow specific abuse reporting contacts to be included, and if they are they ought to be used for such.
Absolutely Rick, well (even beautifully) put :). But, for their own reasons, SC does not send notifies where they are not wanted and/or, coming back to the case in point, we see time and again there are abuse addresses that consistently bounce SC notification reports or, for whatever other reason (including uncaring or complicit ISPs 'gaming' the notification process), are dev-nulled by the deputies. Add to that the fact that there are potentially either/both IP Whois and abuse.net sources which may not be the same and that the parser sometimes struggles to extract addresses from some of the sources and we have a reasonably complex situation. Throw in the considerations of judging when it might be appropriate to involve up-stream providers and the determination of their addresses ... none of which you need to be told about, since you've detailed that whole address discovery process most admirably at http://www.rickconner.net/spamweb/pop-find-mail-owners.html

But just why the deputies might accept the O/P's recommendations on one occasion but come up with an alternative on another might be a source of puzzlement. If not to the O/P, then to others reading here. Hopefully some of that is addressed in this topic where such was the case - and such seekers of knowledge would be well advised to check out that link at your spamweb site - though I would have to recognize that nothing can be written which quite bridges the gap of experience when it comes to replicating the judgment of SC staff such as Ellen and Don. But they NEED suggestions such as those flagged by the O/P to know to look at possible shortcomings in the notify report routing. IMO

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...