Jump to content

IP address with no reporting contact


rconner
 Share

Recommended Posts

(Tracking URL)

The website quoted in this spam is (or was briefly) at an IP address (203.93.212.239) for which SpamCop could find no contact e-mail addresses. I see these so infrequently that they stand out pretty sharply. Does anyone know what the deal is here? Is there some established protocol for reporting this sort of thing (to APNIC, etc.)?

-- rick

Link to comment
Share on other sites

The website quoted in this spam is (or was briefly) at an IP address (203.93.212.239) for which SpamCop could find no contact e-mail addresses.

I'm seeing these quite frequently, very annoying as my recent SpamCop reporting seems to have reduced my spam to one domain considerably. To file a report which goes nowhere except adds data to the SCBL is somewhat annoying.

Link to comment
Share on other sites

IMHO, as long as it goes to the scbl, I am happy. If the site doesn't want to know about it, that's their problem if they end up on the scbl.

If it is a spamvertized website, then it won't be added to the scbl, but I would rather not send reports to questionable web sites any way. Isn't that the purpose of Complainterator and Knujon - to send reports to the appropriate authority when a website does not do things properly?

Miss Betsy

Link to comment
Share on other sites

Isn't that the purpose of Complainterator and Knujon - to send reports to the appropriate authority when a website does not do things properly?
The problem here isn't the website, it is more fundamental. The problem is an internet provider that hasn't properly identified itself via RIR WHOIS records.

-- rick

Link to comment
Share on other sites

Somehow, I think it is the same process. If there is no contact information (or patently false information), it can be reported to ICANN, I think. Maybe you first have to report it to the Registrar. It's been a long time, but IIRC, that's what Complainterator does. I manually did a couple a long time ago before I decided that I wasn't going to be able to take the time to do the research necessary to make a good case. By the time Complainterator came along, I didn't have the time to even report twice.

Miss Betsy

Link to comment
Share on other sites

There's no domain name associated with that address which makes it a bit hard to complain to anyone about anything. The address is allocated to an entity called Beijing Orental HongLiang ETD Ltd (yep, that's the spelling). It is within the APNIC area of responsibility but APNIC is a loose rein. They would be interested in IP hacking I suppose but they make no pretense about controlling spam - http://www.apnic.net/info/faq/abuse/index.html

Link to comment
Share on other sites

Yes, worth trying the APNIC-indicated avenue then.

Also: The same sort of situation was discussed in the newsgroups re 193.48.246.132. In that case Ellen ended up with "I added the abuse address from AS2200 to the /24." This may be a completely different situation yet it might be worth asking her. If the IP or range is coming up with sufficient frequency and if reports are not already rejected she would surely prefer an appropriate abuse handler to none (if AS9929 has one which doesn't cover half the world, if ...? - but the 'changed by' abuse[at]cnc-noc.net looking ominous in view of discussion elsewhere here concerning that network).

But anyway links have far lower priority than sending sources and the parser often fails to readily resolves links anyway (that one now shifted to 211.91.237.3 which it can resolve but doesn't much want to do so - http://members.spamcop.net/sc?track=http%3A%2F%2Fdwxdei.cn when asked nicely, yielding postmaster[at]cnuninet.com and - the cruelly inapposite? - anti-spam[at]ns.chinanet.cn.net).

Link to comment
Share on other sites

Somehow, I think it is the same process. If there is no contact information (or patently false information), it can be reported to ICANN, I think.

Agree, ICANN is is the correct party for domain-name issues, but I don't think that ICANN has much to do with IP-WHOIS info; for this, you have to go to the RIR (which is responsible for getting the block owner info and posting it in IP-WHOIS). I reported the problem to APNIC. I'm not going to wait up for a response, but at least I've put some pressure on.

We are all too familiar with domain-name shenanigans, and ICANN's (lack of) involvement there, but it is interesting that the problem of bogus contact data for IP addresses seems to come up so infrequently that we aren't quite sure how to report it. I'd guess that less than 1-2% of the spams I report have obvious problems here, while probably 80-90% of the spam (with website links) probably has domain-name misfeasance.

-- rick

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...