IP address with no reporting contact

[rconner]

(Tracking URL)

The website quoted in this spam is (or was briefly) at an IP address (203.93.212.239) for which SpamCop could find no contact e-mail addresses. I see these so infrequently that they stand out pretty sharply. Does anyone know what the deal is here? Is there some established protocol for reporting this sort of thing (to APNIC, etc.)?

-- rick

[g4mby]

The website quoted in this spam is (or was briefly) at an IP address (203.93.212.239) for which SpamCop could find no contact e-mail addresses.

I'm seeing these quite frequently, very annoying as my recent SpamCop reporting seems to have reduced my spam to one domain considerably. To file a report which goes nowhere except adds data to the SCBL is somewhat annoying.

[Miss Betsy]

IMHO, as long as it goes to the scbl, I am happy. If the site doesn't want to know about it, that's their problem if they end up on the scbl.

If it is a spamvertized website, then it won't be added to the scbl, but I would rather not send reports to questionable web sites any way. Isn't that the purpose of Complainterator and Knujon - to send reports to the appropriate authority when a website does not do things properly?

Miss Betsy

[rconner]

Isn't that the purpose of Complainterator and Knujon - to send reports to the appropriate authority when a website does not do things properly?

The problem here isn't the website, it is more fundamental. The problem is an internet provider that hasn't properly identified itself via RIR WHOIS records.

-- rick

[Miss Betsy]

Somehow, I think it is the same process. If there is no contact information (or patently false information), it can be reported to ICANN, I think. Maybe you first have to report it to the Registrar. It's been a long time, but IIRC, that's what Complainterator does. I manually did a couple a long time ago before I decided that I wasn't going to be able to take the time to do the research necessary to make a good case. By the time Complainterator came along, I didn't have the time to even report twice.

Miss Betsy

[Farelf]

There's no domain name associated with that address which makes it a bit hard to complain to anyone about anything. The address is allocated to an entity called Beijing Orental HongLiang ETD Ltd (yep, that's the spelling). It is within the APNIC area of responsibility but APNIC is a loose rein. They would be interested in IP hacking I suppose but they make no pretense about controlling spam - http://www.apnic.net/info/faq/abuse/index.html

[rconner]

There's no domain name associated with that address which makes it a bit hard to complain to anyone about anything.

The APNIC WHOIS info is incomplete. Your link pointed in turn to this link, which may be what I am looking for. I'll give it a shot.

-- rick

[Farelf]

Yes, worth trying the APNIC-indicated avenue then.

Also: The same sort of situation was discussed in the newsgroups re 193.48.246.132. In that case Ellen ended up with "I added the abuse address from AS2200 to the /24." This may be a completely different situation yet it might be worth asking her. If the IP or range is coming up with sufficient frequency and if reports are not already rejected she would surely prefer an appropriate abuse handler to none (if AS9929 has one which doesn't cover half the world, if ...? - but the 'changed by' abuse[at]cnc-noc.net looking ominous in view of discussion elsewhere here concerning that network).

But anyway links have far lower priority than sending sources and the parser often fails to readily resolves links anyway (that one now shifted to 211.91.237.3 which it can resolve but doesn't much want to do so - http://members.spamcop.net/sc?track=http%3A%2F%2Fdwxdei.cn when asked nicely, yielding postmaster[at]cnuninet.com and - the cruelly inapposite? - anti-spam[at]ns.chinanet.cn.net).

[rconner]

Somehow, I think it is the same process. If there is no contact information (or patently false information), it can be reported to ICANN, I think.

Agree, ICANN is is the correct party for domain-name issues, but I don't think that ICANN has much to do with IP-WHOIS info; for this, you have to go to the RIR (which is responsible for getting the block owner info and posting it in IP-WHOIS). I reported the problem to APNIC. I'm not going to wait up for a response, but at least I've put some pressure on.

We are all too familiar with domain-name shenanigans, and ICANN's (lack of) involvement there, but it is interesting that the problem of bogus contact data for IP addresses seems to come up so infrequently that we aren't quite sure how to report it. I'd guess that less than 1-2% of the spams I report have obvious problems here, while probably 80-90% of the spam (with website links) probably has domain-name misfeasance.

-- rick