spamcop@oitc.com Posted June 13, 2009 Share Posted June 13, 2009 SC is using l.okuyene#suburbantelecom.com[at]devnull.spamcop.net for reports to 41.191.108.130 WHois seems to indicate abusepoc[at]afrinic.net (afrinic also shows o.adeyemi[at]suburbantelecom.com as well as l.okuyene) and traceroute shows the upstream provider reporting address as abuse[at]ntt.net. All the above appear to work. $ whois 41.191.108.130 OrgName: African Network Information Center OrgID: AFRINIC Address: 03B3 - 3rd Floor - Ebene Cyber Tower Address: Cyber City Address: Ebene Address: Mauritius City: Ebene StateProv: PostalCode: 0001 Country: MU ReferralServer: whois://whois.afrinic.net NetRange: 41.0.0.0 - 41.255.255.255 CIDR: 41.0.0.0/8 NetName: NET41 NetHandle: NET-41-0-0-0-1 Parent: NetType: Allocated to AfriNIC NameServer: NS1.AFRINIC.NET NameServer: NS-SEC.RIPE.NET NameServer: NS2.LACNIC.NET NameServer: TINNIE.ARIN.NET NameServer: SEC1.APNIC.NET NameServer: SEC3.APNIC.NET Comment: RegDate: 2005-04-12 Updated: 2009-05-27 OrgAbuseHandle: GENER11-ARIN OrgAbuseName: Generic POC OrgAbusePhone: +230 4666616 OrgAbuseEmail: abusepoc[at]afrinic.net OrgTechHandle: GENER11-ARIN OrgTechName: Generic POC OrgTechPhone: +230 4666616 OrgTechEmail: abusepoc[at]afrinic.net # ARIN WHOIS database, last updated 2009-06-12 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Link to comment Share on other sites More sharing options...
Farelf Posted June 14, 2009 Share Posted June 14, 2009 Data copied in email to deputies relaying the request. I can see/confirm most of the above (lookup I use doesn't show OrgAbuseEmail address but that's not a problem). Link to comment Share on other sites More sharing options...
Farelf Posted June 15, 2009 Share Posted June 15, 2009 Ellen advises she has the abuse.net reporting addresses for for suburbantelecom.com in place (http://www.spamcop.net/sc?track=41.191.108.130), the IP address 41.191.108.130 has been listed on the SCbl since June 12 and is listed in other BLs currently. Link to comment Share on other sites More sharing options...
Farelf Posted June 15, 2009 Share Posted June 15, 2009 Ellen advises she has the abuse.net reporting addresses for for suburbantelecom.com. ...Why abuse.net? Why not the whois data? The FAQ Help for abuse-desks and administrators contains the section How do I register an abuse[at] email address?. ISPs wanting to do something about spam are encouraged in that FAQ to register their abuse addresses with abuse.net and obviously SC acknowledges that (apparent) commitment. Ideally the addresses at the two places would agree however ISPs often don't have direct access to their network whois data. Outside of that, SC reporting is alert to ISP and network requests - either to (permanently) desist from sending reports or, sometimes, to send to a special 'SpamCop' reporting address. But that's another story, as is the stopping of reports to bouncing addresses or those where the evidence is that the ISP is co-operating with the spammer. Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 15, 2009 Share Posted June 15, 2009 I looked up the abuse.net addresses for suburbantelecom.com and neither one of the addresses (the ones mentioned by the OP) is on the abuse.net list. Not that it really matters since, apparently, suburbantelecom.com has been unresponsive to spamcop reports and is listed on several bls. That's usually the case whenever an abuse address goes to devnull. Long ago, on the ngs, IIRC, when it looked as though reports were going to a spammer or cooperating ISP, Ellen would change the report address to devnull. FME, spamcop is very cooperative about sending spamcop reports to those who want them at the address they want. OTOH, spamcop is also very sensitive about not sending reports to those who ignore them or use them to listwash or request no reports. A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email. Since the majority of reports seem to go to unresponsive destinations and seem to be 'unwanted', perhaps there is something in what he says. However, there have been enough people here who complain that they never got a report (because the listing resulted from spamtrap hits), that apparently reports do go to enough people who appreciate knowing there is a problem, that it is good to continue. Miss Betsy Link to comment Share on other sites More sharing options...
turetzsr Posted June 15, 2009 Share Posted June 15, 2009 <snip> A little OT, but Mike Easter, in the ngs, is adamantly against spamcop sending reports except to those who request reports. His point is that reports are unsolicited email. <snip> ...For private e-mail accounts, true but not for accounts set up specifically to report abuse! To my knowledge, SpamCop only offers to send reports to abuse accounts, accounts set up on abuse.net for reporting abuse or private accounts that have requested reports. And, of course, the responsibility for avoiding any unsolicited e-mail is ours as SpamCop users, not SpamCop's! Link to comment Share on other sites More sharing options...
rconner Posted June 16, 2009 Share Posted June 16, 2009 Early on in my spam-hunting days, like many folks who come to this forum, I used to obsess about finding every possible reporting address and making sure they all got used. Reporting was the sword of the righteous, and would instantly slay the wicked, and all that. I'm a little more nuanced (if not necessarily mature) these days, and I realize that some people want to get the reports (and will probably use them), while others don't want them (and certainly won't do anything with them if I send them anyway). Still, I figure that anyone who publishes an abuse contact in a WHOIS record is essentially soliciting abuse-related mail to this address. Same goes in spades for someone who publishes an address with abuse.net. Both the ARIN and RIPE models for IP-WHOIS data allow specific abuse reporting contacts to be included, and if they are they ought to be used for such. -- rick Link to comment Share on other sites More sharing options...
Farelf Posted June 16, 2009 Share Posted June 16, 2009 ... I figure that anyone who publishes an abuse contact in a WHOIS record is essentially soliciting abuse-related mail to this address. Same goes in spades for someone who publishes an address with abuse.net. Both the ARIN and RIPE models for IP-WHOIS data allow specific abuse reporting contacts to be included, and if they are they ought to be used for such. Absolutely Rick, well (even beautifully) put . But, for their own reasons, SC does not send notifies where they are not wanted and/or, coming back to the case in point, we see time and again there are abuse addresses that consistently bounce SC notification reports or, for whatever other reason (including uncaring or complicit ISPs 'gaming' the notification process), are dev-nulled by the deputies. Add to that the fact that there are potentially either/both IP Whois and abuse.net sources which may not be the same and that the parser sometimes struggles to extract addresses from some of the sources and we have a reasonably complex situation. Throw in the considerations of judging when it might be appropriate to involve up-stream providers and the determination of their addresses ... none of which you need to be told about, since you've detailed that whole address discovery process most admirably at http://www.rickconner.net/spamweb/pop-find-mail-owners.html But just why the deputies might accept the O/P's recommendations on one occasion but come up with an alternative on another might be a source of puzzlement. If not to the O/P, then to others reading here. Hopefully some of that is addressed in this topic where such was the case - and such seekers of knowledge would be well advised to check out that link at your spamweb site - though I would have to recognize that nothing can be written which quite bridges the gap of experience when it comes to replicating the judgment of SC staff such as Ellen and Don. But they NEED suggestions such as those flagged by the O/P to know to look at possible shortcomings in the notify report routing. IMO Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted June 17, 2009 Share Posted June 17, 2009 Why not the whois data?If we're talking about abusepoc[at]afrinic.net, SpamCop won't send reports to them because Afrinic is a network regulatory authority. It is not an Internet provider. - Don - Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.