This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] broken contacts
- Previous message (by thread): [anti-abuse-wg] How to report a proxy server or VPN being used to send spam
- Next message (by thread): [anti-abuse-wg] broken contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lou Gogan
lou at lougogan.com
Fri Nov 4 19:37:48 CET 2011
Hi I hope I am not out of place here, but this is my experience today and the problem I find I have because of the broken contacts information via the whois. This morning I received a fraudulent spam claiming to be from the Bank of Ireland with an attached form to be filled in. I was going to delete it as usual but decided that these types of email fraud need to be reported in order to protect others. I checked out the form and found the form contact link: <a href="http://masserialojazzo.it/wp-admin/user/login.html">MBNA Online</a> $ host masserialojazzo.it masserialojazzo.it has address 46.252.206.1 ;; connection timed out; no servers could be reached masserialojazzo.it mail is handled by 10 mailstore1.europe.secureserver.net. masserialojazzo.it mail is handled by 0 smtp.europe.secureserver.net. And then I whoised $ whois 46.252.206.1 inetnum: 46.252.200.0 - 46.252.207.255 netname: GDNL-46-252-200-0-TO-207-255 descr: Customer country: NL admin-c: WR1096-RIPE tech-c: WR1096-RIPE status: ASSIGNED PA mnt-by: MNT-GDG-NL source: RIPE # Filtered person: Will Regg address: H.J.E. Wenckebachweg 127 1096 AM Amsterdam phone: +14805058877 nic-hdl: WR1096-RIPE source: RIPE # Filtered As you may notice, there is no suitable email contact at all. (Writing a letter and posting it off didn't seem a useful option!) This was a email fraud. I, as a reasonable individual trying to do my civic duty and possible prevent someone with less 'cop on' from being scammed, was utterly wasting my time trying to do anything. There was no abuse contact. If RIPE and ICANN and others want to do anything at all regarding spam, and scams and net abuse etc one of the first actions should be to ensure there are correct contacts for every ISP so at least scams and illegal activity can be reported. I would also suggest that a default abuse address be insisted upon eg abuse at wherever.doh as I have found many a frustrating experience emailing a named administrator was has left the company and whose email is dead. Perhaps someone was scammed by this same email today. A quick report and possibly a quick shutdown of that link may have achieved something positive. I also have a web site which is attacked on a regular basis and I try and make a point of reporting them all. In some cases with very positive results eg a compromised server found etc. I consider that trying to close these people down is the only way to prevent things getting totally out of hand. The problem is that approximately 1 in 4 abuse email addresses are incorrect and the email is returned undelivered. These are my frustrating experiences. As I said, I hope I am not out of place here, pointing this out. Regards Lou Gogan Saula, Achill, Co Mayo, Ireland. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ LINUX - bringing joy and creativity to computing. Registered Linux user number 478188 www.lougogan.com
- Previous message (by thread): [anti-abuse-wg] How to report a proxy server or VPN being used to send spam
- Next message (by thread): [anti-abuse-wg] broken contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]