This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] broken contacts
- Previous message (by thread): [anti-abuse-wg] broken contacts
- Next message (by thread): [anti-abuse-wg] broken contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Michele Neylon :: Blacknight
michele at blacknight.ie
Fri Nov 4 20:04:17 CET 2011
On 4 Nov 2011, at 19:37, Lou Gogan wrote: > Hi > > I hope I am not out of place here, but this is my experience today and the > problem I find I have because of the broken contacts information via the whois. > > This morning I received a fraudulent spam claiming to be from the Bank of > Ireland with an attached form to be filled in. I was going to delete it as > usual but decided that these types of email fraud need to be reported in order > to protect others. In the case of a phish you should report it to the bank. > > I checked out the form and found the form contact link: > <a href="http://masserialojazzo.it/wp-admin/user/login.html">MBNA Online</a> > > $ host masserialojazzo.it > masserialojazzo.it has address 46.252.206.1 > ;; connection timed out; no servers could be reached > masserialojazzo.it mail is handled by 10 mailstore1.europe.secureserver.net. > masserialojazzo.it mail is handled by 0 smtp.europe.secureserver.net. > > And then I whoised > > $ whois 46.252.206.1 > inetnum: 46.252.200.0 - 46.252.207.255 > netname: GDNL-46-252-200-0-TO-207-255 > descr: Customer > country: NL > admin-c: WR1096-RIPE > tech-c: WR1096-RIPE > status: ASSIGNED PA > mnt-by: MNT-GDG-NL > source: RIPE # Filtered > > person: Will Regg > address: H.J.E. Wenckebachweg 127 > 1096 AM Amsterdam > phone: +14805058877 > nic-hdl: WR1096-RIPE > source: RIPE # Filtered > > As you may notice, there is no suitable email contact at all. (Writing a letter > and posting it off didn't seem a useful option!) > > This was a email fraud. I, as a reasonable individual trying to do my civic duty > and possible prevent someone with less 'cop on' from being scammed, was utterly > wasting my time trying to do anything. There was no abuse contact. Did the email actually come from that IP or from another one? > > If RIPE and ICANN and others want to do anything at all regarding spam, and > scams and net abuse etc one of the first actions should be to ensure there are > correct contacts for every ISP so at least scams and illegal activity can be > reported. There has been lengthy discussion on this subject on this mailing list and elsewhere > > I would also suggest that a default abuse address be insisted upon eg > abuse at wherever.doh as I have found many a frustrating experience emailing a > named administrator was has left the company and whose email is dead. > > Perhaps someone was scammed by this same email today. A quick report and > possibly a quick shutdown of that link may have achieved something positive. > > I also have a web site which is attacked on a regular basis and I try and make a > point of reporting them all. In some cases with very positive results eg a > compromised server found etc. I consider that trying to close these people down > is the only way to prevent things getting totally out of hand. The problem is > that approximately 1 in 4 abuse email addresses are incorrect and the email is > returned undelivered. > > These are my frustrating experiences. > > As I said, I hope I am not out of place here, pointing this out. > > Regards > > Lou Gogan > > Saula, Achill, Co Mayo, Ireland. > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > LINUX - bringing joy and creativity to computing. > Registered Linux user number 478188 > > www.lougogan.com > Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
- Previous message (by thread): [anti-abuse-wg] broken contacts
- Next message (by thread): [anti-abuse-wg] broken contacts
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]