[anti-abuse-wg] broken contacts

On 4 Nov 2011, at 19:37, Lou Gogan wrote:

> Hi
> 
> I hope I am not out of place here, but this is my experience today and the 
> problem I find I have because of the broken contacts information via the whois.
> 
> This morning I received a fraudulent spam claiming to be from the Bank of 
> Ireland with an attached form to be filled in. I was going to delete it as 
> usual but decided that these types of email fraud need to be reported in order 
> to protect others.

In the case of a phish you should report it to the bank.

> 
> I checked out the form and found the form contact link:
> <a href="http://masserialojazzo.it/wp-admin/user/login.html">MBNA Online</a>
> 
> $ host masserialojazzo.it
> masserialojazzo.it has address 46.252.206.1
> ;; connection timed out; no servers could be reached
> masserialojazzo.it mail is handled by 10 mailstore1.europe.secureserver.net.
> masserialojazzo.it mail is handled by 0 smtp.europe.secureserver.net.
> 
> And then I whoised
> 
> $ whois 46.252.206.1
> inetnum:        46.252.200.0 - 46.252.207.255
> netname:        GDNL-46-252-200-0-TO-207-255
> descr:          Customer
> country:        NL
> admin-c:        WR1096-RIPE
> tech-c:         WR1096-RIPE
> status:         ASSIGNED PA
> mnt-by:         MNT-GDG-NL
> source:         RIPE # Filtered
> 
> person:         Will Regg
> address:        H.J.E. Wenckebachweg 127
>                 1096 AM Amsterdam
> phone:          +14805058877
> nic-hdl:        WR1096-RIPE
> source:         RIPE # Filtered
> 
> As you may notice, there is no suitable email contact at all. (Writing a letter 
> and posting it off didn't seem a useful option!)
> 
> This was a email fraud. I, as a reasonable individual trying to do my civic duty 
> and possible prevent someone with less 'cop on' from being scammed, was utterly  
> wasting my time trying to do anything. There was no abuse contact.

Did the email actually come from that IP or from another one?

> 
> If RIPE and ICANN and others want to do anything at all regarding spam, and 
> scams and net abuse etc one of the first actions should be to ensure there are 
> correct contacts for every ISP so at least scams and illegal activity can be 
> reported.

There has been lengthy discussion on this subject on this mailing list and elsewhere

> 
> I would also suggest that a default abuse address be insisted upon eg 
> abuse at wherever.doh as I have found many a frustrating experience emailing a 
> named administrator was has left the company and whose email is dead.
> 
> Perhaps someone was scammed by this same email today. A quick report and 
> possibly a quick shutdown of that link may have achieved something positive.
> 
> I also have a web site which is attacked on a regular basis and I try and make a 
> point of reporting them all. In some cases with very positive results eg a 
> compromised server found etc. I consider that trying to close these people down 
> is the only way to prevent things getting totally out of hand. The problem is 
> that approximately 1 in 4 abuse email addresses are incorrect and the email is 
> returned undelivered.
> 
> These are my frustrating experiences.
> 
> As I said, I hope I am not out of place here, pointing this out.
> 
> Regards
> 
> Lou Gogan
> 
> Saula, Achill, Co Mayo, Ireland.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> LINUX - bringing joy and creativity to computing.
> Registered Linux user number 478188
> 
> www.lougogan.com
> 

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://blacknight.mobi/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845