[anti-abuse-wg] broken contacts

Hi Michele

On Friday 04 November 2011 19:04:17 you wrote:
> 
> On 4 Nov 2011, at 19:37, Lou Gogan wrote:
> 
> > Hi
> > I hope I am not out of place here, but this is my experience today and the 
> > problem I find I have because of the broken contacts information via the 
whois.
> > 
> > This morning I received a fraudulent spam claiming to be from the Bank of 
> > Ireland with an attached form to be filled in. I was going to delete it as 
> > usual but decided that these types of email fraud need to be reported in 
order 
> > to protect others.
> 
> In the case of a phish you should report it to the bank.

Didn't think of that. Doh!

Though I still think a direct contact with the IP would close down that 
fraudulent link immediately. 

> > 
> > I checked out the form and found the form contact link:
> > <a href="http://masserialojazzo.it/wp-admin/user/login.html">MBNA Online</a>
> > 
> > $ host masserialojazzo.it
> > masserialojazzo.it has address 46.252.206.1
> > 
> > And then I whoised
> > 
> > $ whois 46.252.206.1

~~~ snip ~~~

> > As you may notice, there is no suitable email contact at all. (Writing a
> > letter  and posting it off didn't seem a useful option!)
> > 
> > This was a email fraud. I, as a reasonable individual trying to do my civic 
duty 
> > and possible prevent someone with less 'cop on' from being scammed, was 
utterly  
> > wasting my time trying to do anything. There was no abuse contact.
> 
> Did the email actually come from that IP or from another one?

According to spamcop: virginmedia.com - I sent virginmedia.com an email report

> > If RIPE and ICANN and others want to do anything at all regarding spam, and 
> > scams and net abuse etc one of the first actions should be to ensure there 
are 
> > correct contacts for every ISP so at least scams and illegal activity can be 
> > reported.
> 
> There has been lengthy discussion on this subject on this mailing list and 
elsewhere
> 
> > I would also suggest that a default abuse address be insisted upon eg 
> > abuse at wherever.doh as I have found many a frustrating experience emailing a 
> > named administrator was has left the company and whose email is dead.
> > 
> > Perhaps someone was scammed by this same email today. A quick report and 
> > possibly a quick shutdown of that link may have achieved something positive.
> > 
~~~ snip ~~~

Regards
Lou Gogan

Saula, Achill, Co Mayo, Ireland.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LINUX - bringing joy and creativity to computing.
Registered Linux user number 478188

www.lougogan.com
 
> Mr Michele Neylon
~~~snip ~~~
> http://www.blacknight.com/
> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
> Road,Graiguecullen,Carlow,Ireland  Company No.: 370845
> 
>