[anti-abuse-wg] Abuse Reporting Issues

On 12/03/2013 2:35 AM, Denis Walker wrote:
> Dear Arnold
>
> I am afraid I am a little confused as to what you were trying to find 
> in the database.
Hello Denis,
What I am typically looking for is an e-mail address to which I can send 
a SPAM
report.
First I look up the originating IP address in the source code of the 
SPAM message,
plug it into a WhoIs look up via the IANA  ipv4-address-space.xml files.
Often enough this gives me the abuse handler address.
For RIPE, when no abuse address is given, I try to find one using
the admin-c: ?????-RIPE and plugging it into
http://apps.db.ripe.net/search/query.html
to find the NIC handle, which some times has an e-mail address, 
sometimes it
has a circular reference to itself and other times it may have a gmail 
or hotmail
address which often enough bounce because the mail box is full .
>
> You looked up a PERSON object by the Nic Hdl. The Nic Hdl is the 
> primary key of a PERSON object in the database. So you found what you 
> were looking for, the person.
>
> Now I see that this Nic Hdl is referenced in an INETNUM object. If you 
> were looking for the abuse contact for that resource, it is possible 
> to find one by doing many queries manually yourself, but it is not the 
> recommended way. This PERSON object, has a MNTNER, which has an 
> admin-c, which references another PERSON that has an abuse-mailbox.
>
> If you used the Abuse Finder tool to look up the resource, it would 
> return you the same abuse-mailbox without the need for you to do all 
> the individual queries.
> http://apps.db.ripe.net/search/abuse-finder.html
I have tried to use the abuse finder tool a few times, but have never 
really had enough luck with it
to keep using it.
Just now I tried both with
217.75.223.120  -
abuse-finder.html gave me nothing at all,
The query tool gave me - in this case a whole slew of
contacts as admin-c, tech-c & NIC-hdl.
At least one of these got me a usable e-mail address to which I will 
send my report.
>
> I noticed that this resource is an allocation object. Within the next 
> 6 months this resource WILL have an abuse-c reference. So it will be 
> even easier to find the abuse contact details without needing to 
> lookup any personal data.
When I first learned of the abuse finder, I tried it - with much the 
same success as this time.
Perhaps I am feeding it the wrong questions and data.
In that case I need more information about what sort of things I can 
feed it - but it would have to be things I can glean from the SPAM e-mail.
Clicking on the '?' for the Resource field in the abuse finder did not 
give me enough to make it work as I would expect it to work - i.e. give 
me a useful contact e-mail address.

Hoping that helps explain how I look for data.

Please let me know if there are better or quicker ways to come by the 
needed data.

That being said, I do find that these days I do run into a lot more 
WhoIS records with
usable e-mail addresses compared to even a year ago.

Regards,
Arnold

-- 
Fight Spam - report it with wxSR 0.5
Vista & Win7 ready
http://www.columbinehoney.net/wxSR.shtml