This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Abuse Reporting Issues
- Previous message (by thread): [anti-abuse-wg] Abuse Reporting Issues
- Next message (by thread): [anti-abuse-wg] Abuse Reporting Issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Arnold
wiegert at telus.net
Wed Mar 13 00:31:39 CET 2013
On 12/03/2013 2:35 AM, Denis Walker wrote: > Dear Arnold > > I am afraid I am a little confused as to what you were trying to find > in the database. Hello Denis, What I am typically looking for is an e-mail address to which I can send a SPAM report. First I look up the originating IP address in the source code of the SPAM message, plug it into a WhoIs look up via the IANA ipv4-address-space.xml files. Often enough this gives me the abuse handler address. For RIPE, when no abuse address is given, I try to find one using the admin-c: ?????-RIPE and plugging it into http://apps.db.ripe.net/search/query.html to find the NIC handle, which some times has an e-mail address, sometimes it has a circular reference to itself and other times it may have a gmail or hotmail address which often enough bounce because the mail box is full . > > You looked up a PERSON object by the Nic Hdl. The Nic Hdl is the > primary key of a PERSON object in the database. So you found what you > were looking for, the person. > > Now I see that this Nic Hdl is referenced in an INETNUM object. If you > were looking for the abuse contact for that resource, it is possible > to find one by doing many queries manually yourself, but it is not the > recommended way. This PERSON object, has a MNTNER, which has an > admin-c, which references another PERSON that has an abuse-mailbox. > > If you used the Abuse Finder tool to look up the resource, it would > return you the same abuse-mailbox without the need for you to do all > the individual queries. > http://apps.db.ripe.net/search/abuse-finder.html I have tried to use the abuse finder tool a few times, but have never really had enough luck with it to keep using it. Just now I tried both with 217.75.223.120 - abuse-finder.html gave me nothing at all, The query tool gave me - in this case a whole slew of contacts as admin-c, tech-c & NIC-hdl. At least one of these got me a usable e-mail address to which I will send my report. > > I noticed that this resource is an allocation object. Within the next > 6 months this resource WILL have an abuse-c reference. So it will be > even easier to find the abuse contact details without needing to > lookup any personal data. When I first learned of the abuse finder, I tried it - with much the same success as this time. Perhaps I am feeding it the wrong questions and data. In that case I need more information about what sort of things I can feed it - but it would have to be things I can glean from the SPAM e-mail. Clicking on the '?' for the Resource field in the abuse finder did not give me enough to make it work as I would expect it to work - i.e. give me a useful contact e-mail address. Hoping that helps explain how I look for data. Please let me know if there are better or quicker ways to come by the needed data. That being said, I do find that these days I do run into a lot more WhoIS records with usable e-mail addresses compared to even a year ago. Regards, Arnold -- Fight Spam - report it with wxSR 0.5 Vista & Win7 ready http://www.columbinehoney.net/wxSR.shtml
- Previous message (by thread): [anti-abuse-wg] Abuse Reporting Issues
- Next message (by thread): [anti-abuse-wg] Abuse Reporting Issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]