[anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)

On Sat, 06 Apr 2019 13:05:09 -0700
"Ronald F. Guilmette" <rfg at tristatelogic.com> wrote:
> It will be wonderful when the RIPE NCC people are able to verify that
> all abuse reporting addresses listed in the RIPE data base are at
> least able to receive incoming mail.
> The alone, of course, will not do anything to insure that any human
> ever reads any message or message sent to any such e-mail address.
> That separate and additional issue is a whole separate can of worms.
> 

If people do not care about abuse reports they are usually listed...

> Here is an example.
> I just received a spam from 195.12.186.6 which is quite clearly on the
> network of AS47205, aka telia.lt.  so I sent a polite abuse report,
> inclduing the full spam headers, to the <abuse at telia.lt> address, just
> as I am instructed to do by the RIPE WHOIS record for AS47205.
> I received back, almost immediately, the automated response appended
> below.
> This response appears to me to be saying that the managers of AS47205
> are intending to 100% ignore my spam report, unless and until I ALSO
> take up my time to fill out their stupid web form... a web form that
> has a checkbox for every other kind of network abuse EXCEPT for
> spamming.
> 

I score 5.5 on superblock.sscams.com, 3 on block.ascams.com and 2 on
Drmx...

So, 195.12.186.6 would have been 10.5 (probably more) and I personally
drop on 10+ - some of my users only drop on around 25+ :)
 
http://multirbl.valli.org/lookup/195.12.186.6.html

Anyway, in your example, I would not even have received the spam at all :)

> I do not have time in my day to figure out how to fill out the
> eighteen million different kinds of web forms that each separate ASN
> has concocted in order to try to thwart and deter people from
> reporting simple kinds of abuse like spamming, and I will not do so.
> The offense in this case was committed over email, and I do not see
> why the REPORT of that offense should not likewise be accepted over
> email.
> For this reason, it is my hope that whoever in NCC is doing the abuse
> email address verification will take some steps to find out not just
> that the email addresses accept incoming email, but also that some
> actual human sits behind each one of those email addresses.  Anybody
> can easily program what is sometimes called an "ignorebot" to send
> out meaningless replies to incoming mail, just s telia.lt appears to
> have done, but that is not a productive way to actually resolve
> spamming issues.
> Of course, it is my hope that telia.lt will rid itself of this
> particular troublesome customer, but in lieu of that I would be
> willing to accept that their abuse handler(s) have at least been made
> aware of the issue.
> But it seems that even that minimal aspiration is too much to hope
> for, at least for some networks.
>

Listing those people who do nothing about abuse is the very best way to
handle abuse, If you are a hosting company, you can allow your clients
to set their own abuse scores, so the clients control what they receive
and what they do not receive...

as ipv4 is on rbl and ipv6 is on whitelist, it is easy peasy and; 

spam = dead. (unless the user/client decides/wants to receive spam...)

Andre