This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] ORG-TKDS1-RIPE - VECTRA S.A. - Spam filters & abuse reporting addresses
- Previous message (by thread): [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552
- Next message (by thread): [anti-abuse-wg] AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Fri Dec 4 23:29:20 CET 2020
Based on my experience, if one is reporting spam to most typical networks, the network operators generally like to actually -see- the spam being reported. Thus, I always include a copy. It is Good that RIPE resource holders now all have abuse reporting addresses in their WHOIS records. It is also Good that RIPE NCC is now checking these abuse reporting contact email addresses to insure that they actually function, at least minimally. What is un-good, in my opinion, is for any network to have an abuse reporting address set up with *content based* anti-spam filters. To illustrate this point, I have recently received a spam from an IP address that is currently being routed by AS29314 - Vectra S.A., located in Poland. I duly forwarded a full copy of that spam to the abuse reporting address provided in the RIPE WHOIS for AS29314, i.e. abuse at vectra.pl. That message was rejected with the following SMTP reject message: <abuse at vectra.pl>: host smtp.vectra.pl[88.156.64.22] said: 554 Spam. Email Session ID: 86748699 (in reply to end of DATA command) Given that outcome, I now feel compelled to locally blacklist all IP space associated with ORG-TKDS1-RIPE (VECTRA S.A.) until such time as some kind soul provides the operators of this network with some education on the topic of how to operate an abuse reporting address. The space in question is as follows: 31.11.128.0/17 31.22.96.0/21 31.135.168.0/21 37.8.192.0/18 37.77.152.0/21 46.36.224.0/19 62.122.112.0/21 77.222.224.0/19 78.31.152.0/21 78.31.209.0/24 78.88.0.0/16 82.139.0.0/18 83.143.40.0/21 83.143.136.0/21 83.243.104.0/21 88.156.0.0/16 89.151.0.0/18 91.192.76.0/22 91.230.159.0/24 91.230.162.0/23 91.230.164.0/22 91.231.116.0/23 91.238.232.0/22 93.105.0.0/16 94.231.48.0/20 95.160.0.0/16 109.107.0.0/19 109.197.56.0/21 109.197.64.0/21 109.241.0.0/16 178.235.0.0/16 185.51.180.0/22 192.166.120.0/23 193.108.228.0/23 193.201.18.0/23 194.54.188.0/22 195.26.72.0/22 195.28.170.0/23 195.95.170.0/24 195.191.162.0/23 195.225.92.0/22 195.242.252.0/22
- Previous message (by thread): [anti-abuse-wg] IPv4 squatting -- Courtesy of AS44050, AS58552
- Next message (by thread): [anti-abuse-wg] AS47510 & AS35555 -- Bogon ASNs routing Bogon IPv4 space
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]