This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
- Previous message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
- Next message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Carlos Friaças
cfriacas at fccn.pt
Thu Feb 20 09:10:03 CET 2020
Hi Hans-Martin, All, <CSIRT hat on> On Wed, 19 Feb 2020, Hans-Martin Mosner wrote: > AS24961 (RIPE NCC member myLoc managed IT AG) continues to host one persistent spam sender years after years. I have > complained to them a number of times, with no noticeable effect. > > The sender is recognizable by characteristics of their domain names and local parts, and most importantly by their DNS > service, which is always uadns.com. Would be easy to deny them service if myLoc wanted to. > > Domain registrations are most often done via Ledl.net GmbH (RIPE NCC member). OK, so you started to expose some of the spammer's characteristics. > Registries DENIC eG (RIPE NCC member), EURid vzw (RIPE NCC member), nic.at GmbH (RIPE NCC member) willingly accept > registrations that have most likely fake data (which I can't check because these data are conveniently not disclosed, > although they very likely describe a commercial entity and not existing private persons and are therefore not subject to > GDPR protections.) "most likely" will not get you anywhere. I think you are completely right about the GDPR issue. While that wasn't the goal of GDPR some orgs actually use it as an excuse for company obscurity -- which seem to be acceptable for some or most of their service providers. > Excuse me while I vomit a little. You are not alone. > I know that this working group is not responsible for handling individual cases of abuse, Exactly, but should be responsible for finding ways to reduce abuse and/or its impact -- which is what is more or less written in the WG charter. > so my intention is not to get a solution (which I already did via > nullrouting that AS) You may have solved your problem. But that same spammer has a whole lot of targets to go on with the same "business model"... > but to understand how persistent abuse-enabling entities can act > unhindered without any clear escalation path. They simply do. IMHO because they: 1) find service providers who look the other way. 2) build and operate their own networking/security/anti-ddos infrastructure. > Effectively extracting the last rotten tooth "ICANN Whois Inaccuracy > Complaint" by hiding all registration data so that an inaccuracy check > is made impossible didn't help much... > > Cheers, > Hans-Martin Cheers, Carlos
- Previous message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
- Next message (by thread): [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]