Re: [anti-spam-wg] Any suggestions about how to deal with non co-operative ISP's and RIR's ?

[peter h peter@localhost]

On Monday 02 April 2007 08.50, oca@localhost wrote:
> Any suggestions about how to deal with non co-operative ISP's and RIR's ?
> 
> When I receive a spam mail, I normally send a spam repport to the "abuse 
> mail account" of the ISP being responsible for the IP address using the 
> whois databases of the RIR's.
> 
> Normally this works very fine ... or rather ... I'm often able to deliver 
> the repport somewhere without any problems.
> 
> But in some cases the given account dosn't exist or is hidden behind a 
> spamfilter..
> 
> In these cases I have tried to contact the RIR of the ISP but with very 
> different outcome ...
> 
> Some RIR's consider this as a problem they can deal with and some dosn't !!!
> 
> Last week I received a third spam mail from an ip address belonging to 
> charter.net...
> 
> According to the whois of arin, and to the homepage of the ISP, I should 
> repport abuse to abuse@localhost...
> 
> This I have tried several times getting an "unable to deliver" repport every 
> time ...
> 
> Trying to raise this as an issue for ARIN gives this repply:
> 
> > ARIN is an IP registry whose primary function is the registration and
> > distribution of IP number resources (IP addresses and Autonomous System
> > Numbers) in North America.
> >
> > IP number resource registration information can be found in the
> > public ARIN WHOIS database found at:
> >
> >  http://www.arin.net/whois/
> >
> > Please understand that ARIN does not operate any of the networks contained
> > in the WHOIS database nor is ARIN responsible for supplying and
> > maintaining the registration data in the WHOIS database.  That
> > responsibility lies soley with the registrant of the data.
> 
> How do we fight spam, and other kind of abuse, as long as some of the ISP's 
> and the RIR's has this kind of attitudes ?
> 
> Ole 
> 
> 
The solution is - block them. Either subscribe on a blocklist that fills the
need or block the offending ISP's yourself. IP ranges is easily 
available by "whois"

The downside is that _if_ someone is within that ISP's net they are
not able to mail you, but a proper "bounce-message" ( "Use gmail or any other 
serious mailprovider" ) or punch a hole in you block when needed.

The only real pressure that can be applied to unserious ISP is to 
threat their income. Make their customers complain and eventually 
abandom them.

-- 
        Peter Håkanson   

        There's never money to do it right, but always money to do it
        again ... and again ... and again ... and again.
        ( Det är billigare att göra rätt. Det är dyrt att laga fel. )