Hello, Your Whois database is providing "jhli_jl@mail.jl.cn" abuse contact email for IP 222.160.20.110. However, the mailbox is full (see attached error message). Please ensure each abuse complaint is processed by each network admin or remove useless contacts. Sometimes the user account or the domain name is invalid in the provided email. Thanks for you help. Regards.
Jérôme Bouat wrote:
Hello,
Your Whois database is providing "jhli_jl@mail.jl.cn" abuse contact email for IP 222.160.20.110.
$ whois 222.160.20.110 % APNIC found the following authoritative answer from: whois.apnic.net [..] Otherwise said: this is an APNIC based IP address (not so strange with .cn being in the email address), thus quite outside of the RIPE region.
However, the mailbox is full (see attached error message).
Please ensure each abuse complaint is processed by each network admin or remove useless contacts.
How exactly are RIRs supposed to enforce this?
Sometimes the user account or the domain name is invalid in the provided email.
Thus, because an email box is full, that information should just be removed? What exactly does this help? Greets, Jeroen
Hello, I'm reporting many invalid contact to RIPE, APNIC, AFRINIC, ARIN, LACNIC. I made an error, the invalid contact which is related to you is: "abuse@ono.com" for IP 84.127.214.4. The issue is that the contact admin doesn't solve the abuse I encounter. Who should I contact if the RIPE database manager tell me he/she can't do anything and if you tell me you're not the right working group ? Thanks for your help. Regards. Jérôme Bouat a écrit :
Hello,
Your Whois database is providing "jhli_jl@mail.jl.cn" abuse contact email for IP 222.160.20.110.
However, the mailbox is full (see attached error message).
Please ensure each abuse complaint is processed by each network admin or remove useless contacts.
Sometimes the user account or the domain name is invalid in the provided email.
Thanks for you help.
Regards.
------------------------------------------------------------------------
Sujet: À´×Ô mail.jl.cn µÄÍËÐÅ Expéditeur: PostMaster@mail.jl.cn <> Date: Thu, 04 Jun 2009 16:50:21 +0800 Destinataire: jerome.bouat@wanadoo.fr
Destinataire: jerome.bouat@wanadoo.fr
ÒÔϵÄÓʼþ:
ÈÕÆÚ: Thu, 4 Jun 2009 10:56:00 +0200 (CEST) Ö÷Ìâ: Spam Complaint [Msg#14209, IP 222.160.20.110]; ´óС: 2683 bytes ×Ö½Ú ¶¯×÷: ʧ°Ü
ûÓÐÄܹ»·¢Ë͵½ÒÔϵÄÊÕ¼þÈË:
jhli_jl:mail "(0), ErrMsg=Too many mails in mailbox. Mail count (3030) reaches or exceeds upper limit (3000)."
²»»áÔÙÓÐÈκζ¯×÷À´³¢ÊÔ·¢ËÍÄãµÄÓʼþÁË¡£ ÇëÁªÏµÄãµÄϵͳ¹ÜÀíÔ±»òÏÈͨ¹ýÆäËü·Çµç×ÓÓʼþµÄ·½Ê½ÏòÄãµÄÅóÓÑ·¢ËÍÐÅÏ¢ÒÔÃâµ¢Îó¡£
------------------------------------------------------------------------
Sujet: Spam Complaint [Msg#14209, IP 222.160.20.110]; Expéditeur: jerome.bouat@wanadoo.fr Date: Thu, 4 Jun 2009 10:56:00 +0200 (CEST) Destinataire: abuse@chinaunicom.cn, abuse@cnc-noc.net, jhli_jl@mail.jl.cn
Destinataire: abuse@chinaunicom.cn, abuse@cnc-noc.net, jhli_jl@mail.jl.cn
I have attached an unsolicited e-mail sent to my computer. Please investigate and prevent recurrences by acting on your Acceptable Use Policy.
Your help is greatly appreciated.
Thank You
-------- Original Message --------
From - Thu Jun 4 10:20:54 2009 X-Account-Key:account2 X-UIDL:1186180440.17051 X-Mozilla-Status:0001 X-Mozilla-Status2:00000000 X-Mozilla-Keys: Return-Path:<JamesSherman@yyhmail.com> Received:from mwinf8208.laposte.net (mwinf8208.laposte.net) by mwinb7606 (SMTP Server) with LMTP; Thu, 04 Jun 2009 07:50:57 +0200 X-Sieve:Server Sieve 2.2 Received:from meplus.info (localhost [127.0.0.1]) by mwinf8208.laposte.net (SMTP Server) with ESMTP id 89C0E240008A; Thu, 4 Jun 2009 07:50:57 +0200 (CEST) Received:from 193.251.214.113 (unknown [222.160.20.110]) by mwinf8208.laposte.net (SMTP Server) with SMTP id 445C72400091; Thu, 4 Jun 2009 07:50:38 +0200 (CEST) X-ME-UUID:20090604055039280.445C72400091@mwinf8208.laposte.net Date:Thu, 04 Jun 2009 01:50:34 -0500 From:"Le sexe le potentiel +100 %" <LorenWray@amrer.net> Message-ID:<QD8965drumlin@innate.com> To:jerome.borde@laposte.net Subject:*** SPAM ***Re:Votre succ�s sexuel en 15 minutes. MIME-Version:1.0 Content-Type:text/html; charset=iso-8859-1 Content-Transfer-Encoding:7bit X-me-spamlevel:med X-me-spamrating:89.099998 X-me-spamcause:OK, (330)(1000)gggruggvucftvghtrhhoucdtuddrvdekvddrgeekucetggdotefuucfrrhhofhhilhgvmecuoehnohhnvgeqnecuuegrihhlohhuthemuceftddtnecujfhtmhhlqfhnlhihqddqqfdvkedvqdduvdculdeftddtmdennhhouchhohhsthcuuhhrlhculdeftddm
Jérôme Bouat wrote:
Hello,
I'm reporting many invalid contact to RIPE, APNIC, AFRINIC, ARIN, LACNIC.
I made an error, the invalid contact which is related to you is: "abuse@ono.com" for IP 84.127.214.4.
The issue is that the contact admin doesn't solve the abuse I encounter.
Who should I contact if the RIPE database manager tell me he/she can't do anything and if you tell me you're not the right working group ?
(I am not the "Working Group", just one of the voices in it) Abuse has nothing to do with Address Policy. If you don't get a response from the ISP in question, then I suggest you contact the upstream. In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them. Greets, Jeroen
Abuse has nothing to do with Address Policy.
If the abuse contact provided by the whois database is wrong then it is an address policy issue since the contact information was wrong when assigning an IP range.
If you don't get a response from the ISP in question, then I suggest you contact the upstream.
Who is upstream ?
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
I don't agree. If the admin cut the network access of the spammer he/she won't continue to send Spam. Regards. Jeroen Massar a écrit :
Jérôme Bouat wrote:
Hello,
I'm reporting many invalid contact to RIPE, APNIC, AFRINIC, ARIN, LACNIC.
I made an error, the invalid contact which is related to you is: "abuse@ono.com" for IP 84.127.214.4.
The issue is that the contact admin doesn't solve the abuse I encounter.
Who should I contact if the RIPE database manager tell me he/she can't do anything and if you tell me you're not the right working group ?
(I am not the "Working Group", just one of the voices in it)
Abuse has nothing to do with Address Policy. If you don't get a response from the ISP in question, then I suggest you contact the upstream.
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
Greets, Jeroen
See here: http://www.ripe.net/info/faq/abuse/index.html#6
6. Why are there no contact details or incorrect contact details for reporting spam email listed in the RIPE Database for the IP address I searched on?
The records in the Regional Internet Registries' (RIR) databases are entered and maintained by the organisations that receive IP addresses from each >RIR. The RIRs do not check the accuracy of any of the records in the database or make any changes to the data maintained by these organisations. The >RIPE NCC has no power to update any of these records.
You need to contact the 'ONO' (perhaps try ripe-tech@ono.es), not a RIPE working group. Major peers of 'ONO' are AS1273 and AS1299; you could try contacting them. -----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Jérôme Bouat Sent: 04 June 2009 13:20 To: Jeroen Massar Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] Re: please remove invalid abuse contacts
Abuse has nothing to do with Address Policy.
If the abuse contact provided by the whois database is wrong then it is an address policy issue since the contact information was wrong when assigning an IP range.
If you don't get a response from the ISP in question, then I suggest you contact the upstream.
Who is upstream ?
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
I don't agree. If the admin cut the network access of the spammer he/she won't continue to send Spam. Regards. Jeroen Massar a écrit :
Jérôme Bouat wrote:
Hello,
I'm reporting many invalid contact to RIPE, APNIC, AFRINIC, ARIN, LACNIC.
I made an error, the invalid contact which is related to you is: "abuse@ono.com" for IP 84.127.214.4.
The issue is that the contact admin doesn't solve the abuse I encounter.
Who should I contact if the RIPE database manager tell me he/she can't do anything and if you tell me you're not the right working group ?
(I am not the "Working Group", just one of the voices in it)
Abuse has nothing to do with Address Policy. If you don't get a response from the ISP in question, then I suggest you contact the upstream.
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
Greets, Jeroen
perhaps try ripe-tech@ono.es
The issue is I have no time to try and I would like the right contact at the first try. How to ensure the whois database is accurate just after the IP range registration ? Tom Farrar a écrit :
See here:
http://www.ripe.net/info/faq/abuse/index.html#6
6. Why are there no contact details or incorrect contact details for reporting spam email listed in the RIPE Database for the IP address I searched on?
The records in the Regional Internet Registries' (RIR) databases are entered and maintained by the organisations that receive IP addresses from each >RIR. The RIRs do not check the accuracy of any of the records in the database or make any changes to the data maintained by these organisations. The >RIPE NCC has no power to update any of these records.
You need to contact the 'ONO' (perhaps try ripe-tech@ono.es), not a RIPE working group. Major peers of 'ONO' are AS1273 and AS1299; you could try contacting them.
-----Original Message----- From: address-policy-wg-admin@ripe.net [mailto:address-policy-wg-admin@ripe.net] On Behalf Of Jérôme Bouat Sent: 04 June 2009 13:20 To: Jeroen Massar Cc: address-policy-wg@ripe.net Subject: Re: [address-policy-wg] Re: please remove invalid abuse contacts
Abuse has nothing to do with Address Policy.
If the abuse contact provided by the whois database is wrong then it is an address policy issue since the contact information was wrong when assigning an IP range.
If you don't get a response from the ISP in question, then I suggest you contact the upstream.
Who is upstream ?
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
I don't agree. If the admin cut the network access of the spammer he/she won't continue to send Spam.
Regards.
Jeroen Massar a écrit :
Jérôme Bouat wrote:
Hello,
I'm reporting many invalid contact to RIPE, APNIC, AFRINIC, ARIN, LACNIC.
I made an error, the invalid contact which is related to you is: "abuse@ono.com" for IP 84.127.214.4.
The issue is that the contact admin doesn't solve the abuse I encounter.
Who should I contact if the RIPE database manager tell me he/she can't do anything and if you tell me you're not the right working group ? (I am not the "Working Group", just one of the voices in it)
Abuse has nothing to do with Address Policy. If you don't get a response from the ISP in question, then I suggest you contact the upstream.
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
Greets, Jeroen
perhaps try ripe-tech@ono.es
The issue is I have no time to try and I would like the right contact at the first try.
How to ensure the whois database is accurate just after the IP range registration ?
You really need to get some education on how the Internet works. First of all, this IP range was never registered with RIPE because it is from an APNIC allocation. Secondly, this email address was probably accurate at the time of registration. In fact, it was probably accurate two days ago as well. The email address exists and is active on an email server which replied to you that the mailbox is full. This often happens when a spammer starts sending email from a new source, and a flood of complaints fill up the mailbox during the next few hours. Thirdly, it is not your responsibility to police the APNIC database or the RIPE database. Fourthly, people who understand the dynamics of SPAM attacks, also understand why mailboxes are full, and since there are already lots of complaints, they decide that there is no point in adding one more complaint. Instead, they block that IP address (or IP address range) from their email servers for a few days. Finally, this RIPE address policy working group does not have the powers to create policies which police the APNIC database, and probably not even the RIPE database, because policing is not really in scope for RIPE. If there is some technical reason why you cannot solve this issue by blocking traffic from the IP address range of the source of the SPAM, then your only logical course of action is to contact the upstream peers of the SPAM source ISP and ask those peers to block your address range from receiving packets. Generally you only want to do this if it is a DDoS. --Michael Dillon P.S. Once evening, a policeman notices a man crawling on his knees searching for something under a lamppost. "Excuse me, sir, have you lost something?" he says. The man replies, "It's my car-keys, I dropped them". The policeman gets down on his knees and helps to search. After a moment, he says to the man, "Are you sure that you dropped them here?". "Oh no, says the man, I dropped them way down the street but it is too dark there to see anything so I came here under the street lamp where it is easier to see.".
Jérôme Bouat wrote:
Abuse has nothing to do with Address Policy.
If the abuse contact provided by the whois database is wrong then it is an address policy issue since the contact information was wrong when assigning an IP range.
Then it could only be that the address is outdated. Nothing much *this* working group can do about. For outdated addresses etc in the RIPE database, you could possibly contact hostmaster@ripe.net, but they won't be able to do much about that either.
If you don't get a response from the ISP in question, then I suggest you contact the upstream.
Who is upstream ?
If you do not know how to figure that out or even what that is, then I suggest you first take an educational course on how the Internet really works.
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
I don't agree. If the admin cut the network access of the spammer he/she won't continue to send Spam.
The upstreams can (possibly) do that even if you can't reach them anymore as they provide the connectivity to them, and most very likely have a paying relationship and thus hopefully correct contacts. Greets, Jeroen
On 4 Jun 2009, at 13:20, Jérôme Bouat wrote:
If the abuse contact provided by the whois database is wrong then it is an address policy issue since the contact information was wrong when assigning an IP range.
Define "wrong". Apart from the data someone inputs for themself, how can anyone know for sure any contact data in whois is correct? For some definition of "correct". In any case, I fail to see how your gripe about a full mailbox for an abuse contact in the APNIC whois database has any relevance to this list. Please take this discussion somewhere else. I am sure there are APNIC-specific lists for discussing its database, address policy and abuse issues.
Jeroen and all, Exactly right! I just block them, report them to DHS, and move on... Recognizing of course nothing or any consequence will be actually done about it and the fact that getting something done about it is really ICANN's job which of course it has fallen down on sense it very conception and continues to be negligent accordingly. Jeroen Massar wrote:
Jérôme Bouat wrote:
Hello,
I'm reporting many invalid contact to RIPE, APNIC, AFRINIC, ARIN, LACNIC.
I made an error, the invalid contact which is related to you is: "abuse@ono.com" for IP 84.127.214.4.
The issue is that the contact admin doesn't solve the abuse I encounter.
Who should I contact if the RIPE database manager tell me he/she can't do anything and if you tell me you're not the right working group ?
(I am not the "Working Group", just one of the voices in it)
Abuse has nothing to do with Address Policy. If you don't get a response from the ISP in question, then I suggest you contact the upstream.
In most of these kind of cases though you won't be able to resolve those questions and you are just wasting a lot of your time, as such choose the easy way: just block them.
Greets, Jeroen
------------------------------------------------------------------------ Name: signature.asc signature.asc Type: application/pgp-signature Description: OpenPGP digital signature
Regards, Spokesman for INEGroup LLA. - (Over 284k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "YES WE CAN!" Barack ( Berry ) Obama "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827
participants (6)
-
Jeffrey A. Williams -
Jeroen Massar -
Jim Reid -
Jérôme Bouat -
michael.dillon@bt.com -
Tom Farrar