-------- Original Message --------
Subject: [anti-abuse-wg] telia.lt: Ignoring abuse complaints (?)
From: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Date: Sun, April 07, 2019 6:05 am
To: anti-abuse-wg@ripe.net
It will be wonderful when the RIPE NCC people are able to verify that
all abuse reporting addresses listed in the RIPE data base are at least
able to receive incoming mail.
The alone, of course, will not do anything to insure that any human
ever reads any message or message sent to any such e-mail address.
That separate and additional issue is a whole separate can of worms.
Here is an example.
I just received a spam from 195.12.186.6 which is quite clearly on the
network of AS47205, aka telia.lt. so I sent a polite abuse report,
inclduing the full spam headers, to the <abuse@telia.lt> address, just
as I am instructed to do by the RIPE WHOIS record for AS47205.
I received back, almost immediately, the automated response appended below.
This response appears to me to be saying that the managers of AS47205
are intending to 100% ignore my spam report, unless and until I ALSO
take up my time to fill out their stupid web form... a web form that
has a checkbox for every other kind of network abuse EXCEPT for spamming.
I do not have time in my day to figure out how to fill out the eighteen
million different kinds of web forms that each separate ASN has concocted
in order to try to thwart and deter people from reporting simple kinds
of abuse like spamming, and I will not do so. The offense in this case
was committed over email, and I do not see why the REPORT of that offense
should not likewise be accepted over email.
For this reason, it is my hope that whoever in NCC is doing the abuse email
address verification will take some steps to find out not just that the
email addresses accept incoming email, but also that some actual human
sits behind each one of those email addresses. Anybody can easily program
what is sometimes called an "ignorebot" to send out meaningless replies to
incoming mail, just s telia.lt appears to have done, but that is not a
productive way to actually resolve spamming issues.
Of course, it is my hope that telia.lt will rid itself of this particular
troublesome customer, but in lieu of that I would be willing to accept
that their abuse handler(s) have at least been made aware of the issue.
But it seems that even that minimal aspiration is too much to hope for,
at least for some networks.
Regards,
rfg
===========================================================================
Return-Path: <abuse@telia.lt>
X-Original-To: rfg@tristatelogic.com
Delivered-To: rfg@tristatelogic.com
Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40089.outbound.protection.outlook.com [40.107.4.89])
by segfault.tristatelogic.com (Postfix) with ESMTP id 8670F3AFF4
for <rfg@tristatelogic.com>; Sat, 6 Apr 2019 12:39:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=TelcloudLT.onmicrosoft.com; s=selector1-telia-lt;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=BUSHfNh3Hp1HFJ94NFi7MR324ExTC8M6wccKAcKo8N4=;
b=GQKY/rqL0A7n4AXR3t2IsqduWIhW6ki5RCosC0lBT7UnmrbHGuhOfzUAKEcyMcys3VbG2gGtYX0VzOe3gtiouJiRB6Eql1lOEsjOi8VQlt6hqD5jGj8W7v+uS0QSIpVhm/+xLarqgPfF3G3f54jc7xc41drAf3mrlnWyWkLwyQw=
Received: from AM6PR10CA0088.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:8c::29)
by DB8PR10MB3017.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:ea::29) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.16; Sat, 6 Apr
2019 19:39:01 +0000
Received: from AM5EUR02FT027.eop-EUR02.prod.protection.outlook.com
(2a01:111:f400:7e1e::205) by AM6PR10CA0088.outlook.office365.com
(2603:10a6:209:8c::29) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1771.16 via Frontend
Transport; Sat, 6 Apr 2019 19:39:01 +0000
Authentication-Results: spf=fail (sender IP is 88.118.134.180)
smtp.mailfrom=telia.lt; tristatelogic.com; dkim=none (message not signed)
header.d=none;tristatelogic.com; dmarc=none action=none header.from=telia.lt;
Received-SPF: Fail (protection.outlook.com: domain of telia.lt does not
designate 88.118.134.180 as permitted sender)
receiver=protection.outlook.com; client-ip=88.118.134.180;
helo=mail.telia.lt;
Received: from mail.telia.lt (88.118.134.180) by
AM5EUR02FT027.mail.protection.outlook.com (10.152.8.127) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id
15.20.1771.16 via Frontend Transport; Sat, 6 Apr 2019 19:39:01 +0000
Received: from SREHCZ2.in.telecom.lt (10.75.8.219) by mail.telia.lt
(10.75.128.5) with Microsoft SMTP Server (version=TLS1_0,
cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.1.1531.3; Sat, 6 Apr 2019
22:39:00 +0300
Received: from SREMBP2.in.telecom.lt ([fe80::3d26:8437:9e0d:59e8]) by
srehcz2.in.telecom.lt ([::1]) with mapi id 14.03.0439.000; Sat, 6 Apr 2019
22:39:00 +0300
From: Abuse <abuse@telia.lt>
To: "Ronald F. Guilmette" <rfg@tristatelogic.com>
Subject: Auto reply
Thread-Topic: Auto reply
Thread-Index: AdTssGDyKWhhEYekSwaq/rd/nOkgpQAAAACd
Date: Sat, 6 Apr 2019 19:38:58 +0000
Message-ID: <EFBD252184E6D64D98235891A1404040520D6A18@SREMBP2.in.telecom.lt>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
X-Original-Content-Type: multipart/alternative;
boundary="_000_EFBD252184E6D64D98235891A1404040520D6A18SREMBP2inteleco_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report:
CIP:88.118.134.180;IPV:NLI;CTRY:LT;EFV:NLI;SFV:NSPM;SFS:(10009020)(376002)(346002)(136003)(39860400002)(396003)(2980300002)(1110001)(1109001)(339900001)(199004)(189003)(126002)(246002)(478600001)(8936002)(7596002)(336012)(476003)(356004)(74482002)(86362001)(8676002)(55846006)(66574012)(84326002)(6916009)(7116003)(186003)(486006)(221733001)(2906002)(85426001)(790700001)(7636002)(14444005)(33656002)(26005)(6306002)(37786003)(606006)(3480700005)(102836004)(9686003)(54896002)(5660300002)(236005)(106466001)(55016002)(105606002)(7696005)(316002)(71190400001)(16586007);DIR:OUT;SFP:1101;SCL:1;SRVR:DB8PR10MB3017;H:mail.telia.lt;FPR:;SPF:Fail;LANG:lt;PTR:mail.telia.lt;A:1;MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 77402847-696c-4e25-3856-08d6bac784f7
X-Microsoft-Antispam:
BCL:0;PCL:0;RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328);SRVR:DB8PR10MB3017;
X-MS-TrafficTypeDiagnostic: DB8PR10MB3017:
X-MS-Exchange-PUrlCount: 2
X-Microsoft-Antispam-PRVS:
<DB8PR10MB30178C5AEE8B4F4C7684FC76D9520@DB8PR10MB3017.EURPRD10.PROD.OUTLOOK.COM>
X-Forefront-PRVS: 0999136621
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info:
3QvdDu+iGHWCuMAjA7Vsqh3dV6p7pGf9MiaOlzahoG6BPUMJp5h8WeIYR//QoivGPneeomCWEtbWoocikmV1Wvyl0bxwER743nquRh400IfAT84z1GDcDNkwLs8QXhFfqeQAKmewe2FWU6f1ZJL3MK/Mf06/iAqlD4DixZEOJr2+VDsK+QvfU8g9cKmuXj3lLCokHDFqtRLWKQ5I3SuxFEMdNqwxy21RSp2dbRr6EIE/oSwZBKMm2B1Q3MOS3xUs0lhMBFysEVGFroOu0BB1ShE+GMwpndqVwFRG97MANcQS0y8kDdM9yKShaim0ASPluky+53gXVcer+1bWHauQpcqb2/omkPRE3zr/XOKa3xtrb0sQhM7jjj9k2l0ummiGa3cYRuCTYgyb7lk8bes1tV5ynH7NTChvD9BvH58g4ik=
X-OriginatorOrg: telia.lt
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Apr 2019 19:39:01.0365
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 77402847-696c-4e25-3856-08d6bac784f7
X-MS-Exchange-CrossTenant-Id: 8f113f62-2414-4adb-b94d-b6fc780129ae
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=8f113f62-2414-4adb-b94d-b6fc780129ae;Ip=[88.118.134.180];Helo=[mail.telia.lt]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8PR10MB3017
Sveiki,
Dëkojame uþ þinutæ. Ðiuo adresu gauname daug ávairiø praneðimø. Tam, kad
galëtume operatyviai iðspræsti Jûsø klausimà, praðome skirti minutæ ir
patikslinti klausimà, dël kurio kreipiatës.
Praðome uþpildyti trumpà anketà<https://www.telia.lt/abuse>, kuri padës
mums greièiau ir tiksliau Jums atsakyti.
Pagarbiai
Telia
Hello,
Thank You for your message. We receive many different messages to this
address. In order to handle your question, we are kindly requesting you to
spend a minute of your time and to specify your question.
Please fill in a short questionnaire<https://www.telia.lt/abuse/en>, which
will help us to give a prompter and more accurate reply to your question.
Kind regards,
Sveiki,
Dekojame uz zinute. Siuo adresu gauname daug ivairiu pranesimu. Tam,
kad galetume operatyviai isspresti Jusu klausima, prasome skirti minute
ir patikslinti klausima, del kurio kreipiates.
Prasome uzpildyti trumpa [1]anketa, kuri pades mums greiciau ir
tiksliau Jums atsakyti.
Pagarbiai
Telia
Hello,
Thank You for your message. We receive many different messages to this
address. In order to handle your question, we are kindly requesting you
to spend a minute of your time and to specify your question.
Please fill in a short [2]questionnaire, which will help us to give a
prompter and more accurate reply to your question.
Kind regards,
Telia
References
1. https://www.telia.lt/abuse
2. https://www.telia.lt/abuse/en