On 4 Nov 2011, at 19:37, Lou Gogan wrote:
Hi
I hope I am not out of place here, but this is my experience today and the problem I find I have because of the broken contacts information via the whois.
This morning I received a fraudulent spam claiming to be from the Bank of Ireland with an attached form to be filled in. I was going to delete it as usual but decided that these types of email fraud need to be reported in order to protect others.
In the case of a phish you should report it to the bank.
I checked out the form and found the form contact link: <a href="http://masserialojazzo.it/wp-admin/user/login.html">MBNA Online</a>
$ host masserialojazzo.it masserialojazzo.it has address 46.252.206.1 ;; connection timed out; no servers could be reached masserialojazzo.it mail is handled by 10 mailstore1.europe.secureserver.net. masserialojazzo.it mail is handled by 0 smtp.europe.secureserver.net.
And then I whoised
$ whois 46.252.206.1 inetnum: 46.252.200.0 - 46.252.207.255 netname: GDNL-46-252-200-0-TO-207-255 descr: Customer country: NL admin-c: WR1096-RIPE tech-c: WR1096-RIPE status: ASSIGNED PA mnt-by: MNT-GDG-NL source: RIPE # Filtered
person: Will Regg address: H.J.E. Wenckebachweg 127 1096 AM Amsterdam phone: +14805058877 nic-hdl: WR1096-RIPE source: RIPE # Filtered
As you may notice, there is no suitable email contact at all. (Writing a letter and posting it off didn't seem a useful option!)
This was a email fraud. I, as a reasonable individual trying to do my civic duty and possible prevent someone with less 'cop on' from being scammed, was utterly wasting my time trying to do anything. There was no abuse contact.
Did the email actually come from that IP or from another one?
If RIPE and ICANN and others want to do anything at all regarding spam, and scams and net abuse etc one of the first actions should be to ensure there are correct contacts for every ISP so at least scams and illegal activity can be reported.
There has been lengthy discussion on this subject on this mailing list and elsewhere
I would also suggest that a default abuse address be insisted upon eg abuse@wherever.doh as I have found many a frustrating experience emailing a named administrator was has left the company and whose email is dead.
Perhaps someone was scammed by this same email today. A quick report and possibly a quick shutdown of that link may have achieved something positive.
I also have a web site which is attacked on a regular basis and I try and make a point of reporting them all. In some cases with very positive results eg a compromised server found etc. I consider that trying to close these people down is the only way to prevent things getting totally out of hand. The problem is that approximately 1 in 4 abuse email addresses are incorrect and the email is returned undelivered.
These are my frustrating experiences.
As I said, I hope I am not out of place here, pointing this out.
Regards
Lou Gogan
Saula, Achill, Co Mayo, Ireland. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ LINUX - bringing joy and creativity to computing. Registered Linux user number 478188
www.lougogan.com
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection ICANN Accredited Registrar http://www.blacknight.com/ http://blog.blacknight.com/ http://blacknight.mobi/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845