Hi Lou, there is already a Task Force in place trying to solve the fact of missing abuse contact information. http://www.ripe.net/ripe/groups/tf/abuse-contact We will publish a policy proposal soon. Feel free to support the proposal here on the list as soon as we will post it. Thanks, Tobias Am 04.11.11 19:37, schrieb Lou Gogan:
Hi
I hope I am not out of place here, but this is my experience today and the problem I find I have because of the broken contacts information via the whois.
This morning I received a fraudulent spam claiming to be from the Bank of Ireland with an attached form to be filled in. I was going to delete it as usual but decided that these types of email fraud need to be reported in order to protect others.
I checked out the form and found the form contact link: <a href="http://masserialojazzo.it/wp-admin/user/login.html">MBNA Online</a>
$ host masserialojazzo.it masserialojazzo.it has address 46.252.206.1 ;; connection timed out; no servers could be reached masserialojazzo.it mail is handled by 10 mailstore1.europe.secureserver.net. masserialojazzo.it mail is handled by 0 smtp.europe.secureserver.net.
And then I whoised
$ whois 46.252.206.1 inetnum: 46.252.200.0 - 46.252.207.255 netname: GDNL-46-252-200-0-TO-207-255 descr: Customer country: NL admin-c: WR1096-RIPE tech-c: WR1096-RIPE status: ASSIGNED PA mnt-by: MNT-GDG-NL source: RIPE # Filtered
person: Will Regg address: H.J.E. Wenckebachweg 127 1096 AM Amsterdam phone: +14805058877 nic-hdl: WR1096-RIPE source: RIPE # Filtered
As you may notice, there is no suitable email contact at all. (Writing a letter and posting it off didn't seem a useful option!)
This was a email fraud. I, as a reasonable individual trying to do my civic duty and possible prevent someone with less 'cop on' from being scammed, was utterly wasting my time trying to do anything. There was no abuse contact.
If RIPE and ICANN and others want to do anything at all regarding spam, and scams and net abuse etc one of the first actions should be to ensure there are correct contacts for every ISP so at least scams and illegal activity can be reported.
I would also suggest that a default abuse address be insisted upon eg abuse@wherever.doh as I have found many a frustrating experience emailing a named administrator was has left the company and whose email is dead.
Perhaps someone was scammed by this same email today. A quick report and possibly a quick shutdown of that link may have achieved something positive.
I also have a web site which is attacked on a regular basis and I try and make a point of reporting them all. In some cases with very positive results eg a compromised server found etc. I consider that trying to close these people down is the only way to prevent things getting totally out of hand. The problem is that approximately 1 in 4 abuse email addresses are incorrect and the email is returned undelivered.
These are my frustrating experiences.
As I said, I hope I am not out of place here, pointing this out.
Regards
Lou Gogan
Saula, Achill, Co Mayo, Ireland. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ LINUX - bringing joy and creativity to computing. Registered Linux user number 478188
www.lougogan.com