By Sander Steffann
How do you propose to distinguish people/companies with bad intentions (for some value of bad, let's assume "planning to send spam") from normal companies?
With a crystal ball or being victimized of them. As a victim - with disabled WPOISON - you may denounce and evaluate the company's behavior, but prepare to report the same spammer at the same ISP again and again and again. But you will know who is who and will archive evidence. Sander, the Ronald name is not Roland. Ronald, the situation you are describing seems to be evading taxes. All this mystery would not have intended to avoid payment of rates required by law and for years? Spam has not yet been criminalized, but tax evasion, send to prison. What Brian Krebs ex-Washington Post would say about it? “With a small bit of Googling I…” I would say, ask the Olga! You don't know who Olga is? Well, ask the RIPE! I denounced IBM-SoftLayer for Krebs. He was very condescending citing Spamhaus: “We believe that SoftLayer, perhaps in an attempt to extend their business in the rapidly-growing Brazilian market, deliberately relaxed their customer vetting procedures,” they confused greed with carelessness or wanted be sympathetic. The concern of Ronald regarding the identification of these authors is legitimate and should be a concern of those who want a clean internet. All Brazilian professional spammers appear in the WHOIS record with address and false phone. All, without exception. In whose interest is that situation? Without these data the victims of spammers feel helpless, they dont have one to turn to because the spam has not been criminalized. And in this dishonest environment the goal of ISPs is achieved by increasing the traffic on the Internet. Softlayer, IBM, Spamhaus, KrebsonSecurity são partes desse problema: http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/ I wrote:
Michele, you are certainly a clever and apparently competent person in your role…
Sander replied:
Marilson, I find this extremely inappropriate and even disgusting. Such personal attacks, insults and threats do not belong here (or anywhere else)
Michele, you are NOT a clever and apparently competent person in your role… Tell me Sander, did you kill today, some refugee child or kicked? BTW. I'm exceedingly serious too. And, as an architect, I dont design environments to injure, irritate or damage people as you do. Mr. Fox, your activity, your actions and the consequences on the population of our planet does not give you the right to be arrogant or pass moral lesson. In your position I would die of shame. Scott Richter is part of your roll of friends? Shame on you! Brian Nisbet, my dear, Now I Know, your words sound like a poem, but you died on May 04. My condolences! There is a moral to this dastardly deed I’ll tell you in just a smidgeon, to flying fish of all species take heed it’s a tale as old as the venerable Bede be ware of organised companions. No memories Marilson -----Mensagem Original----- From: anti-abuse-wg-request@ripe.net Sent: Tuesday, November 03, 2015 9:00 AM To: anti-abuse-wg@ripe.net Subject: anti-abuse-wg Digest, Vol 49, Issue 8 Send anti-abuse-wg mailing list submissions to anti-abuse-wg@ripe.net To subscribe or unsubscribe via the World Wide Web, visit https://www.ripe.net/mailman/listinfo/anti-abuse-wg or, via email, send a message with subject or body 'help' to anti-abuse-wg-request@ripe.net You can reach the person managing the list at anti-abuse-wg-owner@ripe.net When replying, please edit your Subject line so it is more specific than "Re: Contents of anti-abuse-wg digest..." Today's Topics: 1. Re: WHOIS (AS204224) (Sander Steffann) ---------------------------------------------------------------------- Message: 1 Date: Tue, 3 Nov 2015 11:48:50 +0100 From: Sander Steffann <sander@steffann.nl> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] WHOIS (AS204224) Message-ID: <7780CEC5-E3EF-444B-A734-8DE4DFB571EA@steffann.nl> Content-Type: text/plain; charset=us-ascii Hi Roland,
The old saying is "The best is the enemy of the good". Validation and/or verification of RIPE WHOIS data can be improved, even though any system which attempts to do so most probably cannot be made foolproof.
Ok
No. You're still thinking in terms of constructing an iron-clad and absolutely foolproof system that utterly prevents all fraud. I'm suggesting a system with vastly less ambitious goals, one which would simply check that the voice phone number for a given person or entity listed in the RIPE WHOIS db *isn't* simply disconnected, out-of-service, the number of a FAX machine, the number of a company or individual whose identity has been stolen, or the number of an unrelated brothel in Amsterdam. That alone would be a vast improvement over the current status quo, I think.
Agreed
Similarly, in the case of mailing addresses, either RIPE NCC or the LIRs could check the data base of one of the aforementioned service bureaus that serve that mailing industry, to see if the addresses in RIPE WHOIS records even exist. A clever crook will still put in the address of some vacant lot somewhere, or maybe his local meat market or police station, but at least we wouldn't be looking at "123 Galaxy St., Mars, The Universe" and such utter nonsense as that.
NASA is going to be so disappointed ;) But seriously: I agree
My apologies. I didn't mean to imply that accuracy of the RIPE DB is a mere detail. That accuracy has been the reason behind quite a few policies! I meant to say that policy doesn't contain implementation details. The way a policy is implemented is left to the RIPE NCC. The policy just says that contact information has to be up to date.
I want to understand. Are you saying that RIPE NCC could unilaterally just decide to start performing phone verification of contact points listed in the WHOIS data base?
It probably would need a mandate from its members to approve the extra budget for implementing those checks etc. But I don't see why they couldn't.
Even for amateur sleuths such as myself, every additional data point helps during an investigation. The example of AS204224 is illustrative. If I knew for certain that someone had positively validated the phone number when that AS has been assigned in July, then I would also know, almost to a moral certainty, that the company itself, and not some identity thief, was the party engaged in the recent routing hanky panky.
Understood
You are thinking about formal, government-held business records. I myself am not. Official government business records, when available, are helpful to investigations. But if they aren't available, then they aren't, and that's all there is to it. You work with what you have.
+1
OK. I promise not to attach too much value to a validated phone number. Seriously, I agree with you that checking the phone number isn't a panacea, but it's better than nothing.
Glad we're agreeing :)
I apologize. You are correct, That comment on my part was utterly uncalled for, and I would very much like to retract it.
Consider it retracted :)
But I hope that you understand my sensitivity.
I do. Sometimes when discussing difficult subjects the wording can get a bit too strong. I can deal with that, and I know you have good intentions. I now understand your ideas better, and understand that you are looking for a first step in improving the database accuracy. Not looking for a complete solution as I was :) I think we reached the point where we should ask the RIPE NCC on their opinion on this and to see what they think is doable. Cheers, Sander End of anti-abuse-wg Digest, Vol 49, Issue 8 ********************************************