abuse-contact is not going to fly unless we get all the legitimate players adopting it first
Like this for example - yes, not a formally defined abuse contact field, but they are so insistent that they should only receive spam reports at abuse@chello.pl Unfortunately - that address doesn't exist. If someone from Chello could please contact me about nigerians who keep abusing what is likely an open proxy at 89.70.30.128 I'd be obliged --srs (postmaster@lotuslive.com / AS27477 IBM Lotuslive) abuse@chello.pl SMTP error from remote mail server after RCPT TO:<abuse@chello.pl>: host smtp.upcpoczta.pl [213.46.255.2]: 550 5.1.1 <abuse@chello.pl> unknown recipient rejected route: 89.70.0.0/16 descr: UPC.pl origin: AS9141 remarks: Any abuse activities including, but not limited to spamming, remarks: hacking and intrusion attempts coming from chello.pl address remarks: space shall be reported ONLY to: remarks: remarks: abuse@chello.pl remarks: remarks: Any reports sent to any other e-mail addresses may be treated remarks: as SPAM itself and followed by legal actions remarks: against originator mnt-by: AS6830-MNT source: RIPE # Filtered -- Suresh Ramasubramanian (ops.lists@gmail.com)
Suresh Ramasubramanian wrote: Hi Suresh, in fact chello is one of the biggest ISPs in the RIPE region that deliberately have no working abuse contacts. We have about 15 reports daily to them, here some proof that they are ALL not working. Apr 19 21:04:36 service sendmail[13239]: q3JJ3Z0P013224: to=<abuse@chello.pl>, ctladdr=<root@service.berlin5.powerweb.de> (0/0), delay=00:01:01, xdelay=00:01:00, mailer=esmtp, pri=30606, relay=smtp.chello.pl. [213.46.255.2], dsn=4.0.0, stat=Deferred: Connection timed out with smtp.chello.pl. Apr 21 14:31:26 service sendmail[19644]: q3LCVQ0O019644: to=<noreply@upcnet.ro>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=32566, relay=mgate.chello.at. [213.46.255.2], dsn=5.1.1, stat=User unknown Apr 9 17:23:55 service sendmail[20651]: q39FNr0P020643: to=<abuse@chello.ie>, ctladdr=<root@service.berlin5.powerweb.de> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=30603, relay=chello.ie, dsn=5.1.2, stat=Host unknown (Name server: chello.ie: no data known) Apr 11 19:24:28 service sendmail[28775]: q3BHNQ0P028733: to=<abuse@chello.fr>, ctladdr=<root@service.berlin5.powerweb.de> (0/0), delay=00:01:01, xdelay=00:01:00, mailer=esmtp, pri=30607, relay=chello.fr. [216.8.179.25], dsn=4.0.0, stat=Deferred: Connection timed out with chello.fr. Apr 4 22:03:49 service sendmail[7941]: q34K3l0P007914: to=<abuse@chello.sk>, ctladdr=<root@service.berlin5.powerweb.de> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=esmtp, pri=30605, relay=mail.chello.sk. [213.46.255.2], dsn=5.1.1, stat=User unknown BTW: asking the maintainer did surely never help ... Kind regards, Frank
Like this for example - yes, not a formally defined abuse contact field, but they are so insistent that they should only receive spam reports at abuse@chello.pl
Unfortunately - that address doesn't exist. If someone from Chello could please contact me about nigerians who keep abusing what is likely an open proxy at 89.70.30.128 I'd be obliged
--srs (postmaster@lotuslive.com / AS27477 IBM Lotuslive)
abuse@chello.pl SMTP error from remote mail server after RCPT TO:<abuse@chello.pl>: host smtp.upcpoczta.pl [213.46.255.2]: 550 5.1.1<abuse@chello.pl> unknown recipient rejected
route: 89.70.0.0/16 descr: UPC.pl origin: AS9141 remarks: Any abuse activities including, but not limited to spamming, remarks: hacking and intrusion attempts coming from chello.pl address remarks: space shall be reported ONLY to: remarks: remarks: abuse@chello.pl remarks: remarks: Any reports sent to any other e-mail addresses may be treated remarks: as SPAM itself and followed by legal actions remarks: against originator mnt-by: AS6830-MNT source: RIPE # Filtered
-- Mit freundlichen Gruessen, -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
Hi Suresh, As you know, the domain "chello.pl" is owned by UPC Broadband Operations B.V. Since their abuse address does not work, you may want to contact their main contact: hostmaster@chello.at And if that address fails, try contacting EPAG Domainservices GmbH "support@epag.de" which hosts "chello.pl" domain. Interestingly, the domain "chello.pl" would lead you to "upc.pl" which is registered by NASK in Poland. ul. Wawozowa 18 02-796 Warszawa Polska/Poland +48.22 3808300 info@dns.pl -------- To deal with Nigerians spammers, please send a copy of the Spam to these addresses as well: - vdventera@saps.org.za - hq.commercial@saps.org.za - 419scam@saps.org.za ++++ Thank you, Reza Farzan rezaf@mindspring.com
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of Suresh Ramasubramanian Sent: Sunday, April 22, 2012 11:25 AM To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] abuse-contact is not going to fly unless we get all the legitimate players adopting it first
Like this for example - yes, not a formally defined abuse contact field, but they are so insistent that they should only receive spam reports at abuse@chello.pl
Unfortunately - that address doesn't exist. If someone from Chello could please contact me about Nigerians who keep abusing what is likely an open proxy at 89.70.30.128 I'd be obliged
--srs (postmaster@lotuslive.com / AS27477 IBM Lotuslive)
abuse@chello.pl SMTP error from remote mail server after RCPT TO:<abuse@chello.pl>: host smtp.upcpoczta.pl [213.46.255.2]: 550 5.1.1 <abuse@chello.pl> unknown recipient rejected
route: 89.70.0.0/16 descr: UPC.pl origin: AS9141 remarks: Any abuse activities including, but not limited to spamming, remarks: hacking and intrusion attempts coming from chello.pl address remarks: space shall be reported ONLY to: remarks: remarks: abuse@chello.pl remarks: remarks: Any reports sent to any other e-mail addresses may be treated remarks: as SPAM itself and followed by legal actions remarks: against originator mnt-by: AS6830-MNT source: RIPE # Filtered
-- Suresh Ramasubramanian (ops.lists@gmail.com)
======= Email scanned by PC Tools - No viruses or spyware found. (Email Guard: 9.0.0.888, Virus/Spyware Database: 6.19610) http://www.pctools.com/ =======
Of course. But as they are careful enough to inform people through their whois that they will reject reports going to these other addresses .. On Sun, Apr 22, 2012 at 9:53 PM, Reza Farzan <rezaf@mindspring.com> wrote:
As you know, the domain "chello.pl" is owned by UPC Broadband Operations B.V.
Since their abuse address does not work, you may want to contact their main contact: hostmaster@chello.at
And if that address fails, try contacting EPAG Domainservices GmbH "support@epag.de" which hosts "chello.pl" domain.
Interestingly, the domain "chello.pl" would lead you to "upc.pl" which is registered by NASK in Poland.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Sun, Apr 22, 2012 at 10:04 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Of course. But as they are careful enough to inform people through their whois that they will reject reports going to these other addresses ..
This is amazing. So reza had cc'd hostmaster@chello.at in his email - and I hit reply all. Now - it seems they don't seem to accept email at their hostmaster address either. [cc to chello.at removed] Your message was not delivered within 2 days and 0 hours. Host surf0n.vienna.chello.at is not responding. The following recipients did not receive this message: <hostmaster@surf0n.vienna.chello.at> Please reply to <Postmaster@chello.at> if you feel this message to be in error. Original-Recipient: RFC822;<hostmaster@chello.at> Final-Recipient: RFC822; <hostmaster@chello.at> Action: failed Status: 4.4.7 Remote-MTA: dns; surf0n.vienna.chello.at X-Actual-Recipient: RFC822; <hostmaster@surf0n.vienna.chello.at> -- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, Apr 25, 2012 at 07:53:45AM +0530, Suresh Ramasubramanian wrote:
On Sun, Apr 22, 2012 at 10:04 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote:
Of course. But as they are careful enough to inform people through their whois that they will reject reports going to these other addresses ..
This is amazing. So reza had cc'd hostmaster@chello.at in his email - and I hit reply all. Now - it seems they don't seem to accept email at their hostmaster address either.
[cc to chello.at removed]
Have you tried abuse@upc.com.pl? Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl
On Wed, Apr 25, 2012 at 11:59:45AM +0530, Suresh Ramasubramanian wrote:
On Wed, Apr 25, 2012 at 11:36 AM, Piotr Strzyzewski <Piotr.Strzyzewski@polsl.pl> wrote:
[cc to chello.at removed]
Have you tried abuse@upc.com.pl?
The polish UPC for abuse issues at their austrian division? Does that work?
I have no idea. I have found this in less specific inetnum object: inetnum: 89.67.0.0 - 89.74.255.255 netname: UPC-PL descr: UPC Polska Sp. z o.o. descr: CPE Customers PL country: PL admin-c: UP94-RIPE tech-c: HMCB1-RIPE status: ASSIGNED PA remarks: Contact abuse@upc.com.pl concerning criminal remarks: activities like spam, hacks, portscans mnt-by: CHELLO-MNT changed: hostmaster@chello.at 20110124 changed: hostmaster@chello.at 20110330 source: RIPE Piotr -- gucio -> Piotr Strzyżewski E-mail: Piotr.Strzyzewski@polsl.pl
Given that frank gadegast posted something about like 15 of their abuse addresses not working .. thank you but no thanks, I'll take a raincheck :) On Wed, Apr 25, 2012 at 12:06 PM, Piotr Strzyzewski <Piotr.Strzyzewski@polsl.pl> wrote:
I have no idea. I have found this in less specific inetnum object:
inetnum: 89.67.0.0 - 89.74.255.255 netname: UPC-PL descr: UPC Polska Sp. z o.o.
-- Suresh Ramasubramanian (ops.lists@gmail.com)
-----Original Message----- From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg- bounces@ripe.net] On Behalf Of Suresh Ramasubramanian Sent: Wednesday, April 25, 2012 5:24 AM To: rezaf@mindspring.com Cc: anti-abuse-wg@ripe.net
Of course. But as they are careful enough to inform people
On Sun, Apr 22, 2012 at 10:04 PM, Suresh Ramasubramanian <ops.lists@gmail.com> wrote: through
their whois that they will reject reports going to these other addresses ..
This is amazing. So reza had cc'd hostmaster@chello.at in his email - and I hit reply all. Now - it seems they don't seem to accept email at their hostmaster address either.
Original-Recipient: RFC822;<hostmaster@chello.at> Final-Recipient: RFC822; <hostmaster@chello.at> Action: failed Status: 4.4.7 Remote-MTA: dns; surf0n.vienna.chello.at X-Actual-Recipient: RFC822; <hostmaster@surf0n.vienna.chello.at>
Having a working abuse address is but a technicality. All mail sent to the address could still be handled by Mr Null. Another possible approach is this one: Final-Recipient: RFC822; abuse@romtelecom.ro Action: failed Status: 5.0.0 Remote-MTA: DNS; it11.romtelecom.ro Diagnostic-Code: SMTP; 554 rejected due to spam content Last-Attempt-Date: Mon, 23 Apr 2012 18:07:50 +0300 Even if the RIPE NCC would check abuse addresses by sending some kind of challenges, those messages might not trigger the spam filter of the Romanians, instead returning an OK result. Black hat providers will always ignore abuse reports (or use them to improve their spam lists), so having an abuse address that works on the SMTP level is just a beginning, useless on its own. -- Thor Kottelin http://www.anta.net/
Thor Kottelin wrote:
Having a working abuse address is but a technicality. All mail sent to the address could still be handled by Mr Null. Another possible approach is this one:
Again, technical validation is no cure against ISPs that do not want to receive abuse reports, its a cure against contacts that are forgotten and wrong by accident or even mailservers with problems that are unrecognized by the ISP. Surely you cannot force any member to work against abuse, but we can improve the accuracy of the contacts of those, that do like it. BTW: we had this problem with Kabeldeutschland lately, they updated their contacts now and receive reports again and really do something against abuse again. This was just an mistake of the ISP (they did not recognized by weeks). The manual work to get in contact with Kabeldeutschland was really complicated and intense, it would be helpful, if RIPE NCC would have a technical validation, simply because they have better ways to contact their members, and their members probably listen to RIPE NCC quicker than to any complainant. Kind regards, Frank
Final-Recipient: RFC822; abuse@romtelecom.ro Action: failed Status: 5.0.0 Remote-MTA: DNS; it11.romtelecom.ro Diagnostic-Code: SMTP; 554 rejected due to spam content Last-Attempt-Date: Mon, 23 Apr 2012 18:07:50 +0300
Even if the RIPE NCC would check abuse addresses by sending some kind of challenges, those messages might not trigger the spam filter of the Romanians, instead returning an OK result.
Black hat providers will always ignore abuse reports (or use them to improve their spam lists), so having an abuse address that works on the SMTP level is just a beginning, useless on its own.
-- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
hi! On 04/25/2012 10:33 AM, Frank Gadegast wrote:
Surely you cannot force any member to work against abuse, but we can improve the accuracy of the contacts of those, that do like it. [...] was really complicated and intense, it would be helpful, if RIPE NCC would have a technical validation, simply because they have better ways to contact their members, and their members probably listen to RIPE NCC quicker than to any complainant.
i sense some dissonance here. anyway. if you wish to check objects for a form you don't like (like 'no optional email attribute') and subsequently inform the responsible person of what you think about your findings - i don't see what stops you. if you just walk up to me and tell me i have to do it for you - well: no, you can do that yourself. regards, Chris
Chris wrote:
hi!
Oh Chris ...
On 04/25/2012 10:33 AM, Frank Gadegast wrote:
Surely you cannot force any member to work against abuse, but we can improve the accuracy of the contacts of those, that do like it. [...] was really complicated and intense, it would be helpful, if RIPE NCC would have a technical validation, simply because they have better ways to contact their members, and their members probably listen to RIPE NCC quicker than to any complainant.
i sense some dissonance here.
Sure, because their mistake made it nearly impossible to reach them (remember: they finally DID update it, so they WANTED a working contact) anmd RIPE NCC and the new form were simply NO help at all. We accived the final contact of a peering contact we had (so: from a different source !) The current quality of the DB seems to depend on the abused ones instead of the publisher or the maintainer of the DB. I call this bananaware (getting ripe at the customer) ... The majority of the members DO like correct abuse contacts (at least to our expirience) and DO something against abuse from their networks, but surely make mistakes. Do you not think, that they would appriciate a system to raise the quality of their objects ? Well, I do.
anyway.
if you wish to check objects for a form you don't like (like 'no optional email attribute') and subsequently inform the responsible person of what you think about your findings - i don't see what stops you. if you just walk up to me and tell me i have to do it for you - well: no, you can do that yourself.
Just in your case: I will fix your records to our needs, simply send me your maintainer password ;o) Kind regards, Frank
regards,
Chris
-- This message has been scanned by Kaspersky Anti-Virus. For more information about data security please visit http://www.kaspersky.com and http://www.viruslist.com
-- Mit freundlichen Gruessen, -- MOTD: "have you enabled SSL on a website or mailbox today ?" -- PHADE Software - PowerWeb http://www.powerweb.de Inh. Dipl.-Inform. Frank Gadegast mailto:frank@powerweb.de Schinkelstrasse 17 fon: +49 33200 52920 14558 Nuthetal OT Rehbruecke, Germany fax: +49 33200 52921 ======================================================================
On Sun, Apr 22, 2012 at 12:23:18PM -0400, Reza Farzan wrote: All,
Interestingly, the domain "chello.pl" would lead you to "upc.pl" which is registered by NASK in Poland.
In case no contact could be established here, did anyone try to contact NASK-CERT (cert.pl) on this? Bye, Adrian
The fun part here is - that disclaimer in the whois says "any email sent to contacts other than abuse@ will be treated as spam and may expose the sender to legal action" They just said the magic words where I, as an employee, must then step back and NOT do that - because, remote though the chance is that they're going to sue IBM because I reported spam to another address as their abuse address is non functional, I cannot and will not run the risk of exposing my employer to any litigation. --srs On Wed, Apr 25, 2012 at 4:47 PM, Adrian <ripe-wg-antiabuse@kyubu.de> wrote:
Interestingly, the domain "chello.pl" would lead you to "upc.pl" which is registered by NASK in Poland.
In case no contact could be established here, did anyone try to contact NASK-CERT (cert.pl) on this?
-- Suresh Ramasubramanian (ops.lists@gmail.com)
On Wed, Apr 25, 2012 at 05:00:54PM +0530, Suresh Ramasubramanian wrote: Suresh,
The fun part here is - that disclaimer in the whois says "any email sent to contacts other than abuse@ will be treated as spam and may expose the sender to legal action"
They just said the magic words where I, as an employee, must then step back and NOT do that - because, remote though the chance is that they're going to sue IBM because I reported spam to another address as their abuse address is non functional, I cannot and will not run the risk of exposing my employer to any litigation.
There is no need to contact chello.pl. :) Adrian
participants (7)
-
Adrian -
Chris -
Frank Gadegast -
Piotr Strzyzewski -
Reza Farzan -
Suresh Ramasubramanian -
Thor Kottelin