What to do when "abuse" email address does not work?
I have found that many "abuse" email addresses indicated in WHOIS databases actually are fake e-addresses. One of them is gestionip@TELEFONICA.NET.PE (because my company has received many many spams originated from its network so I wrote a spam complaint to this e-address but the mail was rejected for non-existent mailbox!) What can we do in this case? Thanks
Try to find the abuse email of the ASN. If that one doesn't work either check their website and PeeringDB for one. If that fails as well use their normal contact method. If that fails as well there is nothing you can do. On Thu, Aug 16, 2018, 2:26 PM Badguys Killer <badguyskiller@gmail.com> wrote:
I have found that many "abuse" email addresses indicated in WHOIS databases actually are fake e-addresses.
One of them is gestionip@TELEFONICA.NET.PE (because my company has received many many spams originated from its network so I wrote a spam complaint to this e-address but the mail was rejected for non-existent mailbox!)
What can we do in this case?
Thanks
On 2018-08-16 14:25, Badguys Killer wrote:
I have found that many "abuse" email addresses indicated in WHOIS databases actually are fake e-addresses.
One of them is gestionip@TELEFONICA.NET.PE <mailto:gestionip@TELEFONICA.NET.PE> (because my company has received many many spams originated from its network so I wrote a spam complaint to this e-address but the mail was rejected for non-existent mailbox!)
What can we do in this case?
Thanks
$ whois -h whois.ripe.net -- "-B -G -r -i abuse-mailbox gestionip@TELEFONICA.NET.PE" % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf %ERROR:101: no entries found % % No entries found in source RIPE. % This query was served by the RIPE Database Query Service version 1.91.2 (BLAARKOP) -- Bengt Gördén Resilans AB
Hi, Peru is from the LACNIC service region... You might want to check "whois -h whois.lacnic.net GRT2" and https://stat.ripe.net/as6147#tabId=at-a-glance As a last resort you can also try LACNIC mailing lists (at https://mail.lacnic.net/) ps: While <badguyskiller@gmail.com> is not really a "fake e-address", it also is a way to hide an identity... :-) Regards, Carlos On Thu, 16 Aug 2018, Bengt Gördén wrote:
On 2018-08-16 14:25, Badguys Killer wrote: I have found that many "abuse" email addresses indicated in WHOIS databases actually are fake e-addresses.
One of them is gestionip@TELEFONICA.NET.PE (because my company has received many many spams originated from its network so I wrote a spam complaint to this e-address but the mail was rejected for non-existent mailbox!)
What can we do in this case?
Thanks
$ whois -h whois.ripe.net -- "-B -G -r -i abuse-mailbox gestionip@TELEFONICA.NET.PE"
% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
%ERROR:101: no entries found % % No entries found in source RIPE.
% This query was served by the RIPE Database Query Service version 1.91.2 (BLAARKOP)
--
Bengt Gördén Resilans AB
If the goal here is purely that of reaching a valid contact in this particular case (in contrast with that of following a clean methodology) you can find more email addresses to try in https://www.first.org/members/teams/teris https://issuu.com/alverick/docs/seguridad_gestionada_ http://www.gobiernodigital.gob.pe/capacitaciones/Programas_docu/29/Programa_... but it's hard to say whether TERIS is still alive. From the status of https://www.facebook.com/TERIS-TdP-118964518133860/ it looks like life abandoned it eight years ago. Traditionally it has always been extremely hard to reach this ISP's Abuse Desk, and it should be safe to say that this structure is probably severely understaffed. furio On Thu, Aug 16, 2018 at 10:05:17PM +0100, Carlos Friaças wrote:
Hi,
Peru is from the LACNIC service region...
You might want to check "whois -h whois.lacnic.net GRT2"
and
https://stat.ripe.net/as6147#tabId=at-a-glance
As a last resort you can also try LACNIC mailing lists (at https://mail.lacnic.net/)
ps: While <badguyskiller@gmail.com> is not really a "fake e-address", it also is a way to hide an identity... :-)
Regards, Carlos
On Thu, 16 Aug 2018, Bengt Gördén wrote:
On 2018-08-16 14:25, Badguys Killer wrote: I have found that many "abuse" email addresses indicated in WHOIS databases actually are fake e-addresses.
One of them is gestionip@TELEFONICA.NET.PE (because my company has received many many spams originated from its network so I wrote a spam complaint to this e-address but the mail was rejected for non-existent mailbox!)
What can we do in this case?
Thanks
$ whois -h whois.ripe.net -- "-B -G -r -i abuse-mailbox gestionip@TELEFONICA.NET.PE"
% This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf
%ERROR:101: no entries found % % No entries found in source RIPE.
% This query was served by the RIPE Database Query Service version 1.91.2 (BLAARKOP)
--
Bengt Gördén Resilans AB
In article <alpine.LRH.2.21.1808162156240.1022@gauntlet.corp.fccn.pt> you write:
One of them is gestionip@TELEFONICA.NET.PE (because my company has received many many spams originated from its network so I wrote a spam complaint to this e-address but the mail was rejected for non-existent mailbox!)
My notes at abuse.net suggest these two addressses: abuse@telefonica.com.pe (for telefonica.net.pe) teris@tp.com.pe (for telefonica.net.pe)
To reply to this discussion in order to close it correctly: I have received an email from RIPE NCC Support who suggested me to send an email to top hostmaster@lacnic.net I think that's what I'm going to do. My purpose is not only to report spam abuse, but also to make sure that every ISP are doing their job correctly and comply to standard. Thanks to everyone who has replied to my email :) Happy New Year, by the way On Fri, Aug 17, 2018 at 7:38 AM John Levine <johnl@iecc.com> wrote:
In article <alpine.LRH.2.21.1808162156240.1022@gauntlet.corp.fccn.pt> you write:
One of them is gestionip@TELEFONICA.NET.PE (because my company has received many many spams originated from its network so I wrote a spam complaint to this e-address but the mail was rejected for non-existent mailbox!)
My notes at abuse.net suggest these two addressses:
abuse@telefonica.com.pe (for telefonica.net.pe) teris@tp.com.pe (for telefonica.net.pe)
participants (6)
-
Badguys Killer -
Bengt Gördén -
Carlos Friaças -
furio ercolessi -
John Levine -
Matthias Merkel