Hi, I am not sure this mailing list is still active, the latest archived mail dates back from over a year ago. I have 3 questions for this mailing list: 1) Does RIPE or other registrars impose antispam fighting measures or a code of conduct to the ISPs or telcos it allocates IP ranges to? For instance, do these registrar customers specifically sign an agreement never to post spam themselves. Do they also sign an agreement to terminate IP sub-allocation or contract with their own customers who are using their IP addresses to post spam? 2) If there is such measures, how does RIPE enforce them? 3) What does RIPE intends to do about Ukrtelecom, who is alone responsible for hundreds of thousands of daily spam posts in discussion forums and BBSs? According to the people in stopforumspam.com, every single post emanating from ukrtelecom is spam, there is not a single genuine user from that telco. How can RIPE allocate hundreds of separate IP ranges to this single telco, especially if it is only a support for spam, not a telco at all. When querying the RIPE database for ukrtelecom, it returns 300 IP ranges, but that's only because the web site is limited to 300 answers. I'd like to see the whole list in order to ban it all from my forum, even if it means banning genuine users from Ukraine. And of course, when I say ukrtelecom is a spammer site, I really means it is a mafia site that makes millions of dollars every month in illegal activities, selling dangerous fake medicines such as viagra or tamiflu. In these times of IP addresses shortening, it would make a lot more IPs available if the registrars would cancel IP allocation from the customers who break the antispam rules. Thanks, Chimel. By the way, a BBS seems to be a more adequate way than a mailing list to handle this kind of discussion. Just my 2 cents. _________________________________________________________________ A la recherche de bons plans pour une rentrée pas chère ? Bing ! Trouvez ! http://www.bing.com/search?q=bons+plans+rentr%C3%A9e&form=MVDE6
* Chimel Chimel:
1) Does RIPE or other registrars impose antispam fighting measures or a code of conduct to the ISPs or telcos it allocates IP ranges to?
No, not that I know.
For instance, do these registrar customers specifically sign an agreement never to post spam themselves. Do they also sign an agreement to terminate IP sub-allocation or contract with their own customers who are using their IP addresses to post spam?
No, surely not. That would be poor service. You don't want to lose your IP resources just because your infrastructure has been compromised. 8-(
2) If there is such measures, how does RIPE enforce them?
There is no enforcement.
3) What does RIPE intends to do about Ukrtelecom, who is alone responsible for hundreds of thousands of daily spam posts in discussion forums and BBSs?
Well ...
According to the people in stopforumspam.com, every single post emanating from ukrtelecom is spam, there is not a single genuine user from that telco.
... so you should be lucky that it's so easy to filter that type of spam. If you shut down netblocks, the badness just spreads far and wide and gets more difficult to track. Of course, if the activity is indeed illegal, it should be stopped. One problem we face is that a lot of questionable practices (DNS poisoning, injecting pop-ups with ads, installing software on PCs without informed consent) are also carried out by obviously legitimate businesses, so it's often difficult to convince a prosecutor that it's illegal. On top of that, many legal scholars claim that in the EU, once you say the magic word, "telco", you are no longer responsible for the traffic you handle, much like anyone could seek asylum in Germany (until we got rid of this constitutional guarantee in the 90s, which was rather disappointing because nothing expresses your national wealth better than an almost unconditional willingness to share it). This blanket liability exemption is the root of the problem, and it is pretty much unique to the telco sector, at least in its generality. It has to go.
I'd like to see the whole list in order to ban it all from my forum, even if it means banning genuine users from Ukraine.
The relevant parts of the RIPE database is available from ftp.ripe.net. In the past, I've generated anti-abuse ACLs from mnt-by handles, which was surprisingly effective. Using BGP might help as well. -- Florian Weimer <fweimer@bfk.de> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Hi, I'm going to be repeating some of what Florian said, but hopefully not all! Chimel Chimel wrote the following on 20/10/2009 22:10:
Hi,
I am not sure this mailing list is still active, the latest archived mail dates back from over a year ago.
The Anti-Spam WG became the Anti-Abuse WG in or around a year ago. The Anti-Abuse WG mailing list is definitely active.
I have 3 questions for this mailing list:
1) Does RIPE or other registrars impose antispam fighting measures or a code of conduct to the ISPs or telcos it allocates IP ranges to? For instance, do these registrar customers specifically sign an agreement never to post spam themselves. Do they also sign an agreement to terminate IP sub-allocation or contract with their own customers who are using their IP addresses to post spam?
There is an existing RIPE document, RIPE-409, Good Practice in Minimising E-mail Abuse, which is a BCP document written for ISPs. This is not a code of conduct, per se, not is it imposed, but it is what the RIPE community thinks a good Internet citizen should do. There is no specific agreement signed as part of becoming a member. So, really, the answer is no, but the BCP document does exist and it will be expanded shortly.
2) If there is such measures, how does RIPE enforce them?
The RIPE NCC do not police their members activities in this way. There was some information given as part of the NCC Services WG session at RIPE 59 discussing the circumstances in which the NCC would close a registry and also the limitations inherent in the actions the NCC can take in this regard.
3) What does RIPE intends to do about Ukrtelecom, who is alone responsible for hundreds of thousands of daily spam posts in discussion forums and BBSs?
If you are asking what does the RIPE NCC plan to do about individual ISPs or members, then you should direct your questions to them, rather than to this WG, which is part of the RIPE community, not the NCC. This is an important difference. Florian's answer to this point covers it well, these things are often not as straightforward as they are painted. If this ISP is breaking the law in the Ukraine, then it should be dealt with by the local law enforcement there. The RIPE NCC, as mentioned, is limited in the reasons it has to close a member, such as non-payment of fees or breach of contract, and even if they did shut a member down, this does not stop that member from continuing to use the resourses. There is no kill switch. If you feel that the NCC should have more/different powers in this area, then it is up to the community to create a policy that will get consensus. However, registries are not the Internet police, this is an important point to remember. Regards, Brian Co-Chair, RIPE AA-WG
On Wed, 21 Oct 2009 13:06:13 +0100, Brian Nisbet wrote:
However, registries are not the Internet police, this is an important point to remember.
Precisely; you cannot curb anti-social behavior without rapid and ultimately terminal penalties; this is the way of the world; the Internet will remain lawless and spam will continue to increase until the same lessons applied in every other domain of human activity are brought to be bear on the Internet, by e.g RIPE and ICANN. As you say, it's your choice. It's all in <http://www.camblab.com/misc/univ_std.txt> based on <http://www.camblab.com/nugget/spam_03.pdf>
Hello, I use to report spam to the spam abuse mailboxes which are defined by the whois database. However, I'm always encountering the below issues: - the mailbox domain isn't valid - the mailbox is full - the mailbox doesn't exist Who can I contact in order to ensure the Whois database is tidied up. I tried to reach the top registry of the domain (-l whois option). However nobody is fixing those reference databases ! Could we possibly disconnect the network which aren't tidying their whois records ? Regards.
On 21 Oct 2009, at 17:25, Jérôme Bouat wrote:
Hello,
I use to report spam to the spam abuse mailboxes which are defined by the whois database.
Which one??
However, I'm always encountering the below issues: - the mailbox domain isn't valid - the mailbox is full - the mailbox doesn't exist
Who can I contact in order to ensure the Whois database is tidied up.
I tried to reach the top registry of the domain (-l whois option).
However nobody is fixing those reference databases !
Could we possibly disconnect the network which aren't tidying their whois records ?
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Hi,
I use to report spam to the spam abuse mailboxes which are defined by the whois database.
Which one??
Good question. We (abusix) are trying to get a new Best Practice done. Please have a look at the attachment. That's a first draft to get a standardized place for abuse addresses. Once this is done and accepted as a best practice we could take the next step and try to get it mandatory and lets see what will happen than.
However, I'm always encountering the below issues: - the mailbox domain isn't valid - the mailbox is full - the mailbox doesn't exist
http://abusix.org/services/abuse-contact-db Could be interesting for you. ;-)
Who can I contact in order to ensure the Whois database is tidied up.
I tried to reach the top registry of the domain (-l whois option).
However nobody is fixing those reference databases !
Could we possibly disconnect the network which aren't tidying their whois records ?
We had some good effort by doing the global reporting thing. Possibly you wanna join us and report your stuff globally. If you need helpor some scripts for ARF reporting. Let me know. Whatever you do to move RIPE and those members, let us know. We will support you. Thanks, Tobias -- abusix.org
On 22 Oct 2009, at 00:01, Tobias Knecht wrote:
Hi,
I use to report spam to the spam abuse mailboxes which are defined by the whois database.
Which one??
Good question. We (abusix) are trying to get a new Best Practice done.
Please have a look at the attachment. That's a first draft to get a standardized place for abuse addresses. Once this is done and accepted as a best practice we could take the next step and try to get it mandatory and lets see what will happen than.
Does that address the question posed though? ie. which whois database
However, I'm always encountering the below issues: - the mailbox domain isn't valid - the mailbox is full - the mailbox doesn't exist
http://abusix.org/services/abuse-contact-db
Could be interesting for you. ;-)
Who can I contact in order to ensure the Whois database is tidied up.
I tried to reach the top registry of the domain (-l whois option).
However nobody is fixing those reference databases !
Could we possibly disconnect the network which aren't tidying their whois records ?
We had some good effort by doing the global reporting thing. Possibly you wanna join us and report your stuff globally. If you need helpor some scripts for ARF reporting. Let me know.
Oh how I hate those things! I'm sick to death of our abuse desk being flooded with reports about mailscanner.info Please tell me you've whitelisted it!
Whatever you do to move RIPE and those members, let us know. We will support you.
Spam and abuse (in general) are global problems.
Thanks,
Tobias
-- abusix.org <draft-irt-ripe.pdf>
Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel Intl. +353 (0) 59 9183072 US: 213-233-1612 UK: 0844 484 9361 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
Tobias, On 21/10/2009 4:01, "Tobias Knecht" <knut@abusix.org> wrote: [...]
http://abusix.org/services/abuse-contact-db
Could be interesting for you. ;-)
Did you get permission from the RIPE NCC to re-package the RIPE database data? See Article 4, clause 5: http://www.ripe.net/db/support/db-terms-conditions.pdf Regards, Leo
I don't see how it is different from a standardized whois entry like the "abuse-mailbox" whois records. I think that the databases already exist (the whois database was designed for that). The problem is that they aren't maintained. We need resources in order to kick the invalid whois records and possibly cut/slowdown/harm the bad networks in case of lack of admin.
2009/10/22 Tobias Knecht <knut@abusix.org>
http://abusix.org/services/abuse-contact-db
Could be interesting for you. ;-)
Another good resource would be http://abuse.net/using.phtml <soapbox on> I really hate this fragmentation of anti-spam effort, like we had over abundance of volunteers and time. Unfortunately there is nothing I can do about it. </soapbox off> esa
Tobias,
I use to report spam to the spam abuse mailboxes which are defined by the whois database. Which one??
Good question. We (abusix) are trying to get a new Best Practice done.
Please have a look at the attachment. That's a first draft to get a standardized place for abuse addresses. Once this is done and accepted as a best practice we could take the next step and try to get it mandatory and lets see what will happen than.
I'm not sure if there is any disagreement amongst the community that the best practice is to have clearly marked abuse contact information. However, with this agreement in mind, what do you consider the benchmark of having your best practice suggestions formally accepted, by your standards?
Who can I contact in order to ensure the Whois database is tidied up.
I tried to reach the top registry of the domain (-l whois option).
However nobody is fixing those reference databases !
Could we possibly disconnect the network which aren't tidying their whois records ?
We had some good effort by doing the global reporting thing. Possibly you wanna join us and report your stuff globally. If you need helpor some scripts for ARF reporting. Let me know.
I should note at this point that there was no voices raised in support of abusix's manner of reporting at the WG session in Lisbon. While obviously there are those who do support your methodology, I would contend that this support is not community wide. Tobias, to be honest, I'm not sure what the victory conditions are for your feelings on abuse mailboxes/contacts. I don't think anyone is arguing (or certainly not here) that they are useful and should be properly in place, but I'm not at all sure you will receive backing to make them mandatory. However, we'll never find that out until a policy is proposed to the RIPE community. Regards, Brian.
Which one??
It depends on the origin: http://www.afrinic.net/cgi-bin/whois https://ws.arin.net/whois http://lacnic.net/cgi-bin/lacnic/whois?lg=EN http://www.db.ripe.net/whois http://wq.apnic.net/apnic-bin/whois.pl I think it would be easier to have 1 only big whois primary source which may be replicated in each continent.
I can add a #4, Jérôme: - The abuse mailbox does not answer or acknowledge the spam report mail Happened several times when I asked Israel NV-Hosen_Stones if they were aware that spam came from their IP range. I have now blocked their whole IP range from our forum, since I consider that not answering spam reports is equivalent to actively supporting spam. That might block genuine users, but since our forum is addictive, that will hopefully force our members to change ISP and support clean ones. ;-)
From: jerome.bouat@wanadoo.fr To: anti-abuse-wg@ripe.net Subject: [anti-abuse-wg] Whois database accuracy Date: Wed, 21 Oct 2009 18:25:46 +0200
Hello,
I use to report spam to the spam abuse mailboxes which are defined by the whois database.
However, I'm always encountering the below issues: - the mailbox domain isn't valid - the mailbox is full - the mailbox doesn't exist
Who can I contact in order to ensure the Whois database is tidied up.
I tried to reach the top registry of the domain (-l whois option).
However nobody is fixing those reference databases !
Could we possibly disconnect the network which aren't tidying their whois records ?
Regards.
_________________________________________________________________ Nouveau ! Tout Windows débarque dans votre téléphone. Voir les Windows phone http://clk.atdmt.com/FRM/go/175819071/direct/01/
On Oct 22, 2009, at 1:54 AM, Chimel Chimel wrote:
I can add a #4, Jérôme:
- The abuse mailbox does not answer or acknowledge the spam report mail
Happened several times when I asked Israel NV-Hosen_Stones if they were aware that spam came from their IP range. I have now blocked their whole IP range from our forum, since I consider that not answering spam reports is equivalent to actively supporting spam. That might block genuine users, but since our forum is addictive, that will hopefully force our members to change ISP and support clean ones. ;-)
exactly the right(Tm) action to do. ( blocking abusive ISP's and have their users to take their money elsewhere) ====================================================== Peter Håkanson Phone +46707328101 Fax +4631223190 IPSec sverige Email peter@ipsec.se "Safe by design" Address Bror Nilssons gata 16 Lundbystrand S-417 55 Gothenburg Sweden
On Wed, 21 Oct 2009 Jerome Bouat <jerome.bouat@wanadoo.fr> wrote:
Could we possibly disconnect the network which aren't tidying their whois records ?
To amplify one of Brian's points: The problem there is that WE (which for the purposes of this discussion only, would include RIPE NCC) can't disconnect anybody. You've made an invalid assumption which - frankly - I also made for many years, until the full reality of the situation dawned on me. The only people who can disconnect a network are its peers and upstreams. To a large extent that means that if any of the backbone networks agrees to accept the traffic, the network stays connected. If ALL the backbone networks agree not to accept traffic from block owners that do not have (or do not answer) valid abuse etc addresses, then we would have a way forward. It only takes one such backbone network to carry the traffic and the problem remains. And experience tells us that there will be one. RIPE and other RIRs allocate IP ranges and ASNs. Although there is a routing database, that does NOT actually control the routing. All that RIPE NCC controls, is the entitlement to use the numbers, and the reverse DNS delegations. Now, if the RIPE NCC were to recover a block allocation or ASN because the WHOIS data was bad, or the network would not deal with abuse issues reported (and by the way I am not advocating that as a policy) those addresses and ASN could continue to be used. All that would happen would be that rDNS would stop working, and there would no longer be any visible track of who was running that network. In an ideal world the upstreams would stop routing the traffic as soon as they became aware of the situation. That's very far from being a universally adopted practice, as was found recently when several of the other RIRs withdrew numerous IP address blocks for non-payment of fees: and Afrinic's withdrawal of Zimbabwean blocks was one example of this triggered by the recent currency problems in Zimbabwe. IP traffic is just like international telephone routing - if an entity says it is using a number range, and its peers and upstreams accept the claim, then connections will get through. And in many cases those upstreams will be influenced by the payments they get for the traffic, either at standard or enhanced rates. If there are conflicting routing claims, then obviously the connectivity will become somewhat unreliable. So effectively the only people who can "disconnect" an address range are the individual ISPs - by rejecting that traffic locally - but that rarely happens either, because of the probability of losing legitimate traffic in the process. There are a few network ranges that are known to be all used for crime or abuse, and a lot of ISPs now use the list at http://www.spamhaus.org/drop to block that traffic. I hope you do! For the other cases, pressure on the upstreams carrying the traffic from the entity that has misconfigured data, is probably the best way to get the problem fixed. Blocking that traffic locally is a good thing for ISPs to do, but it will take a lot of them to impose blocking before corrective action will be taken. Regards, Richard Co-Chair, RIPE AA-WG
Thanks for summarizing the situation, Richard, but that's really frustrating nonetheless. If the registrars can't enforce penalties because the whois information is broken or the ISP does not answer, it is basically useless to contact their abuse email, even for documentation purpose. Same for abuse penalties: As one moderator in one very small forum, we are attacked daily by 10-20 spam posts that pass the barrier of the stopforumspam blacklist. I often find myself being the first to report a spammer in their database. Email spam does not seem to have the same problem, at least with the main email providers such as gmail and live, the blacklist they use seem to be efficient, I never receive spam on these accounts. As an individual wasting at least 2 man-weeks every year (basically, that's my vacations gone) figthing abuse, what can we do to raise awareness and help stopping this abuse definitely? I understand that telcos have too much financial interest in that matter to let go the millions they make out of spam traffic, and I understand that the politicians can't really fight the telcos lobbies either, so what's left to us, and how can we help give the registrars the responsibilities and enforcement powers they should have? For instance, it is a real shame that all these blacklist databases have been created privately by people fed up with abuse. This should be funded and controlled by the registrars IMHO. I think there are already clauses asking the telcos and ISPs to maintain the whois data up to date and accurate, and there should be the same about abuse, but you can't put such clauses if you don't have the means to enforce them or put the infrastructure that goes around, such as blacklists, and make their usage mandatory at all levels. BTW, if btuser.net means you work for British Telecoms, congrats, I never experienced forum spam from one of their accounts (in my short moderator life.) And you should renew the fee for that btuser.net domain, it goes to a godaddy.com spam page telling this domain is for sale at $1.99. ;-) Thanks, A naive Chimel.
From: richard.cox@btuser.net Subject: Re: [anti-abuse-wg] Whois database accuracy To: anti-abuse-wg@ripe.net Date: Fri, 23 Oct 2009 14:20:53 +0000
On Wed, 21 Oct 2009 Jerome Bouat <jerome.bouat@wanadoo.fr> wrote:
Could we possibly disconnect the network which aren't tidying their whois records ?
To amplify one of Brian's points:
The problem there is that WE (which for the purposes of this discussion only, would include RIPE NCC) can't disconnect anybody. You've made an invalid assumption which - frankly - I also made for many years, until the full reality of the situation dawned on me.
The only people who can disconnect a network are its peers and upstreams. To a large extent that means that if any of the backbone networks agrees to accept the traffic, the network stays connected. If ALL the backbone networks agree not to accept traffic from block owners that do not have (or do not answer) valid abuse etc addresses, then we would have a way forward. It only takes one such backbone network to carry the traffic and the problem remains. And experience tells us that there will be one.
RIPE and other RIRs allocate IP ranges and ASNs. Although there is a routing database, that does NOT actually control the routing. All that RIPE NCC controls, is the entitlement to use the numbers, and the reverse DNS delegations. Now, if the RIPE NCC were to recover a block allocation or ASN because the WHOIS data was bad, or the network would not deal with abuse issues reported (and by the way I am not advocating that as a policy) those addresses and ASN could continue to be used. All that would happen would be that rDNS would stop working, and there would no longer be any visible track of who was running that network.
In an ideal world the upstreams would stop routing the traffic as soon as they became aware of the situation. That's very far from being a universally adopted practice, as was found recently when several of the other RIRs withdrew numerous IP address blocks for non-payment of fees: and Afrinic's withdrawal of Zimbabwean blocks was one example of this triggered by the recent currency problems in Zimbabwe.
IP traffic is just like international telephone routing - if an entity says it is using a number range, and its peers and upstreams accept the claim, then connections will get through. And in many cases those upstreams will be influenced by the payments they get for the traffic, either at standard or enhanced rates. If there are conflicting routing claims, then obviously the connectivity will become somewhat unreliable.
So effectively the only people who can "disconnect" an address range are the individual ISPs - by rejecting that traffic locally - but that rarely happens either, because of the probability of losing legitimate traffic in the process. There are a few network ranges that are known to be all used for crime or abuse, and a lot of ISPs now use the list at http://www.spamhaus.org/drop to block that traffic. I hope you do!
For the other cases, pressure on the upstreams carrying the traffic from the entity that has misconfigured data, is probably the best way to get the problem fixed. Blocking that traffic locally is a good thing for ISPs to do, but it will take a lot of them to impose blocking before corrective action will be taken.
Regards,
Richard Co-Chair, RIPE AA-WG
_________________________________________________________________ Nouveau Windows 7 : Trouvez le PC qui vous convient. En savoir plus. http://clk.atdmt.com/FRM/go/181574580/direct/01/
On Fri, 23 Oct 2009 Chimel Chimel <chimel31@live.fr> wrote:
Thanks for summarizing the situation, Richard, but that's really frustrating nonetheless. If the registrars can't enforce penalties because the whois information is broken or the ISP does not answer, it is basically useless to contact their abuse email, even for documentation purpose.
As I explained, the party that can enforce penalities is the upstream.
For instance, it is a real shame that all these blacklist databases have been created privately by people fed up with abuse. This should be funded and controlled by the registrars IMHO.
If they were controlled by Registrars the situation would be far worse.
BTW, if btuser.net means you work for British Telecoms, congrats,
No, in a sense it means I am a USER of BT's services. BTUSER.NET is a "neutral" domain which I use in order to be able to speak here without using my normal work account.
And you should renew the fee for that btuser.net domain, it goes to a godaddy.com spam page telling this domain is for sale at $1.99. ;-)
To keep things neutral, that domain has just a GoDaddy parking page. You may have misread the advertisement, it says that GoDaddy has (other) domains at $1.99: the btuser.net domain is not to my knowledge for sale. Regards, -- Richard Co-Chair, RIPE AA-WG
Triggered by this email thread I decided to take a closer look at data for Ukrtelecom using the Resource Explainer tool we presented at RIPE59. Here are my findings: http://labs.ripe.net/node/85 Hope people find it useful. best regards, Emile Aben RIPE NCC Research Engineer Chimel Chimel wrote:
Hi,
I am not sure this mailing list is still active, the latest archived mail dates back from over a year ago. I have 3 questions for this mailing list:
1) Does RIPE or other registrars impose antispam fighting measures or a code of conduct to the ISPs or telcos it allocates IP ranges to? For instance, do these registrar customers specifically sign an agreement never to post spam themselves. Do they also sign an agreement to terminate IP sub-allocation or contract with their own customers who are using their IP addresses to post spam?
2) If there is such measures, how does RIPE enforce them?
3) What does RIPE intends to do about Ukrtelecom, who is alone responsible for hundreds of thousands of daily spam posts in discussion forums and BBSs? According to the people in stopforumspam.com, every single post emanating from ukrtelecom is spam, there is not a single genuine user from that telco. How can RIPE allocate hundreds of separate IP ranges to this single telco, especially if it is only a support for spam, not a telco at all. When querying the RIPE database for ukrtelecom, it returns 300 IP ranges, but that's only because the web site is limited to 300 answers. I'd like to see the whole list in order to ban it all from my forum, even if it means banning genuine users from Ukraine. And of course, when I say ukrtelecom is a spammer site, I really means it is a mafia site that makes millions of dollars every month in illegal activities, selling dangerous fake medicines such as viagra or tamiflu. In these times of IP addresses shortening, it would make a lot more IPs available if the registrars would cancel IP allocation from the customers who break the antispam rules.
Thanks, Chimel.
By the way, a BBS seems to be a more adequate way than a mailing list to handle this kind of discussion. Just my 2 cents.
------------------------------------------------------------------------ Gratuit : Hotmail plus rapide avec Internet Explorer 8 ! Cliquez ici ! <http://www.microsoft.com/france/windows/products/winfamily/ie/ie8/msn/default.aspx>
Thanks, Emile, and to all the other persons in the mailing list who replied. I'll check out REX!
From: emile.aben@ripe.net To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Antispam measures Date: Thu, 22 Oct 2009 14:48:10 +0200
Triggered by this email thread I decided to take a closer look at data for Ukrtelecom using the Resource Explainer tool we presented at RIPE59. Here are my findings: http://labs.ripe.net/node/85
Hope people find it useful.
best regards, Emile Aben RIPE NCC Research Engineer
Chimel Chimel wrote:
Hi,
I am not sure this mailing list is still active, the latest archived mail dates back from over a year ago. I have 3 questions for this mailing list:
1) Does RIPE or other registrars impose antispam fighting measures or a code of conduct to the ISPs or telcos it allocates IP ranges to? For instance, do these registrar customers specifically sign an agreement never to post spam themselves. Do they also sign an agreement to terminate IP sub-allocation or contract with their own customers who are using their IP addresses to post spam?
2) If there is such measures, how does RIPE enforce them?
3) What does RIPE intends to do about Ukrtelecom, who is alone responsible for hundreds of thousands of daily spam posts in discussion forums and BBSs? According to the people in stopforumspam.com, every single post emanating from ukrtelecom is spam, there is not a single genuine user from that telco. How can RIPE allocate hundreds of separate IP ranges to this single telco, especially if it is only a support for spam, not a telco at all. When querying the RIPE database for ukrtelecom, it returns 300 IP ranges, but that's only because the web site is limited to 300 answers. I'd like to see the whole list in order to ban it all from my forum, even if it means banning genuine users from Ukraine. And of course, when I say ukrtelecom is a spammer site, I really means it is a mafia site that makes millions of dollars every month in illegal activities, selling dangerous fake medicines such as viagra or tamiflu. In these times of IP addresses shortening, it would make a lot more IPs available if the registrars would cancel IP allocation from the customers who break the antispam rules.
Thanks, Chimel.
By the way, a BBS seems to be a more adequate way than a mailing list to handle this kind of discussion. Just my 2 cents.
------------------------------------------------------------------------ Gratuit : Hotmail plus rapide avec Internet Explorer 8 ! Cliquez ici ! <http://www.microsoft.com/france/windows/products/winfamily/ie/ie8/msn/default.aspx>
_________________________________________________________________ Nouveau Windows 7 : Trouvez le PC qui vous convient. En savoir plus. http://clk.atdmt.com/FRM/go/181574580/direct/01/
participants (12)
-
Brian Nisbet -
Chimel Chimel -
Emile Aben -
Esa Laitinen -
Florian Weimer -
Jeffrey Race -
Jérôme Bouat -
Leo Vegoda -
Michele Neylon :: Blacknight -
peter håkanson -
Richard Cox -
Tobias Knecht