Verification of abuse contact addresses ?
Sorry folks, when this topic was discussed, I confess that I wasn't really paying much attention. So now I am forced to ask: Was someone going to verify the abuse contact addresses listed in the RIPE WHOIS data base? If so, how is that project coming along? I'll tell you why I ask. It's quite simple really. Some jerk, probably Mexican, just sent me a spam wherein he was advertising for sale his list of 18 million "business" email addreses. (I can't quite tell if those are all supposed to be specifically Mexican email addrses or what... because the spam was written in Spanish, and I don't speak Spanish.) https://pastebin.com/raw/dT11krpN Note that the specific email address of mine that was spammed was one that I only used in ancient times, and only in conjunction with my activities on one specific web site. (It obviously leaked somehow.) The envelope sender address was forged to be my own. The source IP was 109.68.33.19 as you can see. So naturally, I performed a RIPE WHOIS query on that IP address and the results I got back indicated that the contact email address for spam reports was <abuse@meshdigital.com>. So I emailed off a report to that address. Of course, it bounced back to me immediately as undeliverable. This causes me to suspect that either (a) that stuff that I thought that I has seen previously about a project to verify abuse addresses was all just a bunch of malarkey, or else (b) that project is still unfinished and perhaps not going all that well. Could someone please enlighten me and tell me which possibility actually applies? Regards, rfg P.s. It is annoying enough to have to lookup who the bleep should receive a report about spamming from their network _and_ to have to even write such reports, when 9 time sout of ten, the sending network could have easly prevented the spam from even going out. It is just adding insult to injury when the bloody "official" abuse reporting address doesn't even actually exist. And of course, neither meshdigital.com nor meshdigital.net even have functioning web sites. Apparently this is all the work of some dolts at a company called heg.com, in Germany. Do any of you happen to know any of the clueless nitwits who work there? If so, maybe you could put me in direct touch so that I could personally apply a much needed clue-by-four.
Dear Ronald, Thank you for asking about the status of the policy change 2017-02, "Regular abuse-c Validation". It is correct that the implementation phase is still ongoing. Currently we are validating all the abuse contact information referenced in LIR organisation objects. Then we will proceed with the validation of abuse contacts referenced in LIR resource objects - the example that you mentioned belongs to this group. And finally all abuse contacts referenced in End User (sponsored) objects will be validated. You can read more details on the policy implementation in this RIPE Labs article by my colleague Angela: https://labs.ripe.net/Members/angela_dallara/how-we-will-be-following-up-wit... We understand that it is frustrating when contact information in the RIPE Database turns out not to work. You can always report such incorrect contact information to the RIPE NCC and we will follow up to have it corrected. https://www.ripe.net/contact-form I hope this clarifies your question. Kind regards, Marco Schmidt Policy Officer RIPE NCC On 04/03/2019 22:55, Ronald F. Guilmette wrote:
Sorry folks, when this topic was discussed, I confess that I wasn't really paying much attention. So now I am forced to ask: Was someone going to verify the abuse contact addresses listed in the RIPE WHOIS data base?
If so, how is that project coming along?
I'll tell you why I ask. It's quite simple really. Some jerk, probably Mexican, just sent me a spam wherein he was advertising for sale his list of 18 million "business" email addreses. (I can't quite tell if those are all supposed to be specifically Mexican email addrses or what... because the spam was written in Spanish, and I don't speak Spanish.)
https://pastebin.com/raw/dT11krpN
Note that the specific email address of mine that was spammed was one that I only used in ancient times, and only in conjunction with my activities on one specific web site. (It obviously leaked somehow.)
The envelope sender address was forged to be my own.
The source IP was 109.68.33.19 as you can see. So naturally, I performed a RIPE WHOIS query on that IP address and the results I got back indicated that the contact email address for spam reports was <abuse@meshdigital.com>. So I emailed off a report to that address.
Of course, it bounced back to me immediately as undeliverable.
This causes me to suspect that either (a) that stuff that I thought that I has seen previously about a project to verify abuse addresses was all just a bunch of malarkey, or else (b) that project is still unfinished and perhaps not going all that well.
Could someone please enlighten me and tell me which possibility actually applies?
Regards, rfg
P.s. It is annoying enough to have to lookup who the bleep should receive a report about spamming from their network _and_ to have to even write such reports, when 9 time sout of ten, the sending network could have easly prevented the spam from even going out. It is just adding insult to injury when the bloody "official" abuse reporting address doesn't even actually exist.
And of course, neither meshdigital.com nor meshdigital.net even have functioning web sites.
Apparently this is all the work of some dolts at a company called heg.com, in Germany. Do any of you happen to know any of the clueless nitwits who work there? If so, maybe you could put me in direct touch so that I could personally apply a much needed clue-by-four.
In message <9c95c110-d5a3-e94a-6b3c-b02030736e7c@ripe.net>, Marco Schmidt <mschmidt@ripe.net> wrote:
It is correct that the implementation phase is still ongoing. Currently we are validating all the abuse contact information referenced in LIR organisation objects. Then we will proceed with the validation of abuse contacts referenced in LIR resource objects - the example that you mentioned belongs to this group. And finally all abuse contacts referenced in End User (sponsored) objects will be validated.
Thanks for the info Marco. I guess the only question I would ask is this: Is there a published timeline for how this whole process is planned to play out, and for when it is planned to be completed? Regards, rfg
Hello Ronald, We are planning to publish an updated timeline soon. Ultimately, our implementation will depend of the level of cooperation we get from LIRs and the nature of issues that need to be fixed before an abuse contact can be updated (for example, some organisations may need to reset their maintainer password). Over the next few weeks we will be analysing our progress, to make a realistic estimation. From observations so far, we think we might be able to finish our initial validation of all abuse contacts within six months - but it is still too early to make any strong predictions. Kind regards, Marco Schmidt RIPE NCC On 05/03/2019 21:51, Ronald F. Guilmette wrote:
In message <9c95c110-d5a3-e94a-6b3c-b02030736e7c@ripe.net>, Marco Schmidt <mschmidt@ripe.net> wrote:
It is correct that the implementation phase is still ongoing. Currently we are validating all the abuse contact information referenced in LIR organisation objects. Then we will proceed with the validation of abuse contacts referenced in LIR resource objects - the example that you mentioned belongs to this group. And finally all abuse contacts referenced in End User (sponsored) objects will be validated. Thanks for the info Marco.
I guess the only question I would ask is this: Is there a published timeline for how this whole process is planned to play out, and for when it is planned to be completed?
Regards, rfg
In message <ddb2ba1a-63af-9a1e-fa2c-cc8484ec6c26@ripe.net>, Marco Schmidt <mschmidt@ripe.net> wrote:
We are planning to publish an updated timeline soon.
Ultimately, our implementation will depend of the level of cooperation we get from LIRs and the nature of issues that need to be fixed before an abuse contact can be updated (for example, some organisations may need to reset their maintainer password).
Over the next few weeks we will be analysing our progress, to make a realistic estimation. From observations so far, we think we might be able to finish our initial validation of all abuse contacts within six months - but it is still too early to make any strong predictions.
Thanks again for the additional information. I'm sure that you face many challenges, given that this project is dependent upon so many vagaries, and upon the active cooperation of so many individuals and companies. But it is my sincere hope that this can be made to take less than 6 months. It seems that there are really two parts here, i.e. (1) identifying all of the broken contact addresses and then (b) attempting to get as many of those fixed as possible. The latter part may last indefinitely. The former however should be amenable to completion on a very short time scale. I would encourage you to seek to find out what is broken, as expeditiously as possible, and to then publish those findings for all to see. Such publication could have multiple useful knock-on effects. Regards, rfg
Agreed It's good to see that there is progress on this. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains https://www.blacknight.com/ http://blacknight.blog/ Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Personal blog: https://michele.blog/ Some thoughts: https://ceo.hosting/ ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845 On 08/03/2019, 04:40, "anti-abuse-wg on behalf of Ronald F. Guilmette" <anti-abuse-wg-bounces@ripe.net on behalf of rfg@tristatelogic.com> wrote: In message <ddb2ba1a-63af-9a1e-fa2c-cc8484ec6c26@ripe.net>, Marco Schmidt <mschmidt@ripe.net> wrote: >We are planning to publish an updated timeline soon. > >Ultimately, our implementation will depend of the level of cooperation >we get from LIRs and the nature of issues that need to be fixed before >an abuse contact can be updated (for example, some organisations may >need to reset their maintainer password). > >Over the next few weeks we will be analysing our progress, to make a >realistic estimation. From observations so far, we think we might be >able to finish our initial validation of all abuse contacts within six >months - but it is still too early to make any strong predictions. Thanks again for the additional information. I'm sure that you face many challenges, given that this project is dependent upon so many vagaries, and upon the active cooperation of so many individuals and companies. But it is my sincere hope that this can be made to take less than 6 months. It seems that there are really two parts here, i.e. (1) identifying all of the broken contact addresses and then (b) attempting to get as many of those fixed as possible. The latter part may last indefinitely. The former however should be amenable to completion on a very short time scale. I would encourage you to seek to find out what is broken, as expeditiously as possible, and to then publish those findings for all to see. Such publication could have multiple useful knock-on effects. Regards, rfg
participants (3)
-
Marco Schmidt -
Michele Neylon - Blacknight -
Ronald F. Guilmette