Dealing with abuse complaints to non-existent contacts

Mon Aug 11 03:36:36 UTC 2014

I have found the scaling is better if you make it the abusing providers problem to contact you. Whenever a range gets blocked, the bounce message tells the mail originator to take their money and find a new hosting provider that does not support/tolerate spam. When legitimate originators have contacted their provider about that message, the sources that were inadvertently hosting the abuse are happy to find out more so they can resolve the problem, and they provide a working contact in the process, even if the registered one fails. 

The down side is that it requires the legitimate originator to pay attention to the bounce and decide they want to take action. The hope is that eventually more money will flow toward those hosting providers that are diligent about resolving issues. 

Tony

> -----Original Message-----
> From: NANOG [mailto:nanog-bounces at nanog.org] On Behalf Of Suresh
> Ramasubramanian
> Sent: Monday, August 11, 2014 11:04 AM
> To: Mark Andrews
> Cc: goemon at anime.net; nanog at nanog.org
> Subject: Re: Dealing with abuse complaints to non-existent contacts
> 
> Good luck getting action from foreign LE through the mlat system
> 
> You might get a response, oh, in the next two years or so. IF you can find
> local LE willing to push the case forward.
> 
> Beyond that while RIRs are not the internet police they do owe it to the
> community to be more vigilant on dud contact addresses, and also do a
> lot^W bit more due diligence when allocating IP space, and when appointing
> LIRs.
>  On 11-Aug-2014 6:37 am, "Mark Andrews" <marka at isc.org> wrote:
> 
> >
> > In message <CB3CA09E-B16F-4101-AEC2-AEE12C982400 at delong.com>,
> Owen
> > DeLong
> > writes:
> > >
> > > On Aug 10, 2014, at 1:28 PM, goemon at anime.net wrote:
> > >
> > > > On Mon, 11 Aug 2014, Paul S. wrote:
> > > >> It would appear you've done your part in trying to reach out (and
> > > >> subsequently failed), so the next step to go is dropping all
> > > >> traffic
> > from
> > > >> it.
> > > >>
> > > >> Nothing wrong with trying to protect your own customer from
> > > >> people who cannot be bothered to do their own due diligence.
> > > >
> > > > It would be nice if allocations would be revoked due to
> > > > invalid/fake contact info.
> > > >
> > > > -Dan
> > >
> > > I kind of agree, but past efforts in this regard have not met with
> > > consensus from the ARIN community.
> > >
> > > If you believe this to be the case, I suggest putting it into
> > > template format and submitting to policy at arin.net.
> > >
> > > I'm happy to help if you would like. Subscribing to arin-ppml will
> > > allow you to participate in the community discussion of the policy
> proposal.
> > >
> > > Owen
> >
> > It really isn't the RIR's job to withdraw allocations due to bad
> > behaviour as much as many of us would like it to be.  Failure to
> > maintain valid contact details however is within the purview of the
> > RIRs.
> >
> > If you are being attacked, report the attack to your LEA.  Let the
> > LEA's maintain intellegence on which networks are permitting attacks
> > to be launched from their address space.  They can work with LEA in
> > the network's juristiction to get the attacks stops and offenders
> > prosecuted.  LEA's can in theory also get courts to issue orders to
> > filter offending address blocks by all ISP's in their juristiction.
> >
> > Mark
> > --
> > Mark Andrews, ISC
> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
> > PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
> >