Re: [anti-spam-wg] Any suggestions about how to deal with non co-operative ISP's and RIR's ?

  • To: oca@localhost, anti-spam-wg@localhost
  • From: "tp" ripe@localhost
  • Date: Tue, 3 Apr 2007 18:13:27 +0200
  • Reply-to: "tp" ripe@localhost

----- Original Message -----
From: oca@localhost
Sent: Tuesday, April 03, 2007 10:06 AM
Subject: Re: [anti-spam-wg] Any suggestions about how to deal with non
co-operative ISP's and RIR's ?


> Blocking the ISP, in one or another way, is ofcourse a way to deal with spam
> from a given ISP ...
>
> But this is only a short-term ( selfish ) solution and dosn't solve the root
> for my frustrations - namely that the ISP and the RIR dosn't seem willing to
> cooperate...
>
> Besides this - technically - blocking isn't possible for me ... I'm sitting
> behind a mail relay belonging to my ISP..
>
> Anyway - I appreciate that I'm not the only one feeling p... off by this
> matter.
>
> I do believe that only if every responsible organisation on the net
> cooperate on hacking, spam and other abuse issues - we will be able to do
> anything about - otherwise ....

I agree with you to some extent.
 - arguments about the precise definition of spam are specious
 - ISPs generally do not care since it does not cost them, in fact spam makes
them money whereever they charge by volume (eg on dial-up lines charged by time)
 - RIPE has an interesting mission which is largely set by ISP and LIR

So I suggest forgetting about reporting abuse to ISP or xIR unless and until our
national or supra-national governments enact and enforce legislation.  You
could, on the other hand, report it to organisations who maintain Black/Block
Lists of addresses/domains that emit spam whose output is in turn used in a way
that could draw the attention of ISPs.  Quite why these should be the good guys
in this I have yet to comprehend but that is what they seem to be.

Tom Petch


>
> Ole
>
> ----- Original Message -----
> From: "peter h" peter@localhost
>
> Sent: Tuesday, April 03, 2007 7:37 AM
> Subject: Re: [anti-spam-wg] Any suggestions about how to deal with non
> co-operative ISP's and RIR's ?
>
>
> On Monday 02 April 2007 08.50, oca@localhost wrote:
> > Any suggestions about how to deal with non co-operative ISP's and RIR's ?
> >
> > When I receive a spam mail, I normally send a spam repport to the "abuse
> > mail account" of the ISP being responsible for the IP address using the
> > whois databases of the RIR's.
> >
> > Normally this works very fine ... or rather ... I'm often able to deliver
> > the repport somewhere without any problems.
> >
> > But in some cases the given account dosn't exist or is hidden behind a
> > spamfilter..
> >
> > In these cases I have tried to contact the RIR of the ISP but with very
> > different outcome ...
> >
> > Some RIR's consider this as a problem they can deal with and some dosn't
> > !!!
> >
> > Last week I received a third spam mail from an ip address belonging to
> > charter.net...
> >
> > According to the whois of arin, and to the homepage of the ISP, I should
> > repport abuse to abuse@localhost...
> >
> > This I have tried several times getting an "unable to deliver" repport
> > every
> > time ...
> >
> > Trying to raise this as an issue for ARIN gives this repply:
> >
> > > ARIN is an IP registry whose primary function is the registration and
> > > distribution of IP number resources (IP addresses and Autonomous System
> > > Numbers) in North America.
> > >
> > > IP number resource registration information can be found in the
> > > public ARIN WHOIS database found at:
> > >
> > >  http://www.arin.net/whois/
> > >
> > > Please understand that ARIN does not operate any of the networks
> > > contained
> > > in the WHOIS database nor is ARIN responsible for supplying and
> > > maintaining the registration data in the WHOIS database.  That
> > > responsibility lies soley with the registrant of the data.
> >
> > How do we fight spam, and other kind of abuse, as long as some of the
> > ISP's
> > and the RIR's has this kind of attitudes ?
> >
> > Ole
> >
> >
> The solution is - block them. Either subscribe on a blocklist that fills the
> need or block the offending ISP's yourself. IP ranges is easily
> available by "whois"
>
> The downside is that _if_ someone is within that ISP's net they are
> not able to mail you, but a proper "bounce-message" ( "Use gmail or any
> other
> serious mailprovider" ) or punch a hole in you block when needed.
>
> The only real pressure that can be applied to unserious ISP is to
> threat their income. Make their customers complain and eventually
> abandom them.
>
> --
>         Peter Håkanson
>
>         There's never money to do it right, but always money to do it
>         again ... and again ... and again ... and again.
>         ( Det är billigare att göra rätt. Det är dyrt att laga fel. )
>
>