FAQ: Hacking & Spamming
- Is the RIPE NCC spamming/hacking me?
The RIPE NCC is not responsible for spamming or hacking. The RIPE NCC never sends unsolicited emails, including spam and phishing emails, and the RIPE NCC network is never used to facilitate the sending of spam or any other kind of network abuse.
The RIPE NCC often receives questions about spamming and hacking because the victim searches for information about the IP address responsible for the attack and discovers it has been allocated by the RIPE NCC.
The way in which an individual IP address is used, however, is not under the RIPE NCC's control. The RIPE NCC is one of the five Regional Internet Registries (RIRs) that allocate large blocks of IP addresses to Internet Service Providers and other organisations. How these organisations then assign these IP addresses, either to End Users or within their own networks, is beyond the RIPE NCC's mandate.
However, if you suspect that the spam, hacking or network abuse originates from the following IP blocks, please contact us at ncc [at] ripe [dot] net as soon as possible. These ranges are used by the RIPE NCC.
220.127.116.11 - 18.104.22.168
If the IP address attacking you falls outside these ranges, we are unable to investigate the matter ourselves. However, you can try to find abuse contact information yourself using one of the RIPE NCC's.
- How can I find out who is spamming me?
You can identify which IP address was used to send a spam email by checking the “received” line in the full email header as shown below. The way to see the full header will vary depending on what type of email you use.
- What can I do about spam/hacking?
Once you have identified which IP address is being used to send abuse, you can use one of the RIPE NCC's anti-abuse tools to search for contact information so that you can report the abuse to the appropriate person.
Both of the RIPE NCC's anti-abuse tools rely on data contained in the RIPE Database.
Users who are familiar with the and how to query it can use the Abuse Finder tool to find potential abuse contacts associated with the spamming IP address.
If the address doesn't contain a specific abuse field (called "abuse-c:"), the Abuse Finder will display other objects in the RIPE Database that appear to contain abuse-related remarks. Users can then query the RIPE Database manually for these other objects, such as maintainers and administrative or technical contacts. Learn more about how to use theDatabase and the Abuse Finder in .
Users not already familiar with the RIPE Database may wish to use RIPEstat's Abuse Contact Finder to search for abuse contacts. The Abuse Contact Finder retrieves contact information associated with a specific IP address, and rates the contact found on a scale from one to five stars depending on how likely it is to be helpful in reporting abuse.
Contacts contained in a specific abuse field (called "abuse-c:") give a five-star rating. If no abuse contact exists for the queried IP address, RIPEstat will automatically search related objects for potential abuse contacts. Contacts found in fields other than "abuse-c:" return a lower rating, from one to four stars, depending on where it was found and how likely it is to be the correct contact.
Reporting the abuse
Keep in mind that the email address(es) listed may be for contact people at an Internet Service Provider, and they may not be aware that somebody is using their network in this way. They will require details of the abuse so they can investigate it further.
In case of spam or phishing, forward a copy of the spam/phishing email, including the full header. In case of hacking, include as much relevant information as possible to make it easier for the ISP to locate and deal with the abuser:
- Explain the situation and why you think it's an abuse case
IP address responsible for the abuse
Date and time (including time zone) the abuse took place
- Log file of the attack generated by your firewall, if possible
- What can the RIPE NCC do about spam/hacking?
The RIPE NCC cannot do anything about spam or hacking. It is responsible for the allocation of blocks of IP address space to Local Internet Registries (LIRs). These LIRs then assign IP addresses to their customers or use them in their own networks. The RIPE NCC is not a service provider and has no jurisdiction over, or responsibility for, how the IP addresses it assigns or allocates are used. It is unable to investigate any complaints about spamming.
However, if you suspect that the spam, hacking or network abuse originates from the following IP blocks, please contact us at ncc _at_ ripe _dot_ net as soon as possible. These ranges are used by the RIPE NCC.
If the IP address falls outside these ranges, we are unable to investigate the matter.
Incorrect contact information in the RIPE Database
If you notice that some information is outdated in a RIPE Database object and have already tried to contact the relevant maintainer of the object, we can forward your report to the person responsible for maintaining the registration. We will track the report and make sure this person takes appropriate action (e.g., assisting with updating an entry in the RIPE Database).
Please go to the RIPE NCC Reporting Procedure.
- Where can I find out more about spam/hacking?
Internet Service Providers can find more information about preventing spam here:
Anti-Abuse Working Group
The RIPE community has an Anti-Abuse Working Group that discusses topics relating to Internet abuse and ways to prevent it. If you are interested in abuse topics, you may want to join the Anti-Abuse Working Group .