[anti-abuse-wg] What to do if ISP rejects Abuse Reports?
Alessandro Vesely vesely at tana.it
Sat Jan 14 20:13:41 CET 2012
On 14/Jan/12 14:19, U.Mutlu wrote: > my systems get attacked from several IPs from Georgia (Countrycode=GE, RIR=RIPE). > My Abuse Reports to the abuse address (ib at caucasus.net) of the > responsible ISP for the attacker IPs (caucasus.net) just bounce: > > #ID: <SCC9B> > #Mail From: <security at mutluit.com> > #Rcpt To: <ib at caucasus.net> > #Server: <mail.caucasus.net> [126.96.36.199] Only found it on http://www.backscatterer.org/?ip=188.8.131.52 > #[<02>] The reason of the delivery failure was: > # > #550 5.7.1 <security at mutluit.com>: Sender address rejected: Blocked by postmaster > > What to do in this case? What I do is to ban the offending IP address for some months, using a firewall filter. I try to notify that I do so to <postmaster> at that address if it listens on port 25, or to any *-c of that network. Is this the recommended procedure?