[anti-abuse-wg] Abuse Reporting Issues
- Previous message (by thread): [anti-abuse-wg] Abuse Reporting Issues
- Next message (by thread): [anti-abuse-wg] Abuse Reporting Issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Arnold
wiegert at telus.net
Wed Mar 13 00:31:39 CET 2013
On 12/03/2013 2:35 AM, Denis Walker wrote: > Dear Arnold > > I am afraid I am a little confused as to what you were trying to find > in the database. Hello Denis, What I am typically looking for is an e-mail address to which I can send a SPAM report. First I look up the originating IP address in the source code of the SPAM message, plug it into a WhoIs look up via the IANA ipv4-address-space.xml files. Often enough this gives me the abuse handler address. For RIPE, when no abuse address is given, I try to find one using the admin-c: ?????-RIPE and plugging it into http://apps.db.ripe.net/search/query.html to find the NIC handle, which some times has an e-mail address, sometimes it has a circular reference to itself and other times it may have a gmail or hotmail address which often enough bounce because the mail box is full . > > You looked up a PERSON object by the Nic Hdl. The Nic Hdl is the > primary key of a PERSON object in the database. So you found what you > were looking for, the person. > > Now I see that this Nic Hdl is referenced in an INETNUM object. If you > were looking for the abuse contact for that resource, it is possible > to find one by doing many queries manually yourself, but it is not the > recommended way. This PERSON object, has a MNTNER, which has an > admin-c, which references another PERSON that has an abuse-mailbox. > > If you used the Abuse Finder tool to look up the resource, it would > return you the same abuse-mailbox without the need for you to do all > the individual queries. > http://apps.db.ripe.net/search/abuse-finder.html I have tried to use the abuse finder tool a few times, but have never really had enough luck with it to keep using it. Just now I tried both with 217.75.223.120 - abuse-finder.html gave me nothing at all, The query tool gave me - in this case a whole slew of contacts as admin-c, tech-c & NIC-hdl. At least one of these got me a usable e-mail address to which I will send my report. > > I noticed that this resource is an allocation object. Within the next > 6 months this resource WILL have an abuse-c reference. So it will be > even easier to find the abuse contact details without needing to > lookup any personal data. When I first learned of the abuse finder, I tried it - with much the same success as this time. Perhaps I am feeding it the wrong questions and data. In that case I need more information about what sort of things I can feed it - but it would have to be things I can glean from the SPAM e-mail. Clicking on the '?' for the Resource field in the abuse finder did not give me enough to make it work as I would expect it to work - i.e. give me a useful contact e-mail address. Hoping that helps explain how I look for data. Please let me know if there are better or quicker ways to come by the needed data. That being said, I do find that these days I do run into a lot more WhoIS records with usable e-mail addresses compared to even a year ago. Regards, Arnold -- Fight Spam - report it with wxSR 0.5 Vista & Win7 ready http://www.columbinehoney.net/wxSR.shtml
- Previous message (by thread): [anti-abuse-wg] Abuse Reporting Issues
- Next message (by thread): [anti-abuse-wg] Abuse Reporting Issues
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]