Mailing List SIMS@mail.stalker.com Message #13279
From: Global Homes Webmaster <webmaster@globalhomes.com>
Subject: Re: A spam gripe (OT?)
Date: Wed, 6 Aug 2003 13:03:12 -0700
To: SIMS Discussions <SIMS@mail.stalker.com>
X-Mailer: Mailsmith 2.0 (Blindsider)
On 08/06/03 at 15:25 -0400, Neil Herber opined:

> It is rumored that on or about 8/6/03 11:55 AM -0700, Global Homes
> Webmaster wrote as follows:
> >I forgot an important step here, germane to this discussion, I will
> >also send an abuse report to whatever abuse address is listed by
> >whois.abuse.net for the owner of the IP address's enclosing block.
> >If my abuse report is bounced (e.g. the listed abuse address is
> >spamtrapped or otherwise not accepting mail), I will be far more
> >inclined to blacklist the offending IP and possibly its enclosing
> >block.
>
> If someone does a whois.abuse.net whois on hambone.ca, they will get
> this:
> >Whois has started ...
> >
> >postmaster@hambone.ca (default, no info)
> >
>
> However, if they do an ARIN whois on the IP 206.47.27.217 they will get:
> >OrgName:    Bell Canada
> >OrgID:      LINX
> >---snip---
> >NetRange:   206.47.0.0 - 206.47.255.255
> >CIDR:       206.47.0.0/16
> >---snip---
> >TechEmail:  noc@in.bell.ca
>
> In the first case, I would get the mail. In the second place, my
> upstream ISP would get the mail.
>
> I don't have a listed abuse address, nor does Bell, so it would seem.

Bell does:

% whois -h whois.abuse.net bell.ca
abuse@bell.ca (for bell.ca)

Which is where I would probably send an abuse report, especially since
abuse.net just gives the default postmaster address for hambone.ca. Of
course, since I know that hosts on your network would never relay spam, I'm
sure that this specific case will never arise.  8^)

I should probably also say that unless ARIN reports the IP address's
enclosing block to be a /24 or smaller, it's unlikely that I would add a
Canadian IP block to my internal blacklist (as opposed to, say, an Asian or
South American block). It's entirely possible that my users might have
Canadian correspondents, so for me the potential for collateral damage
outweighs the possible benefit of blocking the odd spammage and I'll let
the DNSbls take care of recalcitrant offenders.

FWIW, I've submitted abuse addresses to abuse.net for most of my major
domains. As far as I'm concerned it indicates to the rest of the world that
I consider network abuse, including spam, to be a bad thing, that I will
actively work to remove it from my network in the unlikely event that it
should be infected, and that I care enough about it to have set up a
channel for people to report abuse from my network.

> And for those (like me) who let Spamcop do all the work, they report:

I usually let openrbl.org do most of the work for me. I get a bad vibe from
Spamcop, probably from the way they run their DNSbl.

--
                   Christopher Bort | cbort@globalhomes.com
            Webmaster, Global Homes | webmaster@globalhomes.com
                      <http://www.globalhomes.com/>
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster