Hi,
> -- "Should I just ignore spam?"
On the spam should be ignored discussion. It's time people realised and acted upon the fact that by reporting spam and all the content/fraud/phishing/malware related with spam to spam reporting centres and/or authorities, maybe just something will change. Somewhere in this data the identity of the spammers lies hidden, including the data of all involved, whether consciously or unconsciously. Also countries or agencies less active will be revealed. Transparency is what this discussion needs and that may just prove half of the much needed silver bullet. Without reporting there is no analyses of data.
So please change the topic to report spam actively where possible. And perhaps even add that if there is no spam reporting centre in a country, to lobby to your local government to start one.
Regards,
Wout
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
De Natris Consult
Raaphorst 33 Tel: +31 648388813
2352 KJ Leiderdorp Skype: wout.de.natris
denatrisconsult@hotmail.nlhttp://www.denatrisconsult.nl
Blog http://woutdenatris.wordpress.com
> From: anti-abuse-wg-request@ripe.net
> Subject: anti-abuse-wg Digest, Vol 4, Issue 14
> To: anti-abuse-wg@ripe.net
> Date: Mon, 12 Dec 2011 23:08:20 +0100
>
> Send anti-abuse-wg mailing list submissions to
> anti-abuse-wg@ripe.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://www.ripe.net/mailman/listinfo/anti-abuse-wg
> or, via email, send a message with subject or body 'help' to
> anti-abuse-wg-request@ripe.net
>
> You can reach the person managing the list at
> anti-abuse-wg-owner@ripe.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of anti-abuse-wg digest..."
>
>
> Today's Topics:
>
> 1. Re: Spam FAQs need revision, was 2011-06 New Policy
> (Suresh Ramasubramanian)
> 2. Re: Spam FAQs need revision, was 2011-06 New Policy
> (Joe St Sauver)
> 3. Re: Spam FAQs need revision, was 2011-06 New Policy
> (Thor Kottelin)
> 4. Re: Spam FAQs need revision, was 2011-06 New Policy (Reza Farzan)
> 5. How to nail the abuser on ripe.net (Chetan Diwanji)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Mon, 12 Dec 2011 23:41:45 +0530
> From: Suresh Ramasubramanian <ops.lists@gmail.com>
> Subject: Re: [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New
> Policy
> To: peter h <peter@hk.ipsec.se>
> Cc: anti-abuse-wg@ripe.net
> Message-ID:
> <CAArzuouWhtsF0na28zkYLeyEqP-duTGnbEbwHA1fUfNGYaT4Og@mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> and s/gmail/any other provider/ and my statement below would still
> apply. I'm not picking on gmail or yahoo here.
>
> On Mon, Dec 12, 2011 at 11:41 PM, Suresh Ramasubramanian
> <ops.lists@gmail.com> wrote:
> > No no... let's not confine conversation to one mailbox, or one small
> > personal domain. ?Please.
> >
> > If you run a large enough mail system, you'll see quite a lot of spam
> > issues on gmail as well (google groups and other google properties
> > too, just as you'd see distinct yahoo properties such as yahoogroups
> > have their own abuse volumes, challenges etc)
> >
> > On Mon, Dec 12, 2011 at 11:24 PM, peter h <peter@hk.ipsec.se> wrote:
> >>
> >> It's years ago since i had any mail conversation with a yahoo-customer. But i still get
> >> spam from various yahoo-ranges, none of them related to former contacts. It's simply
> >> a lazy policy that allows abuse of their resources.
> >
> >
> >
> > --
> > Suresh Ramasubramanian (ops.lists@gmail.com)
>
>
>
> --
> Suresh Ramasubramanian (ops.lists@gmail.com)
>
>
>
> ------------------------------
>
> Message: 2
> Date: Mon, 12 Dec 2011 11:22:06 -0800 (PST)
> From: "Joe St Sauver" <joe@oregon.uoregon.edu>
> Subject: Re: [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New
> Policy
> To: anti-abuse-wg@ripe.net
> Message-ID: <11121211220660_3B34@oregon.uoregon.edu>
>
> Hi,
>
> When I look at http://www.ripe.net/data-tools/db/faq/faq-hacking-spamming/
> I'd probably write something that looks quite a bit different than what's
> currently there.
>
> For example, just starting at the top:
>
> -- "What is spam?
>
> FAQ currently says:
>
> "Spam is junk email, usually offering bogus products and invitations to
> pornography sites. Sometimes, spam email is used to spread viruses. You
> may also receive 'phishing' emails. These are emails that look like they
> have been sent by a legitimate organisation and attempt to fraudulently
> acquire sensitive information, such as passwords and credit card details."
>
> I'd suggest that the definition of "spam" that's available at
> http://www.spamhaus.org/definition.html is significantly stronger.
>
> -- "Should I just ignore spam?"
>
> FAQ currently says:
>
> "Yes. We recommend that you simply ignore and delete any spam emails you
> get. Spam is a universal problem and there is not much that can be done
> to stop it. However, if you do want to try to find out where the spam is
> originating from you can follow the steps in FAQ 5."
>
> I'd suggest that's a passive/defeatist approach that spammers absolutely
> adore since it fails to put any back pressure on spammers. By NOT
> reporting spam, service providers hosting spam-related sites (and service
> providers with botted customers) get no feedback that will allow them to
> clean up their issues. That really needs to change.
>
> I'd suggest:
>
> "No. Consider reporting spam via a well-established spam reporting
> channel. This might be a "this is spam" button offered as part of
> your provider's web email interface, or via a third party spam
> reporting service such as Spamcop (http://spamcop.net/), which is
> free. If you want to report spam directly, you may find it helpful
> to see the abuse reporting addresses available from http://abuse.net/"
>
> I'd like to suggest that users report spam to appropriate government
> agencies, see for example:
> http://spamlinks.net/track-report-addresses.htm#country
>
> I would also note that encouraging user reporting is consistent with
> the explanation that's provided later in the FAQ under
> "What can I do to stop spam emails?" which goes into some detail
> when it comes to how to actually do manual spam reporting.
>
> -- "What can the RIPE NCC do about the spam email I have received?"
>
> FAQ currently says:
>
> "Unfortunately, the RIPE NCC can do nothing about spam email or
> 'phishing' email. The RIPE NCC does not send, or facilitate the sending
> of, spam email. Nor is it responsible for any spam you receive. It is
> also unable to investigate any complaints about spamming."
>
> Again, that's not the answer to this FAQ item that I'd like to see.
>
> I would like to see RIPE NCC acknowledge that it *does* have a role
> in combatting network abuse, particularly when it comes to ensuring
> that the resources it manages are not abused. For example, if RIPE NCC
> learns that a network resource has been acquired under fraudulent
> pretenses for the purpose of engaging in network abuse, or a network
> resource has bogus point of contact information, those behaviors are
> not acceptable and will result in a review by RIPE NCC and, if that
> abuse is confirmed, those resources will be reclaimed.
>
> Obviously that would also imply a change to
>
> "Why are there no contact details or incorrect contact details for
> reporting spam email listed in the RIPE Database for the IP address
> I searched on?"
>
> which states
>
> "The records in the Regional Internet Registries'(RIR) databases are
> entered and maintained by the organisations that receive IP addresses
> from each RIR. The RIRs do not check the accuracy of any of the records
> in the database or make any changes to the data maintained by these
> organisations. The RIPE NCC has no power to update any of these records."
>
> If nothing else, that FAQ answer should *at least* be updated to correct
> factual inaccuracies because at least *some* other RIRs *DO* check and/or
> correct inaccuracies in their databases, e.g., see, in the case of ARIN,
> APNIC and LACNIC, see:
>
> -- https://www.arin.net/policy/nrpm.html#three6
>
> "3.6 Annual Whois POC Validation
>
> "3.6.1 Method of Annual Verification
>
> "During ARINs annual Whois POC validation, an email will be sent to
> every POC in the Whois database. Each POC will have a maximum of 60
> days to respond with an affirmative that their Whois contact
> information is correct and complete. Unresponsive POC email addresses
> shall be marked as such in the database. If ARIN staff deems a POC to
> be completely and permanently abandoned or otherwise illegitimate,
> the POC record shall be marked invalid. ARIN will maintain, and make
> readily available to the community, a current list of number resources
> with no valid POC; this data will be subject to the current bulk Whois
> policy."
>
> -- http://www.apnic.net/apnic-info/whois_search/abuse-and-spamming/invalid-contact-form
>
> "Use this form to report invalid contact details found in the APNIC
> Whois Database. APNIC will take appropriate steps to try to have the
> database objects updated."
>
> See also http://www.apnic.net/policy/policy-environment#processing
> at 7.1 ("Validity of IP address delegations")
>
> -- http://lacnic.net/en/politicas/manual7-1.html ("Resource Recovery")
>
> See also http://lacnic.net/en/politicas/manual7-1.html
>
> "The organizations receiving IPs addresses from LACNIC have the
> commitment to keep their registration information updated.
>
> "But, in the case it is noticed that some information is invalid we
> ask you to communicated the fact to hostmaster@lacnic.net informing
> the IP address with invalid registration information."
>
> So, RIPE may not have processes for keeping their part of the global
> databases accurate, but other RIRs do...
>
> There are also many redundancies in the FAQ, e.g., see the "Can I stop spam?"
> item vis-a-vis "Should I just ignore spam?"
>
> Or "I want to know more about spam" vs. "Where can I find more information
> about spam"
>
> Or "How do I found out who's behind a suspect message?" vs.
> the tutorial on reading headers that's in "What can I do to stop spam
> emails?"
>
> And there are other duplications of that sort in the FAQ... I think it
> probably grew over time, but as stuff got slotted into the document,
> no deconfliction and reconciliation ever took place. I think that
> work to do that would strengthen the document and make it considerably
> stronger.
>
> Regards,
>
> Joe
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 12 Dec 2011 23:13:27 +0200
> From: "Thor Kottelin" <thor.kottelin@turvasana.com>
> Subject: Re: [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New
> Policy
> To: <anti-abuse-wg@ripe.net>
> Message-ID:
> <!&!AAAAAAAAAAAYAAAAAAAAADs1SQBfrQFIidqBOlhIPRTCgAAAEAAAAJaC8S1Zk29JqYgRrFxZNYQBAAAAAA==@turvasana.com>
>
> Content-Type: text/plain; charset="utf-8"
>
> > -----Original Message-----
> > From: anti-abuse-wg-bounces@ripe.net [mailto:anti-abuse-wg-
> > bounces@ripe.net] On Behalf Of Joe St Sauver
> > Sent: Monday, December 12, 2011 9:22 PM
> > To: anti-abuse-wg@ripe.net
>
> > When I look at http://www.ripe.net/data-tools/db/faq/faq-hacking-
> > spamming/
> > I'd probably write something that looks quite a bit different than
> > what's
> > currently there.
>
> The suggestions that followed are excellent. Thank you.
>
> (Proposal snipped due to its length but available at
> http://www.ripe.net/ripe/mail/archives/anti-abuse-wg/2011-December/001161.html.)
>
> --
> Thor Kottelin
> http://www.anta.net/
>
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 12 Dec 2011 16:25:50 -0500
> From: "Reza Farzan" <rezaf@mindspring.com>
> Subject: Re: [anti-abuse-wg] Spam FAQs need revision, was 2011-06 New
> Policy
> To: <anti-abuse-wg@ripe.net>
> Message-ID:
> <!&!AAAAAAAAAAAYAAAAAAAAAJeeeFoNbLlEjIdF7rht+VjCgAAAEAAAALgrmdfWKJ1ErBmtgbtdeiwBAAAAAA==@mindspring.com>
>
> Content-Type: text/plain; charset="us-ascii"
>
> Hello All,
>
> Joe St Sauver's comments and suggestions make perfect sense and RIPE NCC
> needs to follow such a sound advice.
>
> Joe's specific recommendation that "Consider reporting spam via a
> well-established spam reporting Channel" should be promoted by ALL user
> groups, and ISPs. RIPE's FAQ recommendation that "simply ignore and delete
> any spam emails you get" has been one of the main causes proliferation of
> Spam everywhere. By guiding users to sites like this,
> http://spamlinks.net/track-report-addresses.htm, almost anyone can report a
> Spam properly and keep ISP's aware of malicious traffic that passes through
> their servers.
>
> As Joe suggested, RIPE's FAQ must provide better guidance than reminding us
> to simply ignore and delete any spam emails you get.
>
> By remaining diligent, we can make this situation better for everyone.
>
> Thank you,
>
> Reza Farzan
>
> ======================
>
>
> > -----Original Message-----
> > From: anti-abuse-wg-bounces@ripe.net
> > [mailto:anti-abuse-wg-bounces@ripe.net] On Behalf Of Joe St Sauver
> > Sent: Monday, December 12, 2011 2:22 PM
> > To: anti-abuse-wg@ripe.net
> > Subject: Re: [anti-abuse-wg] Spam FAQs need revision, was
> > 2011-06 New Policy
> >
> > Hi,
> >
> > When I look at
> > http://www.ripe.net/data-tools/db/faq/faq-hacking-spamming/
> > I'd probably write something that looks quite a bit different
> > than what's currently there.
> >
> > For example, just starting at the top:
> >
> > -- "What is spam?
> >
> > FAQ currently says:
> >
> > "Spam is junk email, usually offering bogus products and
> > invitations to
> > pornography sites. Sometimes, spam email is used to spread
> > viruses. You
> > may also receive 'phishing' emails. These are emails that
> > look like they
> > have been sent by a legitimate organisation and attempt to
> > fraudulently
> > acquire sensitive information, such as passwords and
> > credit card details."
> >
> > I'd suggest that the definition of "spam" that's available at
> > http://www.spamhaus.org/definition.html is significantly stronger.
> >
> > -- "Should I just ignore spam?"
> >
> > FAQ currently says:
> >
> > "Yes. We recommend that you simply ignore and delete any
> > spam emails you
> > get. Spam is a universal problem and there is not much
> > that can be done
> > to stop it. However, if you do want to try to find out
> > where the spam is
> > originating from you can follow the steps in FAQ 5."
> >
> > I'd suggest that's a passive/defeatist approach that
> > spammers absolutely
> > adore since it fails to put any back pressure on spammers. By NOT
> > reporting spam, service providers hosting spam-related
> > sites (and service
> > providers with botted customers) get no feedback that will
> > allow them to
> > clean up their issues. That really needs to change.
> >
> > I'd suggest:
> >
> > "No. Consider reporting spam via a well-established
> > spam reporting
> > channel. This might be a "this is spam" button offered
> > as part of
> > your provider's web email interface, or via a third party spam
> > reporting service such as Spamcop
> > (http://spamcop.net/), which is
> > free. If you want to report spam directly, you may find
> > it helpful
> > to see the abuse reporting addresses available from
> > http://abuse.net/"
> >
> > I'd like to suggest that users report spam to appropriate
> > government
> > agencies, see for example:
> > http://spamlinks.net/track-report-addresses.htm#country
> >
> > I would also note that encouraging user reporting is
> > consistent with
> > the explanation that's provided later in the FAQ under
> > "What can I do to stop spam emails?" which goes into some detail
> > when it comes to how to actually do manual spam reporting.
> >
> > -- "What can the RIPE NCC do about the spam email I have received?"
> >
> > FAQ currently says:
> >
> > "Unfortunately, the RIPE NCC can do nothing about spam email or
> > 'phishing' email. The RIPE NCC does not send, or
> > facilitate the sending
> > of, spam email. Nor is it responsible for any spam you
> > receive. It is
> > also unable to investigate any complaints about spamming."
> >
> > Again, that's not the answer to this FAQ item that I'd
> > like to see.
> >
> > I would like to see RIPE NCC acknowledge that it *does* have a role
> > in combatting network abuse, particularly when it comes to
> > ensuring
> > that the resources it manages are not abused. For example,
> > if RIPE NCC
> > learns that a network resource has been acquired under fraudulent
> > pretenses for the purpose of engaging in network abuse, or
> > a network
> > resource has bogus point of contact information, those
> > behaviors are
> > not acceptable and will result in a review by RIPE NCC
> > and, if that
> > abuse is confirmed, those resources will be reclaimed.
> >
> > Obviously that would also imply a change to
> >
> > "Why are there no contact details or incorrect contact details for
> > reporting spam email listed in the RIPE Database for the
> > IP address
> > I searched on?"
> >
> > which states
> >
> > "The records in the Regional Internet Registries'(RIR)
> > databases are
> > entered and maintained by the organisations that receive
> > IP addresses
> > from each RIR. The RIRs do not check the accuracy of any
> > of the records
> > in the database or make any changes to the data maintained
> > by these
> > organisations. The RIPE NCC has no power to update any of
> > these records."
> >
> > If nothing else, that FAQ answer should *at least* be
> > updated to correct
> > factual inaccuracies because at least *some* other RIRs
> > *DO* check and/or
> > correct inaccuracies in their databases, e.g., see, in the
> > case of ARIN,
> > APNIC and LACNIC, see:
> >
> > -- https://www.arin.net/policy/nrpm.html#three6
> >
> > "3.6 Annual Whois POC Validation
> >
> > "3.6.1 Method of Annual Verification
> >
> > "During ARINs annual Whois POC validation, an email
> > will be sent to
> > every POC in the Whois database. Each POC will have a
> > maximum of 60
> > days to respond with an affirmative that their Whois contact
> > information is correct and complete. Unresponsive POC
> > email addresses
> > shall be marked as such in the database. If ARIN staff
> > deems a POC to
> > be completely and permanently abandoned or otherwise
> > illegitimate,
> > the POC record shall be marked invalid. ARIN will
> > maintain, and make
> > readily available to the community, a current list of
> > number resources
> > with no valid POC; this data will be subject to the
> > current bulk Whois
> > policy."
> >
> > --
> > http://www.apnic.net/apnic-info/whois_search/abuse-and-spammin
> > g/invalid-contact-form
> >
> > "Use this form to report invalid contact details found
> > in the APNIC
> > Whois Database. APNIC will take appropriate steps to
> > try to have the
> > database objects updated."
> >
> > See also
> > http://www.apnic.net/policy/policy-environment#processing
> > at 7.1 ("Validity of IP address delegations")
> >
> > -- http://lacnic.net/en/politicas/manual7-1.html
> > ("Resource Recovery")
> >
> > See also http://lacnic.net/en/politicas/manual7-1.html
> >
> > "The organizations receiving IPs addresses from LACNIC have the
> > commitment to keep their registration information updated.
> >
> > "But, in the case it is noticed that some information
> > is invalid we
> > ask you to communicated the fact to
> > hostmaster@lacnic.net informing
> > the IP address with invalid registration information."
> >
> > So, RIPE may not have processes for keeping their part of
> > the global
> > databases accurate, but other RIRs do...
> >
> > There are also many redundancies in the FAQ, e.g., see the
> > "Can I stop spam?"
> > item vis-a-vis "Should I just ignore spam?"
> >
> > Or "I want to know more about spam" vs. "Where can I find
> > more information about spam"
> >
> > Or "How do I found out who's behind a suspect message?" vs.
> > the tutorial on reading headers that's in "What can I do to
> > stop spam emails?"
> >
> > And there are other duplications of that sort in the FAQ... I
> > think it probably grew over time, but as stuff got slotted
> > into the document, no deconfliction and reconciliation ever
> > took place. I think that work to do that would strengthen the
> > document and make it considerably stronger.
> >
> > Regards,
> >
> > Joe
> >
> >
> >
> >
> >
> > =======
> > Email scanned by PC Tools - No viruses or spyware found.
> > (Email Guard: 9.0.0.888, Virus/Spyware Database: 6.18870)
> > http://www.pctools.com/ =======
> >
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Mon, 12 Dec 2011 14:00:38 -0800
> From: Chetan Diwanji <cdchet@gmail.com>
> Subject: [anti-abuse-wg] How to nail the abuser on ripe.net
> To: anti-abuse-wg@ripe.net
> Message-ID:
> <CAO6Cc1KAnV-6Z5Yu4P6wzU_kL=aUbDdVzY4H+_PW4cvgK6MZ8A@mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> Need help to stop this abuse going on for 6 months now.
>
> Some abuser keep posting on the internet causing defamation. Abuser is
> using very bad language. So far this particular abuser has been using .jp,
> .tk, ez-dns, dydns ... all kinds of domains.
>
> I have already reported to local police, FBI and Internet Crime divisions.
>
> Here is the URL:
>
> jailbait.funpic.de ? View topic - air jordan 19 your verts every
> *...*<http://jailbait.ja.funpic.de/viewtopic.php?f=2&t=4540&start=300>
> jailbait.ja.funpic.de/viewtopic.php?f=2&t=4540&start=300
> Nov 30, 2011 ? *...* choodi.com kwento ni osiris at isis kakimar gud chota
> bhai badi behan desifuckingstories family seks *devan diwanji* site:.
> ez-dns.com *...*
> **
> * Odeslat odpov?? na bangla choda
> choti<http://ontosearch.ics.muni.cz/feed/newreply.php?tid=13411>
> ontosearch.ics.muni.cz/feed/newreply.php?tid=13411
> maa ne betae ko jabrjusti sex hindi story telugusexyauntieselugusexyaunties
> urduxxxsexstory devan diwanji flacas peludaslacas peludas kelsey chow nude
> ...
>
> Why vyrozhdena adequate mentality? |
> uberset<http://giseputde.blog.cz/1110/why-vyrozhdena-adequate-mentality>
> giseputde.blog.cz/1110/why-vyrozhdena-adequate-mentality
> ... en honduras Http: www.telugudesisexstories.com Negima porn Forced
> corset Devan diwanji Mirtazapine and citalopram together Beastialety dvd
> Land ki pyasi ...
>
>
> *
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: https://www.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20111212/6bd277f9/attachment.html
>
> End of anti-abuse-wg Digest, Vol 4, Issue 14
> ********************************************