h a l f b a k e r yYour journey of inspiration and perplexement provides a certain dark frisson.
add, search, annotate, link, view, overview, recent, by name, random
news, help, about, links, report a problem
browse anonymously,
or get an account
and write.
register,
|
|
|
AbuseAt
A quicker way to track down "abuse@" | |
Anyone who has been tasked with maintaining the security and reducing the incoming spam content of a business network has undoubtably had the thrilling experience of trying to track down the "abuse@" email address that covers a given domain, or better yet track down what domain an IP address belongs
to and then track down the "abuse@" address for that domain. You go through the NSI or Arin "Whois" search, which almost always seems to refer you to APNIC or RIPE. When you finally DO find the domain, there is rarely an abuse address listed, and half the time the administrative email addresses are addresses in completely different domains!
Here's my idea: A new website (www.abuseat.com) will be created. The user will be presented with a box where one may enter:
- The full headers from a "spam email"
- An email address
- An IP Address
- A domain name
The backend server will take the entry, parse it, make the appropriate queries to the domain registries, and parse out the email address(es) most likely to get the desired response. The addresses will be weighted in a manner similar to:
- Address explicitly listed for abuse reporting
- Address that begins with "abuse@" (or variations of)
- Address listed as administrative
- Address listed as technical contact
- Address listed as billing contact
- Address that at least belongs to the domain in question
- Any other address listed in the domain record.
SpamCop
http://spamcop.net It even produces and sends spam complaints for you. [sirrobin, Nov 07 2001, last modified Oct 05 2004]
Network Abuse Clearinghouse
http://www.abuse.net/ For finding an address to complain to (if, e.g., it's some variety of abuse other than spam) [wiml, Nov 07 2001, last modified Oct 05 2004]
RFC2142
http://www.faqs.org/rfcs/rfc2142.html Mailbox names for common services, roles, and functions [wiml, Nov 07 2001, last modified Oct 05 2004]
Please log in.
If you're not logged in,
you can see what this page
looks like, but you will
not be able to add anything.
Annotation:
|
|
If you track down the root domain, cross reference any known email addresses in that domain and send the spam right back to them. |
|
|
Baked. It's called SpamCop and it has been around since 1998. (See link) |
|
|
I was recently spoofed and am still pissed, ergo, thanks for the link [sirrobin]. Anything to save time, or to put it another way, anything that gives my time back to me is worth something. |
|
|
Unfortunately, no, not every domain has an "abuse@" address. Roughly 25% of the mail I send to abuse@whatever.com bounces. I think that domains that are dodgy enough to harbor spammers and scriptkiddies are dodgy enough to not do everything by the book. |
|
|
And that still doesn't solve the other part of this -- having to go to 3 or 4 different websites to figure out what domain an IP address belongs to so that I can report on port scanning activity. |
|
|
[waugsqueke] Of course there would... Unlike some domain admins I actually try to be responsible for my domains! |
|
| |