dslreports logo
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
1793
share rss forum feed


rolfp

join:2011-03-27
Oakland, CA
kudos:1
Reviews:
·Comcast

ARIN has attempted to validate the data for this POC, no-go

This example is for spam originating from yahoo, afaict, but it seems to me there is little or no interest at large isps to facilitate reporting and removal of their spammer clients.

For example, I receive a spam mail and look at "Full Headers" in my mail program:


I do a whois lookup on what I think is the originating IP:

and I forward the spam, with full headers, to the listed abuse email addy:
network-abuse@cc.yahoo-inc.com

That bounces, with:


I have gone to the webpage referenced in the whois records:

# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=98.139.211.196?showDetails=true&showARIN=false&ext=netref2

on that page, gone to:

from there, to:

Abuse NETWO857-ARIN (NETWO857-ARIN)

where is the text of this topic:

Point of Contact
Note ARIN has attempted to validate the data for this POC, but has received no response from the POC since 2010-06-18

Once, I sent an email to ARIN, asking if there was some agency with the authority to enforce the rules/protocols but got no answer. I see smaller, one-man isps with abuse email boxes that are full and larger outfits who filter and bounce the spam reports as spam. There doesn't seem to be an effective system in place to enable reporting and stopping the spammer.

I do see this: Got Spam? Report it here. and have used that.

I wonder whether http://www.spamcop.net/ has a different POC for yahoo than what whois returns.....


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1
Yahoo will deal with abuse if you can actually reach a human being.

FWIW, this message came from India via Yahoo.

Source IP was 115.111.46.100.


--- 01/30/13 13:15:19 Eastern Standard Time
--- performing WHOIS on "115.111.46.100", please wait...
--- contacting server whois.geektools.com

GeekTools Whois Proxy v5.0.5 Ready.
Checking access for 67.101.26.28... ok.
Final results obtained from whois.apnic.net.
Results:
% [whois.apnic.net node-3]
% Whois data copyright terms »www.apnic.net/db/dbcopyright.htm ··· ght.html

inetnum: 115.108.0.0 - 115.111.255.255
netname: TATACOMM-IN
descr: Internet Service Provider
descr: TATA Communications formerly VSNL is Leading ISP,
descr: Data and Voice Carrier in India
admin-c: TC651-AP
tech-c: TC651-AP
country: IN
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-TATACOMM-IN
mnt-irt: IRT-TATACOMM-IN
mnt-routes: MAINT-TATACOMM-IN
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20080730
changed: hm-changed@apnic.net 20080826
changed: hm-changed@apnic.net 20080827
changed: hm-changed@apnic.net 20120221
source: APNIC

role: TATA Communications
nic-hdl: TC651-AP
address: 6th Floor, LVSB, VSNL
address: Kashinath Dhuru marg, Prabhadevi
address: Dadar(W), Mumbai 400028
phone: +91-22-56633503
fax-no: +91-22-24320132
country: IN
e-mail: ip.admin@vsnl.co.in
admin-c: IA15-AP
tech-c: VT43-AP
mnt-by: MAINT-TATACOMM-IN
changed: hm-changed@apnic.net 20080826
changed: hm-changed@apnic.net 20080827
source: APNIC



You can try abuse@vsnl.co.in or ip.admin@vsnl.co.in


rolfp

join:2011-03-27
Oakland, CA
kudos:1
Hey, thanks, I missed that IP.

I've forwarded the spam to both those email addys and no bounce, at least.


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse

1 recommendation

reply to DrStrange
said by DrStrange:

FWIW, this message came from India via Yahoo.

Source IP was 115.111.46.100.

Yes, I agree.

It looks as if the sender authenticated to Yahoo with the login authentication method. That's probably a hacked yahoo account being used. The login name might me "meetasharana".
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.3 Beta1; firefox 18.0