Reporting Network Abuse FAQs
Contents
1. What is spam?
Spam is junk e-mail, usually offering bogus products and invitations to
pornography sites. Sometimes, spam e-mail is used to spread viruses. You may
also receive ‘phishing’ e-mails. These are e-mails that look like they have been
sent by a legitimate organisation and attempt to fraudulently acquire sensitive information,
such as passwords and credit card details.
2. Should I just ignore spam?
Yes. We recommend that you simply ignore and delete any spam e-mails you get.
Spam is a universal problem and there is not much that can be done to stop it.
However, if you do want to try to find out where the spam is originating from you can
follow the steps in FAQ 5.
3. What can the RIPE NCC do about the spam e-mail I have received?
Unfortunately, the RIPE NCC can do nothing about spam e-mail or ‘phishing’
e-mail. The RIPE NCC does not send, or facilitate the sending of, spam e-mail.
Nor is it responsible for any spam you receive. It is also unable to investigate
any complaints about spamming.
4. Why does the commercial anti-spam software I use state that the RIPE NCC is responsible for the IP address the spam comes from?
The RIPE NCC is listed as the organisation that assigned and registered the IP address
that the spam e-mail is coming from. It does not mean that the RIPE NCC is responsible
for the spam or that the RIPE NCC network is being used to facilitate the sending of spam.
The RIPE NCC never sends unsolicited/spam/phishing e-mails.
5. What can I do to stop spam e-mails?
In general, there is not much that can be done about spam, except for
ensuring that your spam filters are up to date. However, you can find out
the IP address from which the e-mail was sent and use the RIPE Database to
look up the contact details of the Internet Service Provider (ISP) or other
organisation that the IP address was assigned to. You can then inform this
organisation that you believe their network is being used to facilitate spam.
a. First, you will need to find the true IP address in the e-mail header.
This is the actual IP address from which the mail was sent. You can find this
in the “received” line as shown in the example below:
b. Now you can look up this IP address up in the RIPE Database.
This database contains registration details of every IP address
allocated by the RIPE NCC. Usually included in these registration details are
contact details for reporting spam.
Enter the IP address in the search box at:
http://www.ripe.net/fcgi-bin/whois
If the IP address you have entered was allocated by the RIPE NCC, you will see the following output:
or
% Information related to '10.25.100.0 - 10.25.100.255'
inetnum: 10.25.100.0 - 10.25.100.255
netname: EXAMPLE-PROVIDER2
descr: Example-Provider BV
descr: ADSL IP numbers
country: NL
admin-c: EP65536-RIPE
tech-c: EP65536-RIPE
status: ASSIGNED PA
abuse-mailbox: abuse@example.org
mnt-by: EP65555-MNT
changed: operations.employee@example.org 20060422
source: RIPE
If there is an e-mail address for reporting spam (also referred to as ‘abuse’)
you will usually find it listed in the ‘remarks’ field or in the ‘abuse-mailbox’
field. However, the ‘abuse-mailbox’ field is an optional field and so many organisations
may choose not to use it in their records. It is also not compulsory to enter contact
details in the ‘remarks’ field. See FAQ 6 for more information.
Please note that the contact details listed in the ‘remarks’ field are
usually for ISP/network administrators. It is highly unlikely that these
contacts are responsible for the spam e-mail and the purpose of your e-mail should be
to inform the organisation that its networks are being used to facilitate abuse.
If the IP address was allocated by one of the other four Regional Internet
Registries (RIRs), you will need to look up the IP address and find the contact
details in one of the other corresponding databases at:
whois.lacnic.net
whois.arin.net
whois.apnic.net
whois.afrinic.net
6. Why are there no contact details or incorrect contact details for reporting spam e-mail listed in the RIPE Database for the IP address I searched on?
The records in the Regional Internet Registries' (RIR)
databases are entered and maintained by the organisations that receive
IP addresses from each RIR. The RIRs do not check the accuracy of any of the
records in the database or make any changes to the data maintained by these organisations.
The RIPE NCC has no power to update any of these records.
7. Should I reply to a spam e-mail?
We recommend that you never write back to the spammer.
Often, spammers will try to guess e-mail addresses.
If they get a reply from you it simply confirms that they have
found a valid e-mail address.
8. Where can I find more information about spam?
Visit the homepage of the RIPE Anti-Spam Working Group at:
http://www.ripe.net/ripe/wg/anti-spam/index.html
|
you are here: home -> Info, Stats and FAQs -> FAQs
