This is one of the reasons that in a responsible world, where responsible RIR etc exist, the following would occur: + A ticket is generated via email or form submission when a complaint is made to an abuse desk, + this ticket requires a user to confirm the email address provided by clicking on a link in the email (if the user doesn't confirm the email address, the complaint is deleted) + if the complaint ticket is not actioned, or not actioned properly, the user can escalate it to the RIR, + if the RIR finds the complaint to be valid, then the resource holder pays to the RIR the costs incurred by the RIR to investigate the matter,
At the moment, the resource holder can: + ignore it due to funding issues, + ignore it due to lazyness, + ignore it due to criminal influence, + ignore it due to language barrier, + be forced to ignore it due to DDoS style email flooding, + be forced to ignore it due to the size of the resource holdings (because of the sheer volume of complaints made to them due to the size of their network), + be forced to ignore it due to a glitch which they are unaware of, etc etc etc --------- Original Message --------- Subject: Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother From: "Fi Shing" <phish...@storey.xxx> Date: 2/13/20 3:26 pm To: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> All OVH and DigitalOcean abuse reports must be submitted via the abuse reporting forms on the website, or they won't be actioned: https://www.ovh.com/world/abuse/ https://www.digitalocean.com/company/contact/abuse/ --------- Original Message --------- Subject: Re: [anti-abuse-wg] Reporting abuse to OVH -- don't bother From: "Alessandro Vesely" <ves...@tana.it> Date: 2/12/20 11:16 pm To: "anti-abuse-wg@ripe.net" <anti-abuse-wg@ripe.net> On Wed 12/Feb/2020 09:51:22 +0100 Ronald F. Guilmette wrote: > The RIPE WHOIS data base says that the abose contact for AS16276 is > ab...@ovh.net. > > It would appear thet the folks at OVH haven't yet quite figured how > this whole email thing works. > > Give them time. Another decade or two and they should have it down pat. +1, X-VR-SPAMCAUSE looks particularly appealing... Best Ale -------- Forwarded Message -------- Subject: failure notice Date: 12 Feb 2020 06:18:04 +0200 From: mailer-dae...@mx1.ovh.net To: ab...@tana.it Hi. This is the qmail-send program at mx1.ovh.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. <ovh.net-ab...@ovh.net>: user does not exist, but will deliver to /homez.12/vpopmail/domains/ovh.net/abuse/ can not open new email file errno=2 file=/homez.12/vpopmail/domains/ovh.net/abuse/Maildir/tmp/1581481084.9867.mail660.ha.ovh.net,S=4191 system error --- Below this line is a copy of the message. Return-Path: <ab...@tana.it> Received: from localhost (HELO queue) (127.0.0.1) by localhost with SMTP; 12 Feb 2020 06:18:04 +0200 Received: from unknown (HELO output25.mail.ovh.net) (10.108.117.188) by mail660.ha.ovh.net with AES256-GCM-SHA384 encrypted SMTP; 12 Feb 2020 06:18:04 +0200 Received: from vr26.mail.ovh.net (unknown [10.101.8.26]) by out25.mail.ovh.net (Postfix) with ESMTP id 48HRFm0K5Sz7P6Fd8 for <ab...@ovh.net>; Wed, 12 Feb 2020 04:18:04 +0000 (UTC) Received: from in14.mail.ovh.net (unknown [10.101.4.14]) by vr26.mail.ovh.net (Postfix) with ESMTP id 48HRFf6fgNzrQV85 for <ab...@ovh.net>; Wed, 12 Feb 2020 04:17:58 +0000 (UTC) Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=62.94.243.226; helo=wmail.tana.it; envelope-from=ab...@tana.it; receiver=ab...@ovh.net Authentication-Results: in14.mail.ovh.net; dkim=pass (1152-bit key; unprotected) header.d=tana.it header.i=@tana.it header.b="DSzDkiE5"; dkim-atps=neutral Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) by in14.mail.ovh.net (Postfix) with ESMTPS id 48HRFf5rYcz1qqm5 for <ab...@ovh.net>; Wed, 12 Feb 2020 04:17:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) (uid 1000) by wmail.tana.it with local id 00000000005DC0BE.000000005E437C70.00006938; Wed, 12 Feb 2020 05:17:51 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1581481072; bh=hqA0axQ0F0EZuKcuD4BJM7lec22phleodccLJFRo7js=; l=1187; h=From:To:Date; b=DSzDkiE5M2E2RHdufCjt/pvL8szxXfCQCiPcYrJMYxbHDSM6/qNrHDy0JZwW3HfQG jvGk5T7PlE7c6dBvfNjmQl2Z0yTpvjOVufBM6xGVi3WEzkPUb2Wpr0b6oW/Ptan3/d d81pOjTCPaAxOXfx0G1t5PpotLEo0P48qxyNPtkGYVZoMp7kdUev7jtac9Jcq Authentication-Results: tana.it; auth=pass (details omitted) X-mmdbcountrylookup: FR From: "tana.it" <ab...@tana.it> To: ab...@ovh.net Date: Wed, 12 Feb 2020 05:17:51 +0100 Subject: Mail server abuse by 188.165.221.36 on 11 February 2020 Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Auto-Response-Suppress: DR, OOF, AutoReply Message-ID: <courier.000000005e437c6f.00006...@wmail.tana.it> X-Ovh-Remote: 62.94.243.226 (wmail.tana.it) X-Ovh-Tracer-Id: 8968355709213900626 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 50 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedugedrieeggdeifecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemucehtddtnecuogfvvgigthfqnhhlhidqqdetfeejfedqtdegucdlhedtmdenucfjughrpefhvfffufggtgfgsehtjedttddttdejnecuhfhrohhmpedfthgrnhgrrdhithdfuceorggsuhhsvgesthgrnhgrrdhitheqnecuffhomhgrihhnpehtrghnrgdrihhtpdhrihhpvgdrnhgvthenucfkphepiedvrdelgedrvdegfedrvddvieenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehinhdugedrmhgrihhlrdhovhhhrdhnvghtpdhinhgvthepiedvrdelgedrvdegfedrvddviedpmhgrihhlfhhrohhmpegrsghushgvsehtrghnrgdrihhtpdhrtghpthhtoheprggsuhhsvgesohhvhhdrnhgvth X-Ovh-Spam-Status: OK X-Ovh-Spam-Reason: vr: OK; dkim: disabled; spf: disabled X-Ovh-Message-Type: OK Dear Abuse Team The following abusive behavior from IP address under your constituency 188.165.221.36 has been detected: 2020-02-11 11:39:25 CET, 188.165.221.36, old decay: 86400, prob: 34.72%, SMTP auth dictionary attack 188.165.221.36 was caught 102 times since Fri May 18 01:42:13 2018 original data from the mail log: 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[58534] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[62026] 2020-02-11 11:39:05 CET courieresmtpd: started,ip=[188.165.221.36],port=[63198] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[58743] 2020-02-11 11:39:25 CET courieresmtpd: started,ip=[188.165.221.36],port=[50520] 2020-02-11 11:39:25 CET courieresmtpd: error,relay=188.165.221.36,port=58743,msg="535 Authentication failed.",cmd: AUTH LOGIN 42D117A2.9F10013D
