Re: [anti-abuse-wg] AS24961 myLoc managed IT AG, uadns.com, ledl.net, and non-disclosing registries

Thu, 20 Feb 2020 00:11:43 -0800 



Hi Hans-Martin, All,
<CSIRT hat on>


On Wed, 19 Feb 2020, Hans-Martin Mosner wrote:


AS24961 (RIPE NCC member myLoc managed IT AG) continues to host one persistent 
spam sender years after years. I have
complained to them a number of times, with no noticeable effect.

The sender is recognizable by characteristics of their domain names and local 
parts, and most importantly by their DNS
service, which is always uadns.com. Would be easy to deny them service if myLoc 
wanted to.

Domain registrations are most often done via Ledl.net GmbH (RIPE NCC member).


OK, so you started to expose some of the spammer's characteristics.



Registries DENIC eG (RIPE NCC member), EURid vzw (RIPE NCC member), nic.at GmbH 
(RIPE NCC member) willingly accept
registrations that have most likely fake data (which I can't check because 
these data are conveniently not disclosed,
although they very likely describe a commercial entity and not existing private 
persons and are therefore not subject to
GDPR protections.)


"most likely" will not get you anywhere.


I think you are completely right about the GDPR issue. While that wasn't 
the goal of GDPR some orgs actually use it as an excuse for company 
obscurity -- which seem to be acceptable for some or most of their service 
providers.




Excuse me while I vomit a little.


You are not alone.



I know that this working group is not responsible for handling individual cases 
of abuse,



Exactly, but should be responsible for finding ways to reduce abuse 
and/or its impact -- which is what is more or less written in the WG 
charter.




so my intention is not to get a solution (which I already did via 
nullrouting that AS)



You may have solved your problem. But that same spammer has a whole lot of 
targets to go on with the same "business model"...





but to understand how persistent abuse-enabling entities can act 
unhindered without any clear escalation path.


They simply do.
IMHO because they:
1) find service providers who look the other way.

2) build and operate their own networking/security/anti-ddos 
infrastructure.





Effectively extracting the last rotten tooth "ICANN Whois Inaccuracy

Complaint" by hiding all registration data so that an inaccuracy check 
is made impossible didn't help much...


Cheers,
Hans-Martin



Cheers,
Carlos























					Reply via email to