Hi Hans-Martin, All,
<CSIRT hat on>


On Wed, 19 Feb 2020, Hans-Martin Mosner wrote:

AS24961 (RIPE NCC member myLoc managed IT AG) continues to host one persistent 
spam sender years after years. I have
complained to them a number of times, with no noticeable effect.

The sender is recognizable by characteristics of their domain names and local 
parts, and most importantly by their DNS
service, which is always uadns.com. Would be easy to deny them service if myLoc 
wanted to.

Domain registrations are most often done via Ledl.net GmbH (RIPE NCC member).

OK, so you started to expose some of the spammer's characteristics.


Registries DENIC eG (RIPE NCC member), EURid vzw (RIPE NCC member), nic.at GmbH 
(RIPE NCC member) willingly accept
registrations that have most likely fake data (which I can't check because 
these data are conveniently not disclosed,
although they very likely describe a commercial entity and not existing private 
persons and are therefore not subject to
GDPR protections.)

"most likely" will not get you anywhere.

I think you are completely right about the GDPR issue. While that wasn't the goal of GDPR some orgs actually use it as an excuse for company obscurity -- which seem to be acceptable for some or most of their service providers.


Excuse me while I vomit a little.

You are not alone.


I know that this working group is not responsible for handling individual cases 
of abuse,

Exactly, but should be responsible for finding ways to reduce abuse and/or its impact -- which is what is more or less written in the WG charter.


so my intention is not to get a solution (which I already did via nullrouting that AS)

You may have solved your problem. But that same spammer has a whole lot of targets to go on with the same "business model"...



but to understand how persistent abuse-enabling entities can act unhindered without any clear escalation path.

They simply do.
IMHO because they:
1) find service providers who look the other way.
2) build and operate their own networking/security/anti-ddos infrastructure.



Effectively extracting the last rotten tooth "ICANN Whois Inaccuracy
Complaint" by hiding all registration data so that an inaccuracy check is made impossible didn't help much...

Cheers,
Hans-Martin


Cheers,
Carlos

Reply via email to