Security Basics mailing list archives
Re: spam/virus reporting to abuse () whereever com
From: Tremaine Lea <tlea () ddiction com>
Date: Thu, 19 Jul 2007 21:28:44 -0600
The usual process is to send an email to abuse@ originating domain, in this case the listed ARIN owner of the block the IP is in. Identify the source IP from the headers, look it up at ARIN (or RIPE, or APNIC...) Once you have identified the ISP it's originating from, send an email to their abuse address, such as abuse () shaw ca.
Include the full headers of the received message, and raw content.Do *not* include screenshots. Most ISP's of any size these days receive a large number of reports and automagically parse inbound emails for important details. Screenshots will frequently get tossed or handled a LOT later than something that can be parsed by a script/ ticket system.
Do report each instance separately where possible.Do not include extraneous language or opinion about either the sender or the origin IP. It won't get them to act any faster than they already will, and takes away from any professionalism you may hope to have.
For firewall reporting, choose something automated like MyNetWatchman or similar. Spam (*not* viruses) should be reported via spamcop.net or a similar service.
Cheers, --- Tremaine Lea Network Security Consultant Intrepid ACL "Paranoia for hire" On 17-Jul-07, at 11:49 PM, Murda Mcloud wrote:
What is the usual etiquette for informing an abuse email address at an ISP that spam/viruses appear to be coming from a certain IP in their block?I was just going to send the headers from the various emails. The 'spam' engine is spoofing various domains I'd guess that the box is owned.
Current thread:
- spam/virus reporting to abuse () whereever com Murda Mcloud (Jul 19)
- Re: spam/virus reporting to abuse () whereever com Jan Heisterkamp (Jul 19)
- Re: spam/virus reporting to abuse () whereever com Jeronimo Zucco (Jul 20)
- Re: spam/virus reporting to abuse () whereever com Micheal Espinola Jr (Jul 20)
- Re: spam/virus reporting to abuse () whereever com Tremaine Lea (Jul 20)
- Re: spam/virus reporting to abuse () whereever com Banyan He (Jul 23)
- Re: spam/virus reporting to abuse () whereever com Jeronimo Zucco (Jul 20)
- Re: spam/virus reporting to abuse () whereever com Jan Heisterkamp (Jul 19)
- Re: spam/virus reporting to abuse () whereever com Tremaine Lea (Jul 20)
- Re: spam/virus reporting to abuse () whereever com Isaac Perez (Jul 20)