Re: Is Turkey Really an Abuse Black-Hole?

[Rich Kulawiec <rsk () gsp org>]

As far as I can tell, yes.

I spent *years* trying to find someone, anyone, in Turkey who would
accept and act on abuse reports -- principally spam, but also including
phishing, ssh brute-forcing, abuser web site hosting, abuser DNS hosting,
and so on.

What I found instead was a complete lack of responsiveness as well as
personnel who turned over supplied information *to the abusers*.
(How do I know this?  Because occasionally I munge spam reports to
show a targeted address that never existed until I created it.  I can
then trace all subsequent spam to that address back to that report,
and to whoever I filed it with.  Similar techniques can be used to
discern other vectors by which information in abuse reports makes
its way back to the very people it's about.)

My solution to this has been to (a) blacklist the entire .tr TLD
in every mail system I touch and (b) grab the address ranges from
ipdeny.com and drop them into the firewall(s).  Problem solved.

I don't know whether it's incompetence, or laziness, or corruption.
I don't care.  I don't have time to find out, and besides, the resulting
impact on *my* operation is the same in all cases.

---Rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.