Educause Security Discussion mailing list archives
Re: Compromised accounts at other institutes
From: Bob Bayn <bob.bayn () USU EDU>
Date: Sat, 26 Apr 2014 00:31:23 +0000
Thanks for the info, Joe. Joe St Sauver [joe () oregon uoregon edu] wrote:
Hi,
Bob Bayn <bob.bayn () usu edu> commented:
#I try to send direct notification to the "abuse" and "helpdesk" #address at any .edu, .k12, .org or health organization that is #spamming us with phish.
dot org is probably pretty generic these days. On the other hand, dot gov, dot mil, and dot int are probably worth adding to your "give it a shot" list, likewise the international equivalents of dot edu (such as dot ac dot uk)
Good points, and I do have a bigger give it a shot list than I mentioned. The dot org hosts include a lot of K12, municipal governments and such that don't like the length and structure of their "default" TLDs. And I generally do try to notify the dot ac dot uk/au/nz folks, too. I have tried using google translate to help me with Portuguese and Spanish sites. And, strangely we regularly get phish in Hungarian and I have a co-worker two spent two years proselytizing in that area and he helps me to both recognize the phish and to send notifications there. But when it comes to hosts that use other character sets I just wish them good luck and move on. #If they both bounce, I will generally #search the site to find another technical contact address or #contact form. (Do YOU have those default reporting addresses?)
abuse@ is normative, but helpdesk@ isn't. See https://www.ietf.org/rfc/rfc2142.txt at section 4
That may be true, but I get more bounces from abuse@ than helpdesk@, at least for certain categories of sites.
I'd also note that http://abuse.net/ can be tremendously helpful when it comes to tracking down usable abuse reporting addresses.
I'll remember that, thanks! #The phish links that we take action against are all reported on #a public google docs spreadsheet at: [link redacted here] I should have written "recorded" rather than "reported" - I don't expect that listing to constitute a report to anyone else, even though it is available when I share the link with peers (and with a few of the web form site abuse staff).
Huge fan of http://www.phishtank.com/ for reporting phish
I use that for reporting the occasional commercial phish (fake paypal sites and such) and even some .edu spear phish. But it is a little too tedious for the bulk of the phish messages I process.
Regards, and hope everyone has a nice weekend, Joe
Finals start Monday here and I hope it is our last spring snow storm out the window now. Time to get on the bike and head home. Bob
Current thread:
- Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Brad Judy (Apr 25)
- Re: Compromised accounts at other institutes Roger A Safian (Apr 25)
- Re: Compromised accounts at other institutes charlie derr (Apr 25)
- Re: Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Ken Connelly (Apr 25)
- Re: Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Bob Bayn (Apr 25)
- Re: Compromised accounts at other institutes Frank Barton (Apr 25)
- Re: Compromised accounts at other institutes Joel L. Rosenblatt (Apr 25)
- <Possible follow-ups>
- Re: Compromised accounts at other institutes Joe St Sauver (Apr 25)
- Re: Compromised accounts at other institutes Bob Bayn (Apr 25)