[anti-abuse-wg] GDPR - positive effects on email abuse
- Previous message (by thread): [anti-abuse-wg] GDPR - positive effects on email abuse
- Next message (by thread): [anti-abuse-wg] GDPR - positive effects on email abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
ox
andre at ox.co.za
Tue May 29 16:12:22 CEST 2018
Jordi, This is a technical statement, it is not a pov (point of view) - it is a simple and salient fact: No abuse on the Internet is possible without an IP number. In your example: the mail server = the IP number. so the abuse originates from the mail server IP number. the DNS = IP number DNS is that service that translates names into numbers, so that you are able to deliver your spam. a domain by itself can do nothing. hth Andre On Tue, 29 May 2018 16:03:41 +0200 JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> wrote: > Well, we disagree in the definition of abuse maybe? > > You can find many definitions of this: > > "Spamming is the abuse of electronic messaging systems to send > unsolicited bulk messages, which are generally undesired" > > So, spam is abuse, and I don't need to know IPs to send spam. The > mail server will use DNS to find them. > > Regards, > Jordi > > > > -----Mensaje original----- > De: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> en nombre de ox > <andre at ox.co.za> Organización: ox.co.za > Fecha: martes, 29 de mayo de 2018, 15:57 > Para: JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> > Asunto: Re: [anti-abuse-wg] GDPR - positive effects on email abuse > > > I am so happy that you are asking this question :) > > This is what causes much confusion with people, including > experienced netadmins, sysadmins and many very technically advanced > people. > You can use any email address as an example: > anti-abuse-wg at ripe.net > Please think about it for a second: > > How would you go about sending spam to this email address without > using an IP number? > > It is not possible for Internet abuse to exist - without an IP > number. > So, for this wg : EVERYTHING that is abuse is powered by IP > numbers. > Andre > > On Tue, 29 May 2018 15:51:38 +0200 > JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg at ripe.net> > wrote: > > How come you can't send spam without the IP? > > > > I can look for new registered domains, use whois for catching > > the emails that appear there, and then spam them. > > > > This is something that I experience everytime I register a new > > domain, tons of spams to the whois recently created email > > contacts. > > > > Regards, > > Jordi > > > > > > > > -----Mensaje original----- > > De: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> en nombre de > > ox <andre at ox.co.za> Organización: ox.co.za > > Fecha: martes, 29 de mayo de 2018, 15:39 > > Para: <anti-abuse-wg at ripe.net> > > Asunto: Re: [anti-abuse-wg] GDPR - positive effects on email > > abuse > > > > > > Please correct me if you think I am wrong: > > > > 1. > > You cannot send spam without an IP number. > > > > 2. > > You cannot do any abuse without an IP number. > > > > > > I can do a whois on any.com or some.eu and have a tech or > > abuse email address and WORKING registrar contact information. > > > > I cannot do a whois on ALL ripe assigned ipv4 resources and > > get accurate and/or working resource contact information. > > > > > > So, where the problem is - is easy to see, no? > > > > Andre > > > > > > On Tue, 29 May 2018 15:12:27 +0200 > > JORDI PALET MARTINEZ via anti-abuse-wg > > <anti-abuse-wg at ripe.net> wrote: > > > I consider an abuse the fact of collecting emails and > > > sending spam. Also, if you have a domain, you can see > > > what IPs are related to it for other kinds of abuses. > > > > > > Regards, > > > Jordi > > > > > > > > > > > > -----Mensaje original----- > > > De: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> en > > > nombre de ox <andre at ox.co.za> Organización: ox.co.za > > > Fecha: martes, 29 de mayo de 2018, 14:32 > > > Para: <anti-abuse-wg at ripe.net> > > > Asunto: Re: [anti-abuse-wg] GDPR - positive effects on > > > email abuse > > > > > > > > > Abuse has nothing to do with a domain name. > > > > > > Nobody can abuse anyone armed only with a domain name. > > > > > > Without using an actual IP number, a domain name can > > > do nothing. > > > Protecting the privacy of a domain registrant is > > > absolutely correct. > > > The trouble is that network operators are resistant to > > > accept the responsibility (costs, issues, trouble) of > > > managing abuse > > > Even if you do a whois right now, you will find a > > > functional registrar abuse email address. > > > > > > The same cannot yet be said for the resources > > > assigned by this RR > > > Andre > > > > > > > > > On Tue, 29 May 2018 14:00:44 +0200 > > > JORDI PALET MARTINEZ via anti-abuse-wg > > > <anti-abuse-wg at ripe.net> wrote: > > > > Whois, as everything in the life, has good and bad > > > > things. Against: Privacy invaded. In fact, when you > > > > register a new domain and you associate a visible > > > > email to it, in a matter of hours, you get spam. > > > > Pro: If it is a real email with humans behind, it > > > > facilitates the resolution of abuse cases. > > > > The balance is always difficult ... > > > > Regards, > > > > Jordi > > > > > > > > > > > De: anti-abuse-wg <anti-abuse-wg-bounces at ripe.net> > > > > en nombre de Volker Greimann > > > > <vgreimann at key-systems.net> Fecha: martes, 29 de > > > > mayo de 2018, 13:49 Para: Suresh Ramasubramanian > > > > <ops.lists at gmail.com>, "anti-abuse-wg at ripe.net" > > > > <anti-abuse-wg at ripe.net> Asunto: Re: > > > > [anti-abuse-wg] GDPR - positive effects on email > > > > abuse > > > > > > > > > > > > > > > > Even in those cases, whois is but one tool that > > > > helps identify bad actors by means of violating > > > > privacy rights of millions. There are other tools, > > > > like DNS traces, reviews of hosting infrastructures > > > > used, etc. all of which will continue to be > > > > available for the uses you refer to. > > > > > > > > And maybe it is time to ensure law enforcement is > > > > better equipped to deal with such issues earlier > > > > and faster. Up to now, governments have been > > > > afforded the luxury of being able to underfund such > > > > efforts as others were doing their jobs for them. > > > > Maybe this will lead to better law enforcement and > > > > international cooperation. > > > > > > > > Best, > > > > > > > > Volker > > > > > > > > > > > > > > > > Am 29.05.2018 um 13:34 schrieb Suresh > > > > Ramasubramanian: > > > > > > > > This unfortunately is entirely wrong and short > > > > sighted > > > > > > > > > > > > > > > > All security practitioners protect our respective > > > > services and networks against a wide variety of > > > > threats including malware and phish campaigns. > > > > > > > > > > > > > > > > Very few of those go on to be referred to law > > > > enforcement and that only after an extensive > > > > dossier is built internally to show that the perps > > > > in question justify a - frequently cross border - > > > > law enforcement action. > > > > > > > > > > > > > > > > Security and protecting user privacy go hand in > > > > hand and I wish more people realised that, and > > > > maybe also realised the resource and administrative > > > > lconstraints and limits law enforcement is saddled > > > > with > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: anti-abuse-wg > > > > <anti-abuse-wg-bounces at ripe.net> on behalf of > > > > Volker Greimann <vgreimann at key-systems.net> Sent: > > > > Tuesday, May 29, 2018 4:06:18 PM To: > > > > anti-abuse-wg at ripe.net Subject: Re: [anti-abuse-wg] > > > > GDPR > > > > - positive effects on email abuse > > > > > > > > > > > > > > > > Wow, the level of narrowmindedness and > > > > fearmongering is high with this one. > > > > > > > > Crime online will likely not increase due to GDPR. > > > > It may be more difficult to detect and take action > > > > against due to the loss of one tool amongst many, > > > > but ultimately that tool was illegal to begin with > > > > as it violated the rights to privacy of millions of > > > > domain owners. > > > > > > > > "Private researchers" and other vigilantes or > > > > rent-a-cops will indeed have a more difficult time > > > > to obtain such data as they will finally have to do > > > > so by legal means, but then they are in an > > > > untenable position anyway, taking upon themselves > > > > functions that should be fulfilled by actual law > > > > enforcement. > > > > > > > > Ultimately, private data if internet users no > > > > longer being public will lead to better > > > > registration data for those with a right to access > > > > it. Those with no such rights will have to figure > > > > out alternate routes to do their jobs that does not > > > > violate the rights of millions. > > > > > > > > Best, > > > > > > > > Volker > > > > > > > > > > > > > > > > Am 28.05.2018 um 21:13 schrieb Ronald F. > > > > Guilmette: > > > > > ox <andre at ox.co.za> wrote: > > > > > > > > > >> Firstly I would like to comment that the > > > > >> multinationals and their funded trade groups (and > > > > >> their lobby orgs) shouted from the rooftops that > > > > >> if the GDPR came into effect, Internet in the EU > > > > >> would collapse and there would be digital doom > > > > >> and gloom. > > > > > I am not a multinational. I am an individual > > > > > volunteer anti-abuse researcher. And yet even -I- > > > > > have told everyone I know that the disappearance > > > > > of public WHOIS is and will be an epic > > > > > catastrophy. If there was cybercrime on the > > > > > Internet before, it will be increased, going > > > > > forward, by tenfold. > > > > >> How wrong they were (hindsight is perfect - as > > > > >> we can all clearly see) > > > > > Be patient. The change has only just occurred. > > > > > > > > > >> The EU has truly become a world and global > > > > >> leader in the reclamation of individual rights > > > > >> and the free Internet. > > > > > Here on this side of the pond, one usually has to > > > > > turn on Fox News in order to be treated to this > > > > > level of rubbish. > > > > > > > > > > The only thing that has happened is that private > > > > > researchers the world over have been effectively > > > > > blinded due to the supreme arogance and idiocy of > > > > > europeans... europeans who, in their religious > > > > > fervor, have come to view it as their holy > > > > > obligation to foist their demented notions onto > > > > > the rest of the world, whether any of the rest of > > > > > us like it or not. > > > > > > > > > > Meanwhile the malevolent forces of state-sponsored > > > > > intrigue and violation of human rights are and > > > > > shall remain totally unfettered and unaffected by > > > > > GDPR, as they will be the first ones to obtain > > > > > special exemptions allowing them to continue to > > > > > see WHOIS data. The CIA, NSA, BDN, and FSB are > > > > > undoubtedly celebrating the arrival of GDPR, as > > > > > it further entrenches their special status at the > > > > > expense of the great unwashes masses. > > > > > > > > > > Friday was a sad day for both transparency and > > > > > democracy, but all across the globe both > > > > > criminals and statists undoubtedly celebrated it > > > > > with toasts of champaign. > > > > > > > > > > > > > > > Regards, > > > > > rfg > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ********************************************** > > > IPv4 is over > > > Are you ready for the new Internet ? > > > http://www.consulintel.es > > > The IPv6 Company > > > > > > This electronic message contains information which may be > > > privileged or confidential. The information is intended > > > to be for the exclusive use of the individual(s) named > > > above and further non-explicilty authorized disclosure, > > > copying, distribution or use of the contents of this > > > information, even if partially, including attached files, > > > is strictly prohibited and will be considered a criminal > > > offense. If you are not the intended recipient be aware > > > that any disclosure, copying, distribution or use of the > > > contents of this information, even if partially, > > > including attached files, is strictly prohibited, will be > > > considered a criminal offense, so you must reply to the > > > original sender to inform about this communication and > > > delete it. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ********************************************** > > IPv4 is over > > Are you ready for the new Internet ? > > http://www.consulintel.es > > The IPv6 Company > > > > This electronic message contains information which may be > > privileged or confidential. The information is intended to be > > for the exclusive use of the individual(s) named above and > > further non-explicilty authorized disclosure, copying, > > distribution or use of the contents of this information, even > > if partially, including attached files, is strictly prohibited > > and will be considered a criminal offense. If you are not the > > intended recipient be aware that any disclosure, copying, > > distribution or use of the contents of this information, even > > if partially, including attached files, is strictly prohibited, > > will be considered a criminal offense, so you must reply to the > > original sender to inform about this communication and delete > > it. > > > > > > > > > > > > > > > > > ********************************************** > IPv4 is over > Are you ready for the new Internet ? > http://www.consulintel.es > The IPv6 Company > > This electronic message contains information which may be privileged > or confidential. The information is intended to be for the exclusive > use of the individual(s) named above and further non-explicilty > authorized disclosure, copying, distribution or use of the contents > of this information, even if partially, including attached files, is > strictly prohibited and will be considered a criminal offense. If you > are not the intended recipient be aware that any disclosure, copying, > distribution or use of the contents of this information, even if > partially, including attached files, is strictly prohibited, will be > considered a criminal offense, so you must reply to the original > sender to inform about this communication and delete it. > > > > >
- Previous message (by thread): [anti-abuse-wg] GDPR - positive effects on email abuse
- Next message (by thread): [anti-abuse-wg] GDPR - positive effects on email abuse
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]