<html><body><span style="font-family:Verdana; color:#000; font-size:12pt;"><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;">Yes, the verification mechanism they chose to implement was a flop, with no input required from address owners.</div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"><br></div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"><br></div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;">In reality, it should be "verify your email address by clicking this link once a week or your resources are decommissioned within 24 hours" but alas, that would make too much sense.</div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"><br></div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"><br></div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"><a href="http://abuse.net">abuse.net</a> lists these contacts for mesh digital:</div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"><br></div><div style=""><font face="verdana, geneva" style=""><span style=""><a href="mailto:abuse@meshdigital.com">abuse@meshdigital.com</a> (for <a href="http://meshdigital.com">meshdigital.com</a>)</span></font></div><div style=""><font face="verdana, geneva" style=""><span style=""><a href="mailto:noc@meshdigital.com">noc@meshdigital.com</a> (for <a href="http://meshdigital.com">meshdigital.com</a>)</span></font></div><div style=""><font face="verdana, geneva" style=""><span style=""><a href="mailto:ripe@netsumo.com">ripe@netsumo.com</a> (for <a href="http://meshdigital.com">meshdigital.com</a>)</span></font></div><div style=""><font face="verdana, geneva" style=""><span style=""><br></span></font></div><div style=""><font face="verdana, geneva" style=""><span style=""><br></span></font></div><div style="color: rgb(0, 0, 0); font-family: verdana, geneva; font-size: 12pt;"><br></div> <blockquote id="replyBlockquote" webmail="1" style="color: black; font-family: verdana; font-size: 10pt; border-left: 2px solid blue; margin-left: 8px; padding-left: 8px;"> <div id="wmQuoteWrapper"> -------- Original Message --------<br> Subject: [anti-abuse-wg] Verification of abuse contact addresses ?<br> From: "Ronald F. Guilmette" <<a href="mailto:rfg@tristatelogic.com">rfg@tristatelogic.com</a>><br> Date: Tue, March 05, 2019 8:55 am<br> To: <a href="mailto:anti-abuse-wg@ripe.net">anti-abuse-wg@ripe.net</a><br> <br> <br> Sorry folks, when this topic was discussed, I confess that I wasn't<br> really paying much attention. So now I am forced to ask: Was someone<br> going to verify the abuse contact addresses listed in the RIPE WHOIS<br> data base?<br> <br> If so, how is that project coming along?<br> <br> I'll tell you why I ask. It's quite simple really. Some jerk, probably<br> Mexican, just sent me a spam wherein he was advertising for sale his<br> list of 18 million "business" email addreses. (I can't quite tell if<br> those are all supposed to be specifically Mexican email addrses or what...<br> because the spam was written in Spanish, and I don't speak Spanish.)<br> <br> <a href="https://pastebin.com/raw/dT11krpN">https://pastebin.com/raw/dT11krpN</a><br> <br> Note that the specific email address of mine that was spammed was one that<br> I only used in ancient times, and only in conjunction with my activities<br> on one specific web site. (It obviously leaked somehow.)<br> <br> The envelope sender address was forged to be my own.<br> <br> The source IP was 109.68.33.19 as you can see. So naturally, I performed<br> a RIPE WHOIS query on that IP address and the results I got back indicated<br> that the contact email address for spam reports was <<a href="mailto:abuse@meshdigital.com">abuse@meshdigital.com</a>>.<br> So I emailed off a report to that address.<br> <br> Of course, it bounced back to me immediately as undeliverable.<br> <br> This causes me to suspect that either (a) that stuff that I thought that<br> I has seen previously about a project to verify abuse addresses was all<br> just a bunch of malarkey, or else (b) that project is still unfinished<br> and perhaps not going all that well.<br> <br> Could someone please enlighten me and tell me which possibility actually<br> applies?<br> <br> <br> Regards,<br> rfg<br> <br> <br> P.s. It is annoying enough to have to lookup who the bleep should<br> receive a report about spamming from their network _and_ to have to<br> even write such reports, when 9 time sout of ten, the sending network<br> could have easly prevented the spam from even going out. It is just<br> adding insult to injury when the bloody "official" abuse reporting<br> address doesn't even actually exist.<br> <br> And of course, neither <a href="http://meshdigital.com">meshdigital.com</a> nor <a href="http://meshdigital.net">meshdigital.net</a> even have<br> functioning web sites.<br> <br> Apparently this is all the work of some dolts at a company called <a href="http://heg.com">heg.com</a>,<br> in Germany. Do any of you happen to know any of the clueless nitwits<br> who work there? If so, maybe you could put me in direct touch so that<br> I could personally apply a much needed clue-by-four.<br> <br> </div> </blockquote></span></body></html>