[Scrouting] Re: DTI-NET 218.225.224.0/19

Patto nobody at devnull.spamcop.net
Sun Jul 27 22:23:01 EDT 2008 

Mike Easter wrote:
> Tim McGraw wrote:
> 
>> I just did a test where I stuck http://www.eroisensei.info/acc.html, a
>> DTI-hosted site, into the middle of an unrelated spamitem, and the
>> parser would notify nic-db at dti.ad.jp for that site, so I'm not sure what
>> your beef is.
> 
> Patto wants to notify username abuse instead of the jp.nic listed contacts
> for admin/tech.  Going for abuse is abuse.net's reg.
> 
> a. [Network Number]             210.159.128.0/18
> b. [Network Name]               DTI-NET
> g. [Organization]               DREAM TRAIN INTERNET
> m. [Administrative Contact]     MH4804JP
> n. [Technical Contact]          MK10931JP
> 
> MH4804JP = nic-db at dti.ad.jp
> MK10931JP =  nic-db at dti.ad.jp
> 
> whois -h whois.abuse.net dti.ad.jp ...
> abuse at dti.ad.jp (for dti.ad.jp)
> 
> It would seem to me to be dti's call, if they have gone to the trouble to
> communicate with SC.  Maybe they want 'generic' notifies to go to abuse
> (ergo reg with abuse.net) and SC's to go to nic-db.  Or something.
> 
> DTI has a record at spamhaus of 2 /32s for hosting the ROKSO AWG aka
> youngjoo aka qline and that record has been there since 2006.
> 
> http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6026  Japanese
> spammers of "deai-kei" or "dating" spam.  But "deai" is a euphamism for
> prostitution in Japan. Their services also include pornography
> distribution. The spam is aimed at the Japanese market, with character
> sets in Japanese, so the spam often appears illegible, or simply filled
> with "?????", to western computer displays.
> 
> Spamhaus has a lot more about the rokso's relationship with its providers.
> 
> For me, I don't buy Patto's philosophy about notifying providers which
> don't want to be notified or are known to be unresponsive.  My philosophy
> is "Don't notify a provider unless there is some evidence that the notify
> would be of benefit."  Useless notifies are of absolutely no benefit to
> anyone.
> 
> I think Patto's philosophy is, "You can beat a provider into submission if
> you notify them enough."  Further, "There is no such thing as a useless
> notify."

All I want is that the notify is going to the *correct* address, not the 
wrong one; nic-db is obviously the guy that maintains DTI-NET's own 
domain registration.

Why is it absolutely not possible to send it to the abuse address?

More information about the SCrouting mailing list