[Scrouting] Re: DTI-NET 218.225.224.0/19

Sam Trappe spamtrap at spamcop.net
Sun Jul 27 22:44:47 EDT 2008 

Em Mon, 28 Jul 2008 11:23:01 +0900, Patto <nobody at devnull.spamcop.net>
escreveu o seguinte:

>Mike Easter wrote:
>> Tim McGraw wrote:
>> 
>>> I just did a test where I stuck http://www.eroisensei.info/acc.html, a
>>> DTI-hosted site, into the middle of an unrelated spamitem, and the
>>> parser would notify nic-db at dti.ad.jp for that site, so I'm not sure what
>>> your beef is.
>> 
>> Patto wants to notify username abuse instead of the jp.nic listed contacts
>> for admin/tech.  Going for abuse is abuse.net's reg.
>> 
>> a. [Network Number]             210.159.128.0/18
>> b. [Network Name]               DTI-NET
>> g. [Organization]               DREAM TRAIN INTERNET
>> m. [Administrative Contact]     MH4804JP
>> n. [Technical Contact]          MK10931JP
>> 
>> MH4804JP = nic-db at dti.ad.jp
>> MK10931JP =  nic-db at dti.ad.jp
>> 
>> whois -h whois.abuse.net dti.ad.jp ...
>> abuse at dti.ad.jp (for dti.ad.jp)
>> 
>> It would seem to me to be dti's call, if they have gone to the trouble to
>> communicate with SC.  Maybe they want 'generic' notifies to go to abuse
>> (ergo reg with abuse.net) and SC's to go to nic-db.  Or something.
>> 
>> DTI has a record at spamhaus of 2 /32s for hosting the ROKSO AWG aka
>> youngjoo aka qline and that record has been there since 2006.
>> 
>> http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK6026  Japanese
>> spammers of "deai-kei" or "dating" spam.  But "deai" is a euphamism for
>> prostitution in Japan. Their services also include pornography
>> distribution. The spam is aimed at the Japanese market, with character
>> sets in Japanese, so the spam often appears illegible, or simply filled
>> with "?????", to western computer displays.
>> 
>> Spamhaus has a lot more about the rokso's relationship with its providers.
>> 
>> For me, I don't buy Patto's philosophy about notifying providers which
>> don't want to be notified or are known to be unresponsive.  My philosophy
>> is "Don't notify a provider unless there is some evidence that the notify
>> would be of benefit."  Useless notifies are of absolutely no benefit to
>> anyone.
>> 
>> I think Patto's philosophy is, "You can beat a provider into submission if
>> you notify them enough."  Further, "There is no such thing as a useless
>> notify."
>
>All I want is that the notify is going to the *correct* address, not the 
>wrong one; nic-db is obviously the guy that maintains DTI-NET's own 
>domain registration.
>
>Why is it absolutely not possible to send it to the abuse address?

SC's dismal record of updates [1] to routing errors seems to have
multiple sources:

1. It has been often written that there is a lack of staff (paid or
volunteer) to research and process changes.

2. As a change (by my observation) from the original SC philosophy,
accurate spam reporting is less important than accurately feeding IPs
to thre SCBL.

a. Some research (e.g., Al Iverson's), shows the SCBL to be pretty
good these days.

b. While this optimization away from reporting towards routing may
make perfect sense economically from Ironport, it is contrary to what
paying SC customers, such as myself, were promised when we signed up
(for me, quite some time ago).

3. The .routing newsgroup is cluttered by responses from some (well,
one, really), who has no ability to make changes, but muddies the
water sufficiently (such as in his not helpful reply to your question)
that the overworked .routing staff/volunteers overlook your question.

FOR THE RECORD, I'd be glad to offer some time to be part of the
.routing volunteer group (perhaps it is a group of one). Besides being
Chief Architect for a Division of a very large multinational IT
company (3rd largest, in revenue), with 30 years of IT experience, I
provide volunteer support for two other anti-spam organizations and am
a member of a couple of related technical committees. I'd be happy to
discuss my bona fides outside the group, if anyone from SC would care
to respond. My personal email address is on record; reply-to works
just fine, too.

[1] I've given up posting to .routing due to lack of even a reply from
anyone with the ability to make a change (staff or volunteer). 

P.S. No offense, but, as I have explained to him, I have ME killfilled
here and on USENET to improve the S/N. So, replies from him will not
be noticed, so hopefully won't occur.

--
Replies by posting preferred. All spam reported

More information about the SCrouting mailing list