2

I have the IP address of a scammer (I convinced them to hit my web server) whose mail made it through my filters and would like to do something meaningful about it. Can I? I thought about telling their ISP, but dig -x shows the netblock owner as a giant telecoms company. Have any of you had success in the past with bringing some form of justice to these bottom feeders?

nmichaels
  • 175
  • 7

2 Answers2

8

If the dig report has an abuse address, send a detailed account of what happened to it. Send the IP address, dates & times, what the scammer sent you, and any reasonable information. Leave your opinion out, stick to the facts. Don't expect a response, except the usual automated one.

Past that, not much. Black-hole that IP and hope they stay away. Many ISPs do take reports of abuse very seriously.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • 1
    I was hoping for some secret international law enforcement agency known only to sysadmins, but this will have to do. – nmichaels Dec 16 '10 at 20:51
  • 1
    Closest thing to that is [Spamhaus](http://spamhaus.org). My first round of filtering is just checking their zen and drop DBs, that catches 99% with minimal server load. – Chris S Dec 16 '10 at 20:56
  • @NMichaels - there is no cabal. – mfinni Dec 16 '10 at 21:19
  • 1
    If ISPs have clients mass spamming and they don't respond to places like Spamhaus, they may find their IP netblocks in these RBL systems for mail servers to block. abuseat.org is a good RBL as well. – Imo Dec 16 '10 at 21:58
1

Like ChrisS said, you should definitely forward the message to the ISP. In addition, since phishing/spamming/whathaveyou is technically illegal, you can also file a complaint with the Internet Crime Complaint Center. I would not expect your single complaint to be acted upon. However, it files the information so it can be used as part of a larger investigation should one occur.

Scott Pack
  • 14,717
  • 10
  • 51
  • 83