3

I have been running my own e-mail server for a while, and I noticed that scanning for open relays has been on the rise during the last days. So I whipped up a little script that parses postfix logs, isolates "hostile" IP addresses, finds the ISP abuse contact and sends an appropriate e-mail to them with the relevant log entries. I just let them know (nicely) that one of their clients is likely up to no good.

So far, about 30 e-mails have been sent, but no one has bothered replying so far (not even to say "thanks, we'll look into it"). I end up wondering: is it really worth notifying providers? Is someone actually reading abuse mail? Does he/she want to know about possible spammers on his network?

I don't really care about my server being scanned, it's just that I feel like I should do something to make the spammer's job harder.

Thanks in advance for your input!

Executifs
  • 263
  • 1
  • 7
  • 2
    I've send emails to abuse contacts along with relevant logs and had responses. They are generally just _We acknowledge your email and will deal with it_. Mostly though I've no response. – user9517 Jan 30 '14 at 10:29
  • @Iain Okay, it's not just me then. – Executifs Jan 30 '14 at 10:30
  • Are you sure the mails are going out, and to the right addresses? Also as an abuse contact, I might not take seriously something that is _clearly_ automated. – Michael Hampton Jan 30 '14 at 13:50
  • I'm sure, since I put myself in BCC. Although the mail is script generated, I think it looks relatively "handmade" (as long as you don't receive one everyday I guess). By the way, the fact that my reporting system is automated says _nothing_ regarding whether my complaint is legitimate or not. – Executifs Jan 30 '14 at 13:55
  • Similar results to Iain. I've certainly had some responses back, but often not. Probably depends on how legit the ISP is. – Peter Nunn Feb 01 '14 at 21:33
  • 1
    I've begun recieving automatic responses from certain ISPs! Now the only question left is: does sending abuse mail make any difference, or is it just a way to vent some steam? – Executifs Feb 04 '14 at 09:00

2 Answers2

3

It depends on ISP approach of course. I have worked in the biggest Polish Web Hosting company. We always did some action in case of abuse. Of course we replied and did some actions targeted to spammer. If it's SPAM, you can report these addresses to an RBL list.

Dave M
  • 4,494
  • 21
  • 30
  • 30
dave
  • 303
  • 3
  • 16
  • It's not about _recieving_ spam: it's about people looking for open relays to send some. Or even trying to enumerate users through VRFY bruteforce. – Executifs Jan 30 '14 at 10:32
-2

You should use these services if you want to fight against SPAM.

http://www.spamcop.net

http://www.projecthoneypot.org

Bogdan
  • 218
  • 2
  • 8
  • 1
    A little off-topic: I am not _recieving_ any SPAM. And my server is definitely not an open relay. But the fact that spammers scan me gives me an opportunity to try and hinder them. – Executifs Jan 30 '14 at 10:34