[apnic-talk] Spam filtering on spam reporting address
I received a spam today from [43.224.36.113] which is being routed by
AS9873 - Lao Telecommunication Co Ltd.
The APNIC WHOIS record for this network indicates that csoc@laotel.com
is the email address to which such incidents may be reported.
In general, network operators do not act on spam reports unless and until
they have actually seen the spam message in question, including all of
the relevant email headers. This is both prudent and reasonable.
Unfortunately, this network, and also many others, have failed to configure
their abuse reporting mailboxes in a manner so as to allow the text of
spam messages to be accepted via those reporting addresses. The results
in such cases are predictable, and are examplified by the bounce message
shown here:
https://pastebin.com/raw/LX98NhcD
I would like to just express my hope that, as part of its ongoing educational
efforts, APNIC will work to educate its members regarding this common
issue/problem. It is all well and good to have abuse reporting addresses
associated with IP blocks and ASNs in the WHOIS records, but if those
reporting addresses are improperly configured, then they will have limited
usefulness.
Regards,
rfg
P.S. I had to send this message to the apnic-talk list twice because the
on my first attempt I included the entire text of the bounce message
(which included the original spam message) directly my message to the
apnic-talk list, and the anti-spam filters at apnic.net didn't like that.
:-(
In this instance however the SMTP 5xx rejection message I received was
arguably appropriate because the apnic-talk list should not nomally be
receiving messages that contain blacklisted URLs.