On Mon, 3 Jun 2013, David F. Skoll wrote:
On Mon, 3 Jun 2013 16:11:28 +0200
Matus UHLAR - fantomas <uh...@fantomas.sk> wrote:
I believe you are able to track network admins of connecting IPs. Or,
simply check theis rDNS (forward-confirmed) and contact
abuse@delegated.domain...
Well yeah, but in the example I posted the machine 77.30.72.215 is a
Windows box located in Dammam, Saudi Arabia. I suspect sending abuse
reports to saudi.net.sa will not have much of an effect... I certainly
don't have the time to follow up on more than 30 000 of these spams
from thousands of different IP addresses.
Most ISPs are lazy and don't take action against compromised customers.
Do you not like connection-oriented RBLs? That client IP address is in
both cbl.abuseat.org & pbl.spamhaus.org lists as an infected client.
Why not just block connections from infected PCs?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
