Or perhaps there's a more reasonable explanation like being assimilated
with Level3 and perhaps some contact info. is a little stale at this
point in the merger process... Never attribute to malfeasance what can
be explained by everyday corporate beauracracy.
This phone number goes to their "conferencing group", which doesn't know
what 'abuse' is, or even what an IP network is.
I went through 4 levels of management, and was informed that they no longer
had an abuse team -- that this was disbanded in a recent reorganization.
In short, it would appear that Wiltel is now selling pink contracts.
WilTel's abuse department has long been MIA. I never even got an acknowledgment from them much less getting the problem fixed. The only difference now is that they are bouncing the messages rather than dev-nulling them
They also don't believe in edge filtering.. Here are some stats for today
10 deny ip 0.0.0.0 1.255.255.255 any (111 matches)
20 deny ip 2.0.0.0 0.255.255.255 any (97 matches)
30 deny ip 5.0.0.0 0.255.255.255 any (102 matches)
40 deny ip 7.0.0.0 0.255.255.255 any (106 matches)
50 deny ip 10.0.0.0 0.255.255.255 any (6487 matches)
60 deny ip 23.0.0.0 0.255.255.255 any (120 matches)
70 deny ip 27.0.0.0 0.255.255.255 any (126 matches)
80 deny ip 31.0.0.0 0.255.255.255 any (107 matches)
90 deny ip 36.0.0.0 1.255.255.255 any (1458 matches)
100 deny ip 39.0.0.0 0.255.255.255 any (137 matches)
110 deny ip 42.0.0.0 0.255.255.255 any (127 matches)
120 deny ip 49.0.0.0 0.255.255.255 any (146 matches)
130 deny ip 50.0.0.0 0.255.255.255 any (124 matches)
140 deny ip 77.0.0.0 0.255.255.255 any (138 matches)
150 deny ip 78.0.0.0 1.255.255.255 any (243 matches)
160 deny ip 92.0.0.0 3.255.255.255 any (868 matches)
170 deny ip 96.0.0.0 15.255.255.255 any (2754 matches)
180 deny ip 112.0.0.0 7.255.255.255 any (1896 matches)
190 deny ip 120.0.0.0 0.255.255.255 any (337 matches)
200 deny ip 169.254.0.0 0.0.255.255 any (744 matches)
210 deny ip 172.16.0.0 0.15.255.255 any (827 matches)
220 deny ip 173.0.0.0 0.255.255.255 any (150 matches)
230 deny ip 174.0.0.0 1.255.255.255 any (870 matches)
240 deny ip 176.0.0.0 7.255.255.255 any (3860 matches)
250 deny ip 184.0.0.0 3.255.255.255 any (765 matches)
260 deny ip 192.0.2.0 0.0.0.255 any
270 deny ip 192.168.0.0 0.0.255.255 any (873 matches)
280 deny ip 197.0.0.0 0.255.255.255 any (127 matches)
290 deny ip 198.18.0.0 0.1.255.255 any
300 deny ip 223.0.0.0 0.255.255.255 any (121 matches)
310 deny ip 224.0.0.0 31.255.255.255 any
I'm missing the point where I am supposed to care. The regulations
concerning proper contact information don't mention this exception.
Complete and utter incompetence (ie spam filtering their abuse mailbox) are
to blame for mail being rejected, and the phone numbers being out of date
are their fault, not a valid excuse.
In my opinion, companies which neglect the updating of contact information should be beaten, perhaps with a large cue stick or a ball peen hammer. The reality of the situation is that issues can arise much more important than even the one described here (perhaps a large DOS attack), and finding the contact information can be difficult.
All I was saying is that there were other means of finding the right person, and perhaps even informing them to update the contact information -- rather than using nanog as a sounding board.
If anything, it's *easier* to deal with clued providers that have misplaced their
moral compass and gone pink, than to deal with mere stupidity. Alas, both types
of sites are present in sufficient numbers to overwhelm almost anybody's
ability to continue caring....
Considering the amount of spam that abuse mailboxes get then spam
filtering them is actually a good idea. You just have to be a little
careful to not block the complaints.
One way I did was to look for a "Received: " header in the body of the
suspected spam and allow it though if it is rejected. A backup for that
was to have the reject say "Please include the word 'xyzzy' in the subject
to bypass the filters" and allow anything with that through (which
happened less than once per month).
This discussion is now drifting back to the one we had several weeks ago
about properly and adequately staffing the abuse desk (email, phone, and
otherwise) in spite of the temptation to take advantage of the
'efficiencies' of scale. It's beyond me how an abuse@ can afford to drop
emails via their spam filter, unless the required spamminess value is set
*very* high. Again, auto-responding to spam email can just perpetuate the
spam, though it is effective for those legitimate senders whose email was
marked up as spam.
Anyone want to start a pool to guess when Level3 will update the Wiltel
contact records with the correct Level3 information? =)
One can make a guess that maybe somebody is waiting for whois data to be
to be merged in ARIN db after which all blocks would show up proper ORG abuse and tech contacts automaticly...
But that does not excuse the fact that old abuse address is not being
taken care of when its no more complex to setup email forwarding from abuse@wiltel.com to abuse@level3.com then it is to setup redirect
from www.wiltel.com to www.level3.com
David Rossbach is now with Level3 Abuse but still also handling abuse complaints for the former Wiltel ranges. I imagine the problem with mail to abuse@wiltel.com is down to someone forgetting to alias it to abuse@level3.net.
David Rossbach is now with Level3 Abuse but still also handling abuse
complaints for the former Wiltel ranges.
True.
I imagine the problem with
mail to abuse@wiltel.com is down to someone forgetting to alias it to
abuse@level3.net.
Nope. It's because there is a spam filter on abuse. So he asked me to
forward it to him directly, which was bounced by same filter. So we went
down to just the headers, and was still caught by spam filter.