|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1840
Location: Japan
|
 Posted: Fri Mar 07, 2008 2:19 am Post subject: RU-CENTER NCC responds |
|
|
For every complaint regarding a .RU domain, RU-CENTER NCC sends a reply as follows
| Quote: | Dear Sirs,
According to the Regulations for registering domain names in RU domain:
The Administrator of a domain defines the rules and order of using the
domain name, is responsible for selecting the domain name and for
possible infringement of the rights of any third party in connection
with the selection and use of the domain name, and is liable for the
costs of such infringements.
http://www.nic.ru/dns/contract/en/sup1_1_ru.html
Please refer to the hosting-provider of the site. |
Is there anything more we can do, or do we simply accept the fact that NIC.RU openly and proudly supports spammers?
|
|
| Back to top |
|
 |
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2899
|
| Posted: Fri Mar 07, 2008 3:49 am Post subject: |
|
|
You can filter your spam so everything with a .ru TLD goes in the trash.
They are ICANN accredited, but for the .ru domains, they don't even have to put the registration info in the whois. That makes it hard to report sites for false whois, the only rule ICANN expects registrars to enforce.
|
|
| Back to top |
|
|
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1840
Location: Japan
|
| Posted: Tue Mar 18, 2008 2:37 am Post subject: |
|
|
RU-CENTER NCC's latest response
| Quote: | Hello,
In your letter the question is about "spam". Unfortunately, this
phenomenon is not reflected in any way in the Russian legislation.
RU-CENTER, as the registrar, RIPN as the manager of national domain RU,
of a measure to spam are not authorized to take.
On questions of the discontinuance of the imposed advertising it is
possible to address:
- to the provider which gives you access in the Internet, with the
request to stop an opportunity of reception spam;
- to provider on which network the given domain or to the owner of
the domain from which acts "spam" settles down, with the request to
stop dispatch spam;
- in regional management of the control of advertising activity of
the Ministry on an antiexclusive policy with the application for
suppression of infringement of the legislation for advertising. |
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
| Posted: Tue Mar 18, 2008 2:41 pm Post subject: |
|
|
They need better clarification.
Perhaps, mention of "fast-flux" and/or "round robin", "botnet hosting" etc...would be of use.
It's not simply a "spam" problem, it's a fraud problem, as well as a malware/infection problem.
The "machines" connected to the IP addresses which point to these domains are being infected by malware.
Russia doesn't have anti-spam laws, so maybe it would be possible to go this route...then again who knows, this is the same country that was offering the first "create-a-botnet" CDs on the streets...
Something to note...I was reading http://www.nic.ru/dns/contract/en/sup1_1_ru.html which is their "regulations" for registering a domain name
Under "3.2. Conditions of domain delegation" their is the following mention:
| Quote: | | The DNS servers specified by the Customer must have reliable connection to the Internet. A "reliable connection" implies that the total time for which the server is not connected to the Internet does not exceed two hours a day. These servers must be maintained in conformity with the requirements of the international standards RFC-1032, RFC-1033, RFC-1034, RFC-1035 and RFC-1591. If positive results of the validity check on the domain name servers are not received within 4 (four) days, the check is ceased. The procedure of testing the DNS servers can be initiated again by the Customer using RU-NIC's Web interface. |
Can these round-robin/fast-flux domain name servers often seen used by spammed domains be considered "reliable"?
Under 3.3...
| Quote: | | 3.3.1. All data provided by a Customer at the signing of the Agreement and registration on RU-NIC's database must be factual. If a Customer submits false information the registration may be terminated (the domain vacated). |
This can be a bit trickier...I've heard some registrars may act, if you receive back a "return to sender" when attempting to mail a letter to the "registrant" of the domain.
But this get's a bit trickier, since the domain may be registered "to" someone who had their identity stolen, so it's possible the address/contacts may be "real" - but the person at that address did not authorize being listed for the registered domain.
So one would have to develop a paper-trail.
I supposed one could try a combination of Google Maps, Live Earth, Google Earth, etc. and see if the address actually exists...but I don't know if the registrars will 'act" on that.
Throughout the page, it states that "e-mail" is to be used as a form of contact, here's another quote:
| Quote: | | 3.3.2. If there is any doubt about the authenticity of data provided by a Customer for the registration of a domain, RU-NIC may demand confirmation of the data and/or request additional information during the entire term of the registration. Such requests are sent via e-mail to the Customer's contact address specified in the Agreement. |
Which means, the e-mail address listed is most likely a legit e-mail address. If you were to e-mail the address and got a Postmaster response, quota exceeded, mailbox not found, etc. that could be used as evidence.
Then here....they give the "owner" too long to act...14 days...?
| Quote: | 3.3.3. If the previously provided information is not confirmed and/or additional information is not provided within 14 calendar days from the moment of the first request, RU-NIC may
a) reject Customer's application for new domain name registration;
b) suspend the delegation of the Customer's domains;
c) reject Customer's application for domain name renewal;
d) reject Customer's request for domain name transfer to another person or request for domain name transfer to another Registrar.
|
Too much lee-way to fix up their "problem"
Then I was reading http://www.nic.ru/dns/contract/en/sup1_4_net.html
And it mentioned
| Quote: | | 4.1.7. RU-NIC send to DomainPeople Inc request for domain registration wich contain the e-mail address from the Customer contract. After domain registration DomainPeople Inc send the domain password to this e-mail address. |
Who is DomainPeople Inc? Perhaps we need to be contacting this company too...? http://domainpeople.com/ is their site I think.
Under 4.2. Special provisions, it states that data for domain registration must be factual, but they allow "corrections" to be made within 60 days....that's two months....within 2 months, they've moved to a new domain name anyways........
http://www.nic.ru/about/en/servpol.html is their Terms of Service...
But yea, a google search for abuse site:nic.ru reveals they don't even have a real "abuse" policy....
Though...[url=]site:nic.ru spam[/url] reveals some stuff...
http://www.nic.ru/dns/contract/en/sup1_10_host.html
| Quote: | 10.2. Restrictions for information noise (spam)
The Customer has no right to use the virtual mail server and/or virtual web-server with the purpose of implementing the following activity:
a) mass distribution of messages sent without prior agreement with the receiving party by means of e-mail and other means of personal information exchange; mass distribution is regarded as both distribution to multiple recipietns and multiple distribution to one recipient;
b) distribution without prior agreement with the receiving party of electronic letters and other messages of promotional, commercial or agitational nature, and the letters, containing information, harmful to public interests, humanitarian and moral principals (such as profane language, appeals for violence, subversive extremist activity, calls for overthrowing of the government, anti-humanitarian calls insulting human dignity or religious feelings, etc.);
c) distribution of e-mail addresses or other message delivery services databases (except for the cases when owners of all addresses included in such a database explicitly expressed their consent for inclusion of addresses in this database and distribution of the database, at that open publication of the address cannot be considered an agreement);
d) distribution of software for technical implementation of the activities, described in the subparagraphs (a,b,c,) of the current paragraph;
e) distribution of messages not meeting the following requirements:
- electronic mail address may be included in the distribution addresses list only at the address owner's will;
- electronic mail address has to be expelled from distribution addresses list at the address owner's will without any difficulties for him.
f) posting in any conference messages irrelevant to the content of the present conference. Here and thereafter the conference stands for teleconference (news groups) Usenet and other conferences, forums and distribution lists.
g) posting in any conference messages of promotional, commercial or agitational nature, except for the cases when such messages are explicitly allowed by the rules of the conference or their posting is agreed upon with the owners or administrators of the conference in advance.
h) posting in any conference an article containing attached files, except for the cases when attachments are explicitly allowed by the rules of the conference or such posting is agreed upon with the owners or administrators of the conference in advance.
10.3 The Customer has no right to use his own or granted information resources (mailboxes, e-mail addresses, web-page addresses etc.) as his contacts in the process of performing any activities, described in the paragraph 10.2, regardless of the Internet point where these activities were performed.
10.4. In case the events specified in paragraphs 10.1, 10.2 and 10.3 occur, RU-NIC, according to the paragraph 8.1 of the current Schedule, has the right to block the Customer's virtual mail server and/or virtual web-server, informing the Customer by means of e-mail once. Virtual mail server and/or virtual web-server functioning may be resumed after the Customer eliminates violation cause and addresses RU-NIC by means of e-mail.
10.5. RU-NIC, from its party, guarantess keeping the confidentiality of the Customer's mail and does not perform any kind of preliminary contents check of the web-sites, created and supported by the Customer, however, RU-NIC has the right to perform hosting service blocking after an appropriate notification to the Customer for the duration at the discretion of RU-NIC in case of negative comments and complaints from third parties whose rights are violated as a result of the Customer's ensuing activity.
10.6. In case of obvious violation by the Customer of the Russian Federation law from RU-NIC's point of view, service provision to him may be stopped without a preliminary warning from RU-NIC's party. |
But that doesn't say much...it simply states they can't use the "virtual mail server" of NIC.RU to send spam....so they go the backdoor method of infecting thousands of innocent users and abuse the system that way....
Anyone know Russian law? what is "including distributing and advertising obscene material"...? lol.
Here's some other contacts:
| Quote: | General information on domains registration
ru-ncc@nic.ru - .RU, .SU domain names
tld-ncc@nic.ru - .NET, .COM, .ORG, .BIZ, .INFO domain names
Telephone: +7 (495) 737-0601
Fax: +7 (495) 737-0602
Working hours: 10:00-19:00 (monday-friday)
Information regarding conclusion of the Service Agreement
ru-cont@nic.ru
Telephone: +7 (495) 737-0601
Fax: +7 (495) 737-0602
Working hours: 10:00-19:00 (monday-friday)
Information regarding billing procedures
ru-bill@nic.ru
Telephone: +7 (495) 737-0601
Fax: +7 (495) 737-0602
Working hours: 10:00-19:00
(monday-friday)
Technical support of additional services
support@nic.ru |
Add them all to the CC: area of your complainterator contacts file and let the complaints fly 
If you want to phone em,
Telephone: +7 (495) 737-0601
Fax: +7 (495) 737-0602
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2899
|
| Posted: Tue Mar 18, 2008 4:44 pm Post subject: |
|
|
| ahoier wrote: | | 3.3.1. All data provided by a Customer at the signing of the Agreement and registration on RU-NIC's database must be factual. If a Customer submits false information the registration may be terminated (the domain vacated). |
I've had good luck going that route with .com domains. The name, address and sometimes phone number of the "registrant" are listed. If they are real sounding names in the US, they usually are real people who you can call/mail, and they usually will find the domain was charged to their credit/debit card. Registrars don't listen to us, but they have to listen to payers or they may find themselves unable to process Mastercard transactions. However, as far as getting domains suspended, even the "responsible" registrars often just reverse the charges and let the spammer keep his domain. You would think they would see how shortsighted that is; the registrars that suspend the domains stop getting fake credit card charges because the spammers learn not to waste their time; the ones that leave the domains active are still getting lots of new fraudulent registrations.
In the case of .ru registrations, however, ICANN rules don't apply and they don't have to tell you the registrant name or anything else. It's tough to prove it's fraudulent then. And good luck getting them to contact the registrant for proof just because you are challenging it -- most of the registrars that will suspend .com domains will only do it for those domains where someone else proves it is fraudulent -- they should be sending letters themselves and suspending domains if there is no reply, but it does not happen.
| ahoier wrote: | | But that doesn't say much...it simply states they can't use the "virtual mail server" of NIC.RU to send spam....so they go the backdoor method of infecting thousands of innocent users and abuse the system that way.... |
They could have made it much shorter by just saying, "We don't care what you do as long as you don't get our company servers on blocklists."
|
|
| Back to top |
|
|
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1840
Location: Japan
|
| Posted: Fri Apr 11, 2008 7:21 am Post subject: |
|
|
A new Russian registrar (REGISTRATOR-REG-RIPN = mastername.ru) sent me the following reply to a removal request
| Quote: | Hello,
Unfortunately, the concept "spam" is not reflected in any way in the
legislation of the Russian Federation. Cancellation of registration of a
domain name is possible only on the basis of the corresponding Rules of
registration of domain names (http://mastername.ru/documents/order11.html).
Also concerning the termination of the imposed advertising it is possible to
address:
* to the provider who gives to you access to the Internet, with the
request to stop an opportunity of reception of a spam;
* to the provider on which network the given domain or to the owner of the
domain from which "spam" acts settles down, with the request to stop mailing a
spam;
* in the Ministry on an antimonopoly policy with the application for
suppression of infringement of the legislation for advertising.
It is not necessary to answer letters "spam" ? to that you let to them the
know, that your address really exists and mail acting there is read by the owner. |
Unlike the Chinese registrars, who simply do not reply to any mail, the Russians seem to maintain the position that spam is not their problem, but the recipient's.
P.S. I just noticed that this response is almost identical to the message I received from RU-CENTER NCC on Mar-18.
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
| Posted: Fri Apr 11, 2008 1:57 pm Post subject: |
|
|
So, we gotta try and fight it from the "malware" or "fraud" department.
When mailing requests don't mention anything spam related.
Link to siteadvisor as evidence, but mention "bad shopping experience" related to the domain, or fraudulent use, etc.
My guess, is if the report contain any "spam" keyword, they will dump it in the trash :<
So try the malware route, and/or "fraud" route which are/can be closely related.
Sites are being hosted by large-scale botnets that have been infected by malware
As AC pointed out with Chinese registrars, when chiming in the HK Police Force, evidence of HK citizens have been included. Perhaps get some netstat logs of Russian Citizens who are victims of these botnets, including time/date stamps, including GMT Offset.
Is there a "Russian Police Force" address or other equivalent that can be mailed?
I'd say, let them know "Filtering is not an option, incarceration is the only option" or some such, but just move on, try tending the reports to Russian registrars from the fraud/malware/botnet front instead.
I think links to the Spamtrackers.eu wiki will still be sufficient....
But perhaps try using a short URL service to hide the "spam"trackers URL behind one of the "preview.tinyurl.com" links, incase they have some auto-responder that triggers in the keyword "spam" 
Just do a play on words. Canadian Pharmacy could be considered a "fraud-gang" or "malware-gang" instead of a "spam-gang" within reports to Russian registrars.
Just some ideas
|
|
| Back to top |
|
|
tembow
Blue Angel
Premium Member
Joined: Oct 10, 2005
Posts: 2945
|
| Posted: Fri Apr 11, 2008 9:01 pm Post subject: |
|
|
He said everything I was about to say.
Sometimes it is nice to feel redundant !
|
|
| Back to top |
|
|
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1840
Location: Japan
|
| Posted: Tue Apr 15, 2008 2:30 am Post subject: |
|
|
A reply from REGISTRATOR-REG-RIPN:
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
|
| Back to top |
|
|
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1840
Location: Japan
|
| Posted: Tue Apr 15, 2008 7:31 am Post subject: |
|
|
I just sent a standard complinterator report; the spammed website domain was office-v.ru - looks like a real estate site.
I don't think there was any joe-job, fraud, malware, or stolen credit cards involved. The spam was sent from Brazil. Full details
http://www.spamcop.net/sc?id=z1785586945zee54d2c3d2fc7316918b0df20e9157e0z
|
|
| Back to top |
|
|
tembow
Blue Angel
Premium Member
Joined: Oct 10, 2005
Posts: 2945
|
| Posted: Tue Apr 15, 2008 7:40 am Post subject: |
|
|
I suggest that only cases of clearly illegal spam sites be directed to registrars when using complainterator. As the author, I would prefer that its reputation as a serious reporting tool be maintained.
Using it because you got one spam for a possibly legitimate site is a bit over the top, and reduces credibility for both the reporter and for the report tool.
In this case, a respectable looking web site in Russia was promoted via unsolicited mail emanating from Brazil. That's a good one for Spamcop to handle, as it goes after the email source as its main thrust.
I am not surprised by the registrar's response. Putting myself in their shoes as a registrar I would feel inclined to send the same response myself.
Last edited by tembow on Wed Apr 23, 2008 10:45 am, edited 1 time in total |
|
| Back to top |
|
|
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1840
Location: Japan
|
| Posted: Tue Apr 15, 2008 9:35 am Post subject: |
|
|
I appreciate your advice, but it's sometimes hard to check out every spamvertized website. I get a quite good number of Russian spams every day; most are of pornographic nature, and they do change their domains often. As I do not read Russian, some websites are completely unclear what they are about. This particular one I only checked after receiving the reply.
But since most Russian registrars don't act at all, maybe we should stop sending reports that way?
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2899
|
| Posted: Tue Apr 15, 2008 11:47 am Post subject: |
|
|
Spam is completely legal in Russia; that's why we get spammed by the type of companies that would never risk their reputations by spamming if they were in other countries.
I don't bother reporting those, as the only response will be a polite explanation of Russian antispam laws or lack thereof (except for registrars like ESTDomains that have their own antispam policies that users must agree to up front). It's easier to set Mailwasher to filter for common words in Cyrillic and their various encodings and just delete.
As the Russian economy grows, they'll start to get sick of spam, get concerned about why they can't get their emails to potential business partners in other countries past spam filters, and start wondering whether the RBN is so harmless after all.
|
|
| Back to top |
|
|
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1840
Location: Japan
|
| Posted: Wed Apr 23, 2008 9:10 am Post subject: |
|
|
Not sure if this is the same as RU-CENTER:
| RUCENTER-REG-RIPN wrote: | Hi. This is the qmail-send program at ns.informtelecom.ru.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<polunin@informtelecom.ru>: Sorry, no mailbox here by that name. vpopmail (#5.1.1) |
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
