We found a number of non-functioning abuse contacts present in the WHOIS data we return on our Abuse ContactDB service which provides a free IP to Abuse Contact lookup using DNS.
Further investigation showed the actual number to be at least 10% non-functional abuse contact addresses and we find this unacceptable. If abuse cannot be reported, it cannot be dealt with.
At the time of writing, validation of POCs in WHOIS is very specific to the managing RIR with very little consensus as to whether this should be carried out, how it would work and how this is escalated.
We have therefore decided to do validation of the abuse contacts ourselves to ensure that our ContactDB always returns valid abuse contacts for a given IP.
Currently our abuse contact validation works like this
- Validate MX records (e.g. does domain exist, point to a valid IP).
- Does at least one MX respond on port 25?
- Does the mail server accept the recipient?
In the future we plan to take this a few steps further
- Is a test message accepted?
- Does the test message bounce?
- Is an auto-response sent in response to the test message?
We will carry out MX checks daily and recipient tests at most once per month with the exception where the result is indeterminate, for example: domains returning SERVFAIL, connections returning SMTP 4xx, mail servers not responding etc. will be retried over several days and will be marked as non-functional after 5 failed attempts.
If an abuse contact is determined to be non-functional, then we will return the abuse contact for the parent record.
All abuse contact validation testing is carried out by the IP address 188.8.131.52 (validate.contactdb.abusix.com) using the envelope sender address of firstname.lastname@example.org
Please can you ensure that you whitelist 184.108.40.206 to allow this process to work.
We are careful to ensure that validation is done slowly and is spread across the month and will not burden your mail systems in any way.
We plan to publish non-functioning abuse contacts on our website ordered by the number of IP addresses they are responsible for.
We will also provide a separate list of IP ranges with non-functioning abuse contacts for reputation systems from this data.
If you have any comments or questions, either use the Intercom live-chat, or email email@example.com