Overview

We have been pulling and reporting to abuse@ role addresses for RIR-announced networks for 15+ years. This article covers why and how we validate abuse@ role addresses to ensure your abuse report reaches the appropriate network operator.

Why do we validate abuse@ role addresses?

Over many years in our reporting effort, we regularly find non-functioning abuse@ role addresses in all the RIR WHOIS databases. Further investigation revealed that the number of nonfunctioning abuse@ role addresses exceeds 10% of the total abuse contact addresses. While this is unacceptable for reporting since abuse cannot be dealt with, if abuse cannot be reported, discussions with the individual POCs for WHOIS at RIR revealed minimal consensus on what type of validation would work and how it might be carried out and escalated.

Given this lack of a standard, we perform validation of each abuse@ role address for our Abuse ContactDB service to ensure that our DNS IP to Abuse Contact always returns a valid working abuse@ role address to you for a given IP address.

How our abuse@ role validation process works

First, we are very careful to ensure that our validation methods are low touch and done slowly, to make sure it does not burden any abuse@ address’s mail system in any way.

The checks we perform include:

  • Validating MX records (e.g., does the abuse@ role address domain exist, and does it point to a valid IP address?

  • Does at least one MX respond to our inquiry on port 25?

  • Does the mail server accept the abuse@ role address as a valid recipient?

We perform MX record checks daily and valid recipient tests at most once per month except where the result is indeterminate. Domains returning SERVFAIL, connections returning SMTP 4xx, mail servers not responding, etc., will be retried over several days and are marked as non-functional after five failed attempts.

If an abuse contact is determined to be non-functional, then we return the abuse contact for the parent record for the network.

Where we run our validation check from

Please whitelist 78.47.241.202 to allow our validation process to work.

All abuse@ role address validation is carried out by the IP address 78.47.241.202 (validate.contactdb.abusix.com) using the envelope sender address of [email protected]

In the future

We are planning to add the following additional validation checks in the future

  • Sending a test message to verify that the mailbox accepts messages.

  • Verifying if the test message bounces or not.

  • Validate if an auto-response is sent in response to the test message.

We also plan to publish non-functioning abuse@ role addresses

  • as a webpage list, ordered from the largest to the smallest number of IP addresses for each of the responsible abuse contacts.

  • a list of IP ranges with non-functioning abuse contacts for reputation systems.