We have been pulling and reporting to abuse@ role addresses for RIR-announced networks for 15+ years. This article covers why and how we validate abuse@ role addresses to ensure your abuse report reaches the appropriate network operator.
Over many years in our reporting effort, we regularly find non-functioning abuse@ role addresses in all the RIRWHOIS databases. Further investigation revealed that the number of nonfunctioning abuse@ role addresses exceeds 10% of the total abuse contact addresses. While this is unacceptable for reporting since abuse cannot be dealt with, if abuse cannot be reported, discussions with the individual POCs for WHOIS at RIR revealed minimal consensus on what type of validation would work and how it might be carried out and escalated.Given this lack of a standard, we perform validation of each abuse@ role address for our Abuse ContactDB service to ensure that our DNSIP to Abuse Contact always returns a valid working abuse@ role address to you for a given IP address.
First, we are very careful to ensure that our validation methods are low touch and done slowly, to make sure it does not burden any abuse@ address’s mail system in any way.The checks we perform include:
Validating MX records (e.g., does the abuse@ role address domain exist, and does it point to a valid IP address?
Does at least one MX respond to our inquiry on port 25?
Does the mail server accept the abuse@ role address as a valid recipient?
We perform MX record checks daily and valid recipient tests at most once per month except where the result is indeterminate. Domains returning SERVFAIL, connections returning SMTP 4xx, mail servers not responding, etc., will be retried over several days and are marked as non-functional after five failed attempts.If an abuse contact is determined to be non-functional, then we return the abuse contact for the parent record for the network.
Please whitelist 78.47.241.202 to allow our validation process to work.All abuse@ role address validation is carried out by the IP address 78.47.241.202 (validate.contactdb.abusix.com) using the envelope sender address of [email protected]