cancel
Showing results for 
Search instead for 
Did you mean: 

Contact form abuse

Denzil
Grafter
Posts: 1,733
Registered: ‎31-07-2007

Contact form abuse

I run a website for a club I belong to, and today received from our contact form a number of slightly abusive messages aimed at one of our junior members. I will talk to the person concerned, because it might just be his mates having a laugh. If it turns out to be anything more serious I will consider taking it further.
The question for you lot is that the contact form (hosted by www.emailmeform.com) returns an IP address for the sender of the message. I ran a whois, expecting a reference to an ISP, and it comes up with the following. Clearly this is not the IP address of some local troublemaker. Can anyone explain why this address appears?
OrgName:    Internet Assigned Numbers Authority
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:      Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US
NetRange:  10.0.0.0 - 10.255.255.255
CIDR:      10.0.0.0/8
NetName:    RESERVED-10
NetHandle:  NET-10-0-0-0-1
Parent:   
NetType:    IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment:    This block is reserved for special purposes.
Comment:    Please see RFC 1918 for additional information:
Comment:    http://www.arin.net/reference/rfc/rfc1918.txt
RegDate:   
Updated:    2007-11-27
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName:  Internet Corporation for Assigned Names and Number
OrgAbusePhone:  +1-310-301-5820
OrgAbuseEmail:  abuse@iana.org
OrgTechHandle: IANA-IP-ARIN
OrgTechName:  Internet Corporation for Assigned Names and Number
OrgTechPhone:  +1-310-301-5820
OrgTechEmail:  abuse@iana.org
# ARIN WHOIS database, last updated 2008-06-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
3 REPLIES
itsme
Grafter
Posts: 5,924
Thanks: 1
Registered: ‎07-04-2007

Re: Contact form abuse

You've done a lookup of an internal IP address i.e 10.0.0.x. You will get the same report if you do a lookup on 192.168.x which is the other range of IP addresses used by routers.
itsme
Grafter
Posts: 5,924
Thanks: 1
Registered: ‎07-04-2007

Re: Contact form abuse

Below is an example of an email trace. The first IP address  of 10.0.0.12 is off the PC that sent it to a local mail server at 81.149.196.232 which is a BT allocated static IP. So it will be here that for any abuse action will have to start.
Denzil
Grafter
Posts: 1,733
Registered: ‎31-07-2007

Re: Contact form abuse

Hmm, so the emailmeform site is only telling me the local IP address of the sender's PC. Not very helpful. It is likely this originated from a school network, so the local IP address might still be useful. The email trace won't help, as far as I can see, as it came from emailmeform, not from the message sender.