Programs that analyze spam can use abuse.net to find addresses to which
to send reports, so long as they follow the rules described in the left
column.
DNS lookup
The fastest and easiest way to look up abuse.net contact information is
to use our DNS servers. If you want the contacts for
example.com,
look up the pseudo-domain
example.com.contacts.abuse.net
Each TXT record returned will be one of the contacts.
To check if you've gotten all of the contacts, you can also search for an
A record which will tell you how many TXT records there should be (0.0.0.1
for the most common case of one record.)
It also returns an HINFO record describing the source of the data.
HINFO results include two strings. The first will be
default
or
lookup, depending on whether it found info for the domain
or not.
If it's
lookup, the second string will be the domain for which
the lookup info was retrieved, which may not be exactly the same as the
domain you looked up.
(For example, if you look up
www.abuse.net it will return
the lookup results for
abuse.net.)
There may be more more codes for different kinds of lookups in the future,
but default will always be default.
If you don't need to know where abuse.net got the result, you can
ignore the HINFO record.
Be sure to direct the lookups to your local DNS cache servers, not to
abuse.net's server, so the cache can remember recent searches and reuse
results.
The standard DNS "time to live" feature ensures that the cache will
not return stale results.
This snippet of perl code will do the lookup and return an array
containing the contact addresses:
# look up contacts from abuse.net
use Net::DNS;
sub ablookup {
my ($domain) = @_;
my ($res, $query, @r);
$res = new Net::DNS::Resolver;
while(1) {
$query = $res->search("$domain.contacts.abuse.net", "TXT");
if ($query) {
my $rr;
foreach $rr ($query->answer) {
push @r, $rr->txtdata if $rr->type eq "TXT";
}
return @r;
} else { # Net::DNS rejects special characters, strip off
# subdomains and see if a parent domain works
if($domain =~ m{^[^.]+\.([^.]+\..+)}) {
$domain = $1;
} else {
die "Cannot lookup contacts for $domain";
}
}
}
}
WHOIS lookup
We still support the older WHOIS server, although it is considerably slower
than the new DNS server.
At some point the WHOIS service will go away, so all new and updated
software should use the DNS technique described above.
To use WHOIS, open a TCP/IP socket to port 43 on
whois.abuse.net,
and send the name of the domain you want to look up, followed by a
carriage return and line feed.
If you want to look up several domains at once, send them on one line separated
by spaces.
Then read the results back from that socket.
The results will contain one address per line, then a blank line, and the
server will disconnect.
The result lines will usually have a parenthetical comment that you'll need
to remove before using the addresses.
abuse@aol.com (for aol.com)
Other techniques
We don't make copies of the abuse.net database available to build into
tools, so don't ask. It changes daily, and any copy you had would
instantly be out of date.
The database is not available via BIND zone transfer; the DNS server is
not BIND or anything like it, and there is no zone file.
Very heavy users (over 100,000 queries per month) may be able to set up
a local mirror of the underlying MySQL database.
If we notice that you're such a user, we'll contact you.