Contact lookup:


The fine print
You are welcome to look up contact data from abuse.net in abuse analysis tools that you write or distribute, if you satisify a few simple conditions:
  • The primary support contact you advertise must be the tool's author or vendor, not abuse.net. The vast majority of reports we get about misrouted mail sent by automated tools are due to bugs in the tools rather than erroneous abuse.net listings.
  • Automatic reports must only be sent based on the IP address or validated rDNS of the host from which the material in question arrived at the user's network.
  • Reports based on anything else must be presented to the user first for verification, because it is extremely common for tools to misdiagnose addresses from internal mail headers, forged return addresses, and the like. Misrouted reports will just make system managers automatically discard all reports your tool sends. (It's happened before, many times.)

If you wish to use abuse.net in a product or service offered for sale, you must contact us first to make arrangements. Examples might include spam filters that look up contact addresses at abuse.net to send complaints, or a certification service that requires that clients register with abuse.net.
Using abuse.net from programs
Programs that analyze spam can use abuse.net to find addresses to which to send reports, so long as they follow the rules described in the left column.

DNS lookup

The fastest and easiest way to look up abuse.net contact information is to use our DNS servers. If you want the contacts for example.com, look up the pseudo-domain
Each TXT record returned will be one of the contacts. To check if you've gotten all of the contacts, you can also search for an A record which will tell you how many TXT records there should be ( for the most common case of one record.)

It also returns an HINFO record describing the source of the data. HINFO results include two strings. The first will be default or lookup, depending on whether it found info for the domain or not. If it's lookup, the second string will be the domain for which the lookup info was retrieved, which may not be exactly the same as the domain you looked up. (For example, if you look up www.abuse.net it will return the lookup results for abuse.net.) There may be more more codes for different kinds of lookups in the future, but default will always be default. If you don't need to know where abuse.net got the result, you can ignore the HINFO record.

Be sure to direct the lookups to your local DNS cache servers, not to abuse.net's server, so the cache can remember recent searches and reuse results. The standard DNS "time to live" feature ensures that the cache will not return stale results.

This snippet of perl code will do the lookup and return an array containing the contact addresses:
# look up contacts from abuse.net
use Net::DNS;
sub ablookup {
    my ($domain) = @_;
    my ($res, $query, @r);

    $res = new Net::DNS::Resolver;
    while(1) {
	$query = $res->search("$domain.contacts.abuse.net", "TXT");
	if ($query) {
	    my $rr;

	    foreach $rr ($query->answer) {
		push @r, $rr->txtdata if $rr->type eq "TXT";
	    return @r;
	} else { # Net::DNS rejects special characters, strip off
		 # subdomains and see if a parent domain works
	    if($domain =~ m{^[^.]+\.([^.]+\..+)}) {
		$domain = $1;
	    } else {
		die "Cannot lookup contacts for $domain";

WHOIS lookup

We still support the older WHOIS server, although it is considerably slower than the new DNS server. At some point the WHOIS service will go away, so all new and updated software should use the DNS technique described above.

To use WHOIS, open a TCP/IP socket to port 43 on whois.abuse.net, and send the name of the domain you want to look up, followed by a carriage return and line feed. If you want to look up several domains at once, send them on one line separated by spaces. Then read the results back from that socket. The results will contain one address per line, then a blank line, and the server will disconnect. The result lines will usually have a parenthetical comment that you'll need to remove before using the addresses.
abuse@aol.com (for aol.com)

Other techniques

We don't make copies of the abuse.net database available to build into tools, so don't ask. It changes daily, and any copy you had would instantly be out of date. The database is not available via BIND zone transfer; the DNS server is not BIND or anything like it, and there is no zone file.

Very heavy users (over 100,000 queries per month) may be able to set up a local mirror of the underlying MySQL database. If we notice that you're such a user, we'll contact you.