This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] How Not To Ask For A Website to Be taken Down

Previous message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
Next message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michele Neylon :: Blacknight michele at blacknight.ie
Wed Dec 22 00:46:22 CET 2010

On 21 Dec 2010, at 23:33, Ronald F. Guilmette wrote:

> 
> In message <FF4A9252-C4E2-4918-8E27-8EA1D239C97B at blacknight.ie>, 
> "Michele Neylon :: Blacknight" <michele at blacknight.ie> wrote:
> 
>> Got this earlier today (not to our abuse contact of course .. )
>> 
>> Couple of things to note
>> 
>> Unless you read it a few times it's not easy to work out what the hell they=
>> are actually asking about
> 
> I confess that I am utterly baffled by your comment.  The message from BofA
> seemed altogether clear and entirely straightforward and unambiguous to me.
> 
> What is it, exactly, about that message that caused you to have any difficulty
> in "working it out"?

To start with it was sent to just about every single contact point imaginable except our abuse contact. The only reason it made it to our abuse team at all was because one of our sales staff asked me to look at it.

> 
>> If your first language isn't English then I suspect you'll dismiss it as
>> spam .. .. I know some of my staff did and they supposedly speak English!
> 
> Again, I am utterly baffled by your comment.  Can you explain why anyone
> would ever dismiss BofA's message to you as spam?

Read the message. Instead of simply stating that they are alerting us to an issue they start off with a long convoluted text about their trademarks, which is totally irrelevant to us. All we want to know is that someone is reporting abuse, what type of abuse it is and where it is located. 

You might not find this hard to understand, but I suspect this is because you are used to reading these kind of emails and might be immune to how badly worded they are.

If your first language isn't English how are you expected to deal with this? 

A much simpler email with the type of abuse and its location at the TOP of the email would be a lot saner and more likely to be dealt with in a timely fashion

If someone wants (or needs to) include a lot of boiler legal text etc., then put it further down the email.

> 
> I also occasionally send messages to various networks, generally regarding
> serious ongoing security issues.  If I was BofA, and I had to draft an e-mail
> to your organization, asking you to remove a phishing site from your network,
> I think I would have phrased the e-mail almost exactly the way that BofA did.

Then it probably would have been greeted with the same level of disdain that the one we got today was,

> And if you were tempted to ignore & trash BofA's notification to you, then
> I really would like to understand why, because if I can understand that, then
> perhaps I might also be able to understand why various networks have utterly
> ignored various messages I have sent, over time, alerting them to, e.g.,
> hacked machines on their respective networks.
> 
> 
> Regards,
> rfg
> 
> 
> P.S.  I think that a discussion of the BofA message, and your comments
> about it, would be quite entierly apropos for this mailing list, because
> after all, hasn't this WG just been working (struggling?) to finalize/
> formalize a proposal to get abuse contact e-mail addresses into all RIPE
> allocation records?
> 
> As someone else pointed out, requiring those (abuse) e-mail contacts will
> really be utterly pointless if the folks on the receiving ends of those
> e-mail addresses regularly or routinely trash inbound messages sent to those
> addresses, e.g. because, in their opinions, said messages "look vaguely
> like spam".
> 

I totally agree. I've been asking security companies / banks etc etc to send simpler and more accessible abuse reports for ages. Some do, but a lot of them still don't

(And then there's the opposite end of the spectrum, where you get a vague message saying that an IP is abusing someone's system, but they fail to tell you what that system is or who they are .. )

Regards

Michele

Mr Michele Neylon
Blacknight Solutions
Hosting & Colocation, Brand Protection
ICANN Accredited Registrar
http://www.blacknight.com/
http://blog.blacknight.com/
http://blacknight.mobi/
http://mneylon.tel
Intl. +353 (0) 59  9183072
US: 213-233-1612 
UK: 0844 484 9361
Locall: 1850 929 929
Direct Dial: +353 (0)59 9183090
Twitter: http://twitter.com/mneylon
-------------------------------
Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty
Road,Graiguecullen,Carlow,Ireland  Company No.: 370845

Previous message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
Next message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]