This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Manual vs automated reports
- Previous message (by thread): [anti-abuse-wg] Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Tobias Knecht
tk at abusix.com
Tue Jul 24 19:37:44 CEST 2012
Hi Luis, thanks you for your feedback. > The automated reports tend to vastly outnumber the manual reports, > which also mix with the loads of spam that are (purposely?) pointed > at the abuse contacts. This complicates the task of sifting through > the mail flow to direct the complaints into their proper bins for > processing. Why is that? My experience shows that if you have an institution that is hammering your abuse mailbox with mails you usually first of all look at the content and if the content is good and you like to work with it you already know who this is and could easily move the reports to the right bin. Even on a format base you could easily forward or move ARF, X-ARF, ... reports to the right folders/bin/scripts/... > I believe that having an optional "auto-abuse-mailbox" object (that > is mandatory to use when present) dealing only with automated > reports, could help anti-abuse operators (both in the report sending > and receiving sides). The automated, high volume generators can > decide not to waste resources with entities that do not have the > right objects setup (ie, if there's not an auto-abuse-mailbox, do > not generate the report) and the entities that are not prepared to > deal with automated reports, could signal that to the community by > not defining an auto-abuse-mailbox. That is a good idea, I have thought about something similar already. The main problem I see is that everybody thinks their reports are the most important, which might be right in some cases ;-) So if there is no auto-abuse-mailbox, I'm afraid people will send automatic mails to the abuse-mailbox, which does not help at all. The second point is, that we complicate things for the reporter again. Not the ones that know how to do it, but the ones that are not sure about it. And the third and biggest issue I have with it is the definition. What is automatic and what is not? Having a spamtrap system reporting in ARF for example without any user interaction is clearly automatic. But clicking a spam-button and reporting things in a feedback loop also in ARF is manual? Or automatic? Or something in between? At the end it does not care, since both scenarios are in the same format and probably run through the same scripts or into the same mailbox/folder/bin/... What I was afraid what would happen is that processes that are defined in the abuse department, for example processing of ARF could be impaired by the reporter just by having another definition. Keeping these definitions up2date is not an option, since this will never lead to a consensus and what would happen if somebody just does not care about it? Imho the easier way is to move and forward (Divide) the reports on a receiver side exactly in the way the receiver wants to process (conquer) them. This way the receiver has its processes completely under control. I hope I was able to phrase my concerns in an understandable way. But never the less thank you very much for your input and please feel free to destroy my concerns. Thanks, Tobias
- Previous message (by thread): [anti-abuse-wg] Manual vs automated reports
- Next message (by thread): [anti-abuse-wg] Manual vs automated reports
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]