[anti-abuse-wg] Manual vs automated reports

Hi Luis,

thanks you for your feedback.

> The automated reports tend to vastly outnumber the manual reports,
> which also mix with the loads of spam that are (purposely?) pointed
> at the abuse contacts. This complicates the task of sifting through
> the mail flow to direct the complaints into their proper bins for
> processing.

Why is that? My experience shows that if you have an institution that is 
hammering your abuse mailbox with mails you usually first of all look at 
the content and if the content is good and you like to work with it you 
already know who this is and could easily move the reports to the right 
bin. Even on a format base you could easily forward or move ARF, X-ARF, 
... reports to the right folders/bin/scripts/...

> I believe that having an optional "auto-abuse-mailbox" object (that
> is mandatory to use when present) dealing only with automated
> reports, could help anti-abuse operators (both in the report sending
> and receiving sides). The automated, high volume generators can
> decide not to waste resources with entities that do not have the
> right objects setup (ie, if there's not an auto-abuse-mailbox, do
> not generate the report) and the entities that are not prepared to
> deal with automated reports, could signal that to the community by
> not defining an auto-abuse-mailbox.

That is a good idea, I have thought about something similar already. The 
main problem I see is that everybody thinks their reports are the most 
important, which might be right in some cases ;-)

So if there is no auto-abuse-mailbox, I'm afraid people will send 
automatic mails to the abuse-mailbox, which does not help at all.

The second point is, that we complicate things for the reporter again. 
Not the ones that know how to do it, but the ones that are not sure 
about it.

And the third and biggest issue I have with it is the definition. What 
is automatic and what is not? Having a spamtrap system reporting in ARF 
for example without any user interaction is clearly automatic. But 
clicking a spam-button and reporting things in a feedback loop also in 
ARF is manual? Or automatic? Or something in between?

At the end it does not care, since both scenarios are in the same format 
and probably run through the same scripts or into the same 
mailbox/folder/bin/...

What I was afraid what would happen is that processes that are defined 
in the abuse department, for example processing of ARF could be impaired 
by the reporter just by having another definition. Keeping these 
definitions up2date is not an option, since this will never lead to a 
consensus and what would happen if somebody just does not care about it?

Imho the easier way is to move and forward (Divide) the reports on a 
receiver side exactly in the way the receiver wants to process (conquer) 
them. This way the receiver has its processes completely under control.

I hope I was able to phrase my concerns in an understandable way. But 
never the less thank you very much for your input and please feel free 
to destroy my concerns.

Thanks,

Tobias