[anti-abuse-wg] Reporting abuse to OVH -- don't bother

On Thu 13/Feb/2020 05:26:10 +0100 Fi Shing wrote:
> All OVH and DigitalOcean abuse reports must be submitted via the abuse
> reporting forms on the website, or they won't be actioned:
>  
> https://www.ovh.com/world/abuse/
>  
> https://www.digitalocean.com/company/contact/abuse/


I'm unable to post to each abuse team specific web form.  I collect abusive
behavior from the firewall log during an end-of-day cron, and notify that to
the addresses I find using RDAP, in the hope that it can be useful to the users
paying for presumably infected hosts.

I skip reporting to countries like CN RU VN EG LA BY KE IR AZ BN and the like,
where Internet is not free, afraid to cause more harm than good.  In addition,
I have a skip list where I add bouncing addresses like abuse at ovh.net.  Some
times I report invalid WHOIS data to the relevant RIR, before adding an address
to that list.

I feel like sharing this spirit because of a recent discussion about validation
of abuse-mailboxes, and the obligation to publish one.


> At the moment, the resource holder can:
> 
>     ignore it due to funding issues,
>     ignore it due to lazyness,
>     ignore it due to criminal influence,
>     ignore it due to language barrier,
>     be forced to ignore it due to DDoS style email flooding,
>     be forced to ignore it due to the size of the resource holdings (because of the sheer volume of complaints made to them due to the size of their network),
>     be forced to ignore it due to a glitch which they are unaware of,


Of course they can.  Once I received an auto-reply saying the abuse "team" was
on holidays at the time.  That's ok, live and let leave.  If everyone do just
the best they can (not more), it'd be probably enough.


Best
Ale
--