This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] Anti-Abuse Training: Questions for the WG
- Previous message (by thread): [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
- Next message (by thread): [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alessandro Vesely
vesely at tana.it
Sun Oct 24 11:22:49 CEST 2021
On Sat 23/Oct/2021 01:38:56 +0200 Ronald F. Guilmette wrote: > In message <26f1df33-b958-bed4-f748-f82324d0bea8 at tana.it>, Alessandro Vesely <vesely at tana.it> wrote: > >>Shouldn't there be a standard for automatically forwarding messages destined >>to abuse-c following a path similar to that of RFC 2317 delegations? I'd love >>if AA training encouraged such behavior. > > Although delegation of abuse report handling may sound like a good idea > in theory, in practice it is a tragically bad idea. > > What happens when the customer is a spammer and abuse handling is delegated > to that customer? Google for the term "list washing". > > This isn't merely a theoretical possibility. Digital Ocean has previously > sent me multiple response emails saying quite explicitly that they had > forwarded my spam reports to their spammer customer(s). Those customers > will then surely cease to spam *me* but will continue to spam everyone > else on the planet. That'd be an incentive to send spam reports, wouldn't it? > This does not create any meaningful reduction in the global spam load. It > simply rewards those "responsible" spammers who remove from their target > lists the email addresses of the few "complainers" who nowadays take the time > to report spam. On the other hand, there are honest mailbox providers who have not realized that their system has been hacked, or that their clients' credentials have been stolen. And if you send a complaint to my abuse-c address, I won't get it. For an easy guess, LIRs who offer services at regular prices —not thousand domain discounts— have more of the latter cases. Still, their budget might not be enough for an abuse team capable of looking at each complaint. Best Ale
- Previous message (by thread): [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
- Next message (by thread): [anti-abuse-wg] Anti-Abuse Training: Questions for the WG
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]