This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[anti-abuse-wg] Proposal: Publish effective users' abuse-c

Previous message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c
Next message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alessandro Vesely vesely at tana.it
Sat Jan 22 12:19:14 CET 2022

On Fri 21/Jan/2022 14:21:41 +0100 Hans-Martin Mosner wrote:
> Am 20.01.22 um 13:37 schrieb Alessandro Vesely:
>>
>> However, it is the ISPs' customers who are the effective users of those IPs. 
>> Any complaint, whether reporting spam or botnet activity, can probably be 
>> handled more effectively by the people who run the systems connected to a 
>> given IP than the actual owner. 
> 
> In a considerable amount of cases, the ISP's customer is also the spammer. I 
> would prefer not to talk to them when complaining about their behavior - in the 
> best case, they will ignore me, in the worst case, they might do something in 
> revenge.

That makes sense when you're reporting spam.  Botnet activity differs.  If RDAP 
data allows to recognize which abuse contact belongs to which kind of operator, 
tools can accept options to output either one or both.

> The IP owner is the one who can pull the plug on misbehaving customers. As it 
> is much easier to identify IP owners, I can collect reputation data about who I 
> can trust to handle my abuse complaint responsibly, who will just ignore it, 
> who will forward it unedited to their customer. Depending on this assessment of 
> their trustworthiness, I will or won't report.

Wow!  I just collect those which bounce.  Some send some feedback, and in a 
minority of those cases I seem to be able to grasp that they actually do 
something to mitigate reported abuse.

> There are very few cases where reporting to end users makes much sense. Either 
> they operate their system responsibly including monitoring the mail rejects and 
> bounces, then they already know there's something that needs to be fixed, or 
> they don't, and most often don't care, and my complaint will probably not 
> change that.

Some operators say they refuse abuse reporting by email because they want 
complainants to fill web forms.  Of course, web forms have fields that provide 
for better handling.  However, the only handling I can think of is to associate 
the IP field to the corresponding customer and automatically forward the 
complaint there.  That could be done by RDAP.

Best
Ale
--

Previous message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c
Next message (by thread): [anti-abuse-wg] Proposal: Publish effective users' abuse-c

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ anti-abuse-wg Archives ]