Best practices for abuse@ mailbox and network abuse complaint handling?
K K
kkadow at gmail.com
Fri May 11 17:57:33 UTC 2007
Can anybody point me at best practices for monitoring and responding
to abuse complaints, and good solutions for accepting complaints about
network abuse?
Any recommended outsourced services for processing abuse complaints?
My interest in this is to more effectively respond to complaints about
"bad" network traffic and abuse originating from IP addresses
allocated to my employer and to the not-for-profit ISP I help run.
(Two similar needs, two very different budgets).
My employer has multiple Internet-connected networks, several IP
allocations, and several hundred active domains. Currently abuse@* is
sporadically monitored by a Messaging team, and any complaints which
seem relevant to the Network or Security groups are forwarded to the
appropriate internal contact. This is inefficient and untimely.
Probably 98% of the mailbox is from are spammers who've harvested or
randomly targeted abuse@ addresses for male enhancement, maybe 1.99%
are email abuse complaints from customers who subscribed to
company-run mailing lists and then forgot about it (I've worked hard
to educate management on responsible mass mailing). But every once in
a while there is a legitimate network-related "incident", and my team
does need to see those messages in a timely manner.
How do other network operators address the need for timely
notification of network abuse?
Some people are clueful enough to pull up the ARIN records and contact
us by phone, but I don't want to depend on the victim of an attack
sourced from our network being bright and persistent.
Thanks,
Kevin Kadow
More information about the NANOG
mailing list