s.ewing at aussiehq.com.au
Tue Dec 7 16:00:06 CST 2010
From: Gavin Pearce <Gavin.Pearce at 3seven9.com>
>How many of you (honestly) actively manage and respond to abuse@ contact
>details listed in WHOIS? Or have had any luck with abuse@ contacts in
>the past? Who's good and who isn't?
We monitor our abuse queues, but when the email is just a stock standard
incident (eg: spam or phishing) we don't actually reply to the emails
unless more information is required.
As mentioned previously, a lot of the traffic in abuse queues is automated
and you might have anywhere up to 100 emails for a single incident. In
these cases, we merge the messages into one ticket, handle the case and
close it off.
The nature of our business (hosting) means that we do get a decent amount
of abuse traffic - ranging from compromised out of date CMSs used to send
spam or host phishing sites right through to fraudulent accounts again
used to send spam.
Rather than hire additional staff to respond to the each abuse email
individually we prefer to invest in systems to stop the abuse in the first
place. For example, all outbound email from our shared hosting network is
checked for spam/viruses and any unusual traffic (such as a spike from a
customer who typically only sends a few messages a day) is flagged.
More information about the NANOG