Best practices for [email protected] mailbox and network abuse complaint handling?
jeroen at unfix.org
Fri May 11 22:31:46 UTC 2007
K K wrote:
> I'm hoping to find either a better and widely accepted way to handle
> non-spam-related network abuse complaints (hacking, DoS, etc), or at
> least best practices for triage on the huge volume of mail that comes
> into [email protected], procedures such that the rare legitimate complaint about
> non-spam network abuse can be routed to my team in a timely manner.
whois is the right one. But IMHO the ARIN whois is a bit limited and
also odd, but that might be because I am used to seeing a different kind
of data ;)
In RIPE db we have a nice IRT (Incident Response Team) object which is
meant for this, see amongst others:
Next to that there is the 'abuse-mailbox' line which can be inserted
with most objects, similarly to irt.
These will at least allow your users to find you. Some of the tools out
there that auto-spam [email protected] when they get a silly portscan use those
fields, so at least you will get it at the right address and not at
every other single address that is listed in whois.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 311 bytes
Desc: OpenPGP digital signature
More information about the NANOG