Best practices for [email protected] mailbox and network abuse complaint handling?

Jeroen Massar jeroen at
Fri May 11 22:31:46 UTC 2007

K K wrote:
> I'm hoping to find either a better and widely accepted way to handle
> non-spam-related network abuse complaints (hacking, DoS, etc), or at
> least best practices for triage on the huge volume of mail that comes
> into [email protected],  procedures such that the rare legitimate complaint about
> non-spam network abuse can be routed to my team in a timely manner.

whois is the right one. But IMHO the ARIN whois is a bit limited and
also odd, but that might be because I am used to seeing a different kind
of data ;)

In RIPE db we have a nice IRT (Incident Response Team) object which is
meant for this, see amongst others:

Next to that there is the 'abuse-mailbox' line which can be inserted
with most objects, similarly to irt.

These will at least allow your users to find you. Some of the tools out
there that auto-spam [email protected] when they get a silly portscan use those
fields, so at least you will get it at the right address and not at
every other single address that is listed in whois.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 311 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the NANOG mailing list