Best practices for [email protected] mailbox and network abuse complaint handling?

Douglas Otis dotis at mail-abuse.org
Sun May 13 15:03:30 UTC 2007


On May 12, 2007, at 8:57 PM, K K wrote:

>
> On 5/11/07, william(at)elan.net <william at elan.net> wrote:
>> On Fri, 12 May 2007, John Levine wrote:
>> >> The issue I see with most of the options (abuse.net, spamcop,  
>> etc)  is
>> >
>> > Hey, leave abuse.net out of this, please.  It's just a database  
>> of contact addresses.
>
> And it does a fine job at being a database of DOMAIN contact  
> addresses, but  what abuse.net doesn't do is provide any  
> information on NETWORK contacts, it will only look up names,  not  
> IPs -- for those the victim need to be clueful enough to know what  
> an ASN is and how to look up the ASN contact details...
>
> I was hoping that there would be someplace like abuse.net where we  
> could register our IPs and ASN, so non-NANOGers could know to  
> contact [email protected] when they think our network is attacking them?

Perhaps abuse.net could include links to:

http://www.cymru.com/BGP/asnlookup.html
http://www.completewhois.com/
http://www.routeviews.org/
etc.

The desire seems to be network operations are to remain unaffected by  
spam sourced by the ASN.  Some view spam as a user problem, and not a  
network management issue.  A resent paper published on ASRG on how to  
operate a black-hole list excluded mention of ASNs.  The nature of  
the Internet however requires more attention to the ASN.

>> Personally I generally report non-spam complaints to same abuse  
>> designated mailbox (it is abuse after all) but also CC data from  
>> abuse contacts from ASN whois.
>
> That's exactly the problem -- non-spam complaints end up going to  
> the same abuse designated mailbox, but outside of NANOG nobody even  
> knows what ASN stands for.

There is a reason for that.

-Doug





More information about the NANOG mailing list