Abuse response [Was: RE: Yahoo Mail Update]

Suresh Ramasubramanian ops.lists at gmail.com
Tue Apr 15 06:18:17 UTC 2008

On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson <fergdawg at netzero.net> wrote:
>  In fact, we have done just that -- develop a standard boilerplate
>  very similar to what PIRT uses in its notification(s) to the
>  stakeholders in phishing incidents.

The boilerplate is no damned use.  PIRT - and you - should be focusing
on feedback loops, and that would practically guarantee instant
takedown, especially when the notification is sent by trusted parties.

>  Again, our success rate is somewhere in the 50% neighborhood.

With the larger providers it will get to 100% once you go the feedback
loop route.

Do ARF, do IODEF etc.  You will find it much easier for abuse desks
that care to process your reports.  You will also find it easier to
feed these into nationwide incident response / alert systems like
Australia's AISI (google it up, you will like the concept I think)


More information about the NANOG mailing list