Abuse response

michael.dillon at bt.com michael.dillon at bt.com
Tue Apr 15 13:01:26 UTC 2008

> - Automation is far less important than clue.  Attempting to
> compensate for lack of a sufficient number of sufficiently-
> intelligent, experienced, diligent staff with automation is
> a known-losing strategy, as anyone who has ever dealt with
> an IVR system knows.

Given that most of us use routers instead of pigeons to transport
our packets, I would suggest that railing against automation is
a lost cause here.

> - Poorly-desigged and poorly-run operations markedly increase 
> the workload for their own abuse desks.

This sounds like a blanket condemnation of the majority of ISPs 
in today's Internet. 

> - A nominally competent abuse desk handles reports quickly 
> and efficiently.
> A good abuse desk DOES NOT NEED all those reports because it 
> already knows.
> (For example, large email providers should have large numbers 
> of spamtraps scattered all over the 'net and should be using 
> simple methods to correlate what arrives at them to provide 
> themselves with an early "heads up".  This won't catch 
> everything, of course, but it doesn't have to.)

Why is it that spamtraps are not mentioned at all in MAAWG's best 
practices documents except the one for senders, i.e. mailing list

Note that if an ISP does have a network of spamtraps, then they have
an automated reporting system, which you denounced in your first point.

I agree that simply automating things will not make anything better, but
intelligent automation is good for you and me and the ISP who implements
it. An intelligent automation system could identify a spam source and
immediately block the port 25 traffic until it can be investigated by
a human being.

--Michael Dillon

More information about the NANOG mailing list