Abuse response

Rich Kulawiec rsk at gsp.org
Tue Apr 15 14:00:21 UTC 2008

On Tue, Apr 15, 2008 at 02:01:26PM +0100, michael.dillon at bt.com wrote:
> > - Automation is far less important than clue.  Attempting to
> > compensate for lack of a sufficient number of sufficiently-
> > intelligent, experienced, diligent staff with automation is
> > a known-losing strategy, as anyone who has ever dealt with
> > an IVR system knows.
> Given that most of us use routers instead of pigeons to transport
> our packets, I would suggest that railing against automation is
> a lost cause here.

I'm not suggesting that automation is bad.  I'm suggesting that trying
to use it as a substitute for certain things, like "clue", is bad.
When used *in conjunction with clue*, it's marvelous.

> This sounds like a blanket condemnation of the majority of ISPs 
> in today's Internet. 

Yes, it is.  I regard it as everyone's primary responsibility to ensure
that their operation isn't a (systemic, persistent) operational hazard
to the entire rest of the Internet.  That's really not a lot to ask...
and there was a time when it wasn't necessary to ask, because everyone
just did it.  Where has that sense of professional responsibility gone?

> Why is it that spamtraps are not mentioned at all in MAAWG's best 
> practices documents except the one for senders, i.e. mailing list
> operators?

I can't answer that, as I didn't write them.  But everyone (who's
been paying attention) has known for many years that spamtraps are
useful for catching at least *some* of the problem, with the useful
feature that the worse the problem is, the higher the probability this
particular detection method will work.  Another example I'll give of
a loose-but-useful detection method is that any site which does mass
hosting should be screening all new customer domains for patterns like
"pay.*pal.*\." and "\.cit.*bank.*\." and flagging for human attention any
that match.  Again, this won't catch everything, but it will at least give
a fighting chance of catching *something*, thus hopefully pre-empting some
abuse before it happens and thus minimizing cleanup labor/cost/impact.
In addition, this sort of thing actively discourages abusers: sufficiently
diligent use of many tactics like this causes them to stay away in droves,
which in turn reduces abuse desk workload.  But (to go back to the first
point) none of it works without smart, skilled, empowered, people, and
while automation is an assist, it's no substitute.


More information about the NANOG mailing list