Abuse response [Was: RE: Yahoo Mail Update]

Rich Kulawiec rsk at gsp.org
Wed Apr 16 13:17:44 UTC 2008

On Tue, Apr 15, 2008 at 08:49:39PM -0400, Martin Hannigan wrote:
> Abuse desk is a $0 revenue operation.  Is it not obvious what the issue is?

Two points, the first of which is addressed to this and the second
of which is more of a recommended attitude.

1. There is no doubt that many operations consider it so, but it's
really not.  Operations which don't adequately deal with abuse issues
are going to incur tangible and intangible costs (e.g., money spent
cleaning up local messes and getting off numerous blacklists, loss of
business due to reputation, etc.).  Those costs are likely to increase
as more and more people become increasingly annoyed with abuse-source
operations and express that via software and business decisions.  I'll
concede that this is really difficult to measure (at the moment) but
it's not zero.

2. When one's network operation abuses someone (or someone else's
operation), you owe them a fix, an explanation, and an apology.
After all, it happened in your operation on your watch, therefore you're
personally responsible for it.  And when someone in that position --
a victim of abuse -- has magnanimously documented the incident and
reported it to you, thus providing you with free consulting services --
you owe them your thanks.  After all, they caught something that got
by you -- and they've shared that with you, thus enabling you to run
a better operation, which in turn means fewer future abuse incidents,
which in turn means lower tangible and intangible costs.  And far more
importantly, it means being a better network neighbor, something we
should all be working toward all the time.


More information about the NANOG mailing list