Abuse response [Was: RE: Yahoo Mail Update]

Frank Bulk frnkblk at iname.com
Wed Apr 16 15:41:34 UTC 2008

So who's the third-party for the little guy that aggregates abuse reports?
I know we consume Spamcop reports which works very well for us.  I'm not
sure who feeds them data.  Ideally I would like to be able to submit data to
them in an automated fashion, but the spam appliance I have doesn't have
that checkbox.

If the abuse desk has already acted upon it, why not have the automated
system let me know?


-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
michael.dillon at bt.com
Sent: Wednesday, April 16, 2008 5:08 AM
To: nanog at merit.edu
Subject: RE: Abuse response [Was: RE: Yahoo Mail Update]

> So how do the little guys play in this sandbox?

3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.


Consider this. Any single point source of abuse, say a single broadband
PC in a botnet, will spew out spam or DDOS to hundreds of destinations.
If 20 of these destinations submit ARF reports, and you are one of
these 20, then there is a 5% chance that your report has anything wort
acting upon. 95% of the time, you will be reporting something that the
abuse desk has already acted upon and it would be a waste of abuse desk
resources to read and reply to your report. On the other hand, it can
be very useful for the automated system to process your report for
statistical purposes and to provide a better understanding of how
that particular botnet functions.


--Michael Dillon

More information about the NANOG mailing list