Constant Abuse Reports / Borderline Spamming from RiskIQ

Denys Fedoryshchenko nuclearcat at
Mon Apr 13 14:52:15 UTC 2020

On 2020-04-13 17:25, Kushal R. wrote:
> From the past few months we have been receiving a constant stream of
> abuse reports from a company that calls themselves RiskIQ
> (
> The problem isn’t the abuse reports themselves but the way they send
> them. We receive copies of the report, on our sales, billing,
> TECH-POCs and almost everything other email address of ours that is
> available publicly. It doesn’t end there, they even online on our
> website and start using our support live chat and as recently as
> tomorrow they I see that they have now started using Twitter
> (@riskiq_irt) to do the same.
> We understand these reports and deal with them as per our policies and
> timelines but this constant spamming by them from various channels is
> not appreciated.
> Does anyone have a similar experience with them?

If the problem of abuse legit and arises with enviable constancy, maybe 
it is time to take fundamental measures to combat abuse?
I had to block port 25 by default on some operators and create a 
self-care web page for removing it,
  with the requirement to read legal agreement where consequences stated, 
if the client start spamming.
For those who are bruteforcing other people's servers / credentials, 
soft-throttling ACL had to be implemented.
And as they wrote earlier, it’s better to kick out exceptionally bad 
customers than to destroy your reputation.

More information about the NANOG mailing list