Constant Abuse Reports / Borderline Spamming from RiskIQ

Suresh Ramasubramanian ops.lists at
Mon Apr 13 18:49:47 UTC 2020

RiskIQ reports phish URLs for large brands

The life cycle of a typical phish campaign is in hours but I guess people can live with 24. If you handle the complaint only after two business days, that’s closing the barn door after the horse has bolted and crossed a state line.

From: NANOG <nanog-bounces at> on behalf of Tom Beecher <beecher at>
Sent: Tuesday, April 14, 2020 12:11:18 AM
To: Kushal R. <kushal.r at>
Cc: Nanog <nanog at>; Rich Kulawiec <rsk at>
Subject: Re: Constant Abuse Reports / Borderline Spamming from RiskIQ

I would agree that Twitter is not a primary place for abuse reporting.

If they are reporting things via your correct abuse channel and you are indeed handling them within 48 business hours, then I would also agree this much extra spray and pray is excessive. However RiskIQ is known to be pretty responsible, so if they are doing this they likely feel like they are NOT getting appropriate responses from you and are resorting to scorched earth. Have you attempted to reach out to them and make sure they have the proper direct channel for abuse reporting?

On Mon, Apr 13, 2020 at 1:45 PM Kushal R. <kushal.r at<mailto:kushal.r at>> wrote:
All abuse reports that we receive are dealt within 48 business hours. As far as that tweet is concerned, it’s pending for 16 days because they have been blocked from sending us any emails due to the sheer amount of emails they started sending and then our live support chats.

We send our abuse reports to, but we don’t spam them to every publicly available email address for an organisation, it isn’t difficult to lookup the Abuse POC for an IP or network and just because you do not get a response in 24 hours does not mean you forward the same report to 10 other email addresses. Similarly twitter isn’t a place to report abuse either.

On Apr 13, 2020 at 9:37 PM, <Rich Kulawiec<mailto:rsk at>> wrote:

       On Mon, Apr 13, 2020 at 07:55:37PM +0530, Kushal R. wrote:  >  We understand these reports and deal with them as per our policies and timelines but this constant spamming by them from various channels is not appreciated. Quoting from: which is dated 9:15 AM 4/13/2020: 5 #phishing URLs on admin12.find-textbook[.]com were reported to @Host4Geeks (Walnut, CA) from as far back as 16 days ago, and they are all STILL active 16 days is unacceptable. If you can't do better than that -- MUCH better -- then shut down your entire operation today as it's unworthy of being any part of the Internet community. ---rsk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list