North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: BCP for Abuse Desk
On Tue, 30 May 2006 15:02:21 PDT, Dave Rand said: > Of late, I have found many large ISPs that are employing anti-spam filters on > their [email protected] addresses. > > Needless to say, they seem surprised that their customers have any abuse > issues involving spam at all :-) Paging Randy Bush - one of your competitors is on the phone... :) > I know that there was a Abuse Desk BCP working group started a few years ago. > Can anyone give me an update on BCP practices that I can refer ISPs to? http://asrg.sp.am/subgroups/bcp.shtml says: "Previous BCP subgroup has been active from September of 2003 until December of 2003 when it was shutdown due to lack of active members. This subgroup is currently in formation, will be restarting as soon as we have enough interested participants." Oooh... Kaay.. Really though, all the BCP you need is: 1) Make sure the '[email protected]' and '[email protected]' addresses accept mail and actually go to live people that can take action (rather than routing to /dev/null or bouncing because the mailbox is full). 2) Don't put a spam filter in front of the spam reporting address. 3) Take *meaningful* action that actually fixes the problem. 3a) Don't send back a "this spam isn't from us" canned message when the headers clearly show it came from you, etc.... 3b) No pink contracts. 3c) Do a basic check on new customers. http://www.spamhaus.org/Rokso/ is a good start. 3d) Make sure your ToS allows nuking a spamming/abusive host. 3e) Then *use* that clause in the ToS when needed.