Re: Best practices for abuse@ mailbox and network abuse complaint handling?

North American Network Operators Group

Re: Best practices for [email protected] mailbox and network abuse complaint handling?

From: K K
Date: Fri May 11 18:14:53 2007

Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=gs6AQZygmAdkp/GEZ0udFrefKMfVrJ+WK7eY5fbeTsC1zuxmEguPyS20LUxZH4joFrA2xj1y0lw1xwDVdZfNJCqmcOHOUaCwQNFZA9PeyBj1xcNNyDyTt4XSV8SVMbg72zbD2lBaL/3K0NmoCyw1DOC36v0MKT9nv7m/RL/mWec=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=NPUAffxtpq/p48CC1tXvsksvnOI8al2cktXwpbEGOAa0fCdVqje6/4+czgg4M4cAXfScBgcJCXgSXdlNbfjoLQkreAtazEvzxzfS6qATEHf+lnXe2gXynno8RdYLFdQ4K3iG4UsCl6xuiapl5Tx02WV8XYhKeFgA+xgBLTGZuyg=


The issue I see with most of the options (abuse.net, spamcop, etc)  is
they're focused on the spam problem, while my department is made up of
network operations, information security, and CERT, anything to do
with web servers, domains, and SMTP is handled by a different business
unit in another state entirely.

While 99.99% of our [email protected] mail is either spam or complaints about
spoofed spam forging our domains as the source and has nothing to do
with network operations, about once a month something truly network
related will come into that mailbox, and my team won't be alerted to
these events in a timely manner.  Only fix I can see right now is for
us to make it part of our daily workload to troll the [email protected] mailbox
on the off chance that something in there is relevant to network
operations/security/CERT.  Is this what other NANOs do?

The clueful victims will look up our ASN/ARIN records and eventually
make the right phone call -- or report the problem to law enforcement,
who definitely know how to reach us ;)

I'm hoping to find either a better and widely accepted way to handle
non-spam-related network abuse complaints (hacking, DoS, etc), or at
least best practices for triage on the huge volume of mail that comes
into [email protected],  procedures such that the rare legitimate complaint about
non-spam network abuse can be routed to my team in a timely manner.

Thanks,

Kevin

Follow-Ups:
- RE: Best practices for [email protected] mailbox and network abuse complaint handling? Stasiniewicz, Adam
- Re: Best practices for [email protected] mailbox and network abuse complaint handling? John Levine
- Re: Best practices for [email protected] mailbox and network abuse complaint handling? Jeroen Massar

References:
- Best practices for [email protected] mailbox and network abuse complaint handling? K K
- Re: Best practices for [email protected] mailbox and network abuse complaint handling? Albert Meyer

Prev by Date: RE: HSRP availability in datacenters?
Next by Date: RE: HSRP availability in datacenters?
Date Index
Thread Index
Author Index
Historical