North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Best practices for [email protected] mailbox and network abuse complaint handling?

  • From: Douglas Otis
  • Date: Sun May 13 11:07:58 2007


On May 12, 2007, at 8:57 PM, K K wrote:


On 5/11/07, william(at)elan.net <[email protected]> wrote:
On Fri, 12 May 2007, John Levine wrote:
>> The issue I see with most of the options (abuse.net, spamcop, etc) is
>
> Hey, leave abuse.net out of this, please. It's just a database of contact addresses.

And it does a fine job at being a database of DOMAIN contact addresses, but what abuse.net doesn't do is provide any information on NETWORK contacts, it will only look up names, not IPs -- for those the victim need to be clueful enough to know what an ASN is and how to look up the ASN contact details...

I was hoping that there would be someplace like abuse.net where we could register our IPs and ASN, so non-NANOGers could know to contact [email protected] when they think our network is attacking them?

Perhaps abuse.net could include links to:

http://www.cymru.com/BGP/asnlookup.html
http://www.completewhois.com/
http://www.routeviews.org/
etc.

The desire seems to be network operations are to remain unaffected by spam sourced by the ASN. Some view spam as a user problem, and not a network management issue. A resent paper published on ASRG on how to operate a black-hole list excluded mention of ASNs. The nature of the Internet however requires more attention to the ASN.

Personally I generally report non-spam complaints to same abuse designated mailbox (it is abuse after all) but also CC data from abuse contacts from ASN whois.

That's exactly the problem -- non-spam complaints end up going to the same abuse designated mailbox, but outside of NANOG nobody even knows what ASN stands for.

There is a reason for that.

-Doug