Security Incidents mailing list archives
Re: Proper ISP Reporting
From: Valdis.Kletnieks () vt edu
Date: Wed, 17 Aug 2005 01:31:16 -0400
On Tue, 16 Aug 2005 22:01:40 EDT, Jason Burton said:
Anyone have samples of how to properly report to ISP's regarding abuse? ie. What format the email should be in, sample phrases, or sentences that might help. I've been doing this for a while and while some work, some have not. Im wondering if anyone has examples.
The single biggest factor in getting abuse@ISP isn't what you send, it's the ISP. There are abuse desks that take things seriously - and then there's ISP's that are selling for $9.95/mo to Joe Sixpack, where the profit margin doesn't support being able to actually do anything more than deleting a problem report. We take reports seriously - anything that we can hand-parse out an IP address of ours, a timestamp, and an indication of what happened, we'll deal with (though we tend to not take seriously "You sent me a virus" complaints caused by some box in Poland forging a From:, and "ntp-1.vt.edu is scanning me from port 123", and similar IWF issues - we have canned responses for many of those). On the other hand, if we didn't care, there's pretty much nothing you could put into the note that would change our mind... As an aside, I've seen some people complain about how difficult it is to report phishing to some *very* large domains. If the phisher sent 40 million spams out, and the company makes it so only one in 100K recipients manages to actually report it, that's *still* 400 reports they have to sort through. If they made it *easier*, they'd drown in reports. Of course, there's also some banks that still Just Don't Get It, and have their heads in the sand. It's sometimes hard to tell from outside which variety of difficult you're dealing with..
Attachment:
_bin
Description:
Current thread:
- Proper ISP Reporting Jason Burton (Aug 16)
- Re: Proper ISP Reporting chip (Aug 17)
- RE: Proper ISP Reporting Ramki B (Aug 17)
- Re: Proper ISP Reporting Rod Barnhart (Aug 17)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 17)
- RE: Proper ISP Reporting Lyal Collins (Aug 17)
- <Possible follow-ups>
- Re: Proper ISP Reporting Brandon Butterworth (Aug 17)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- Re: Proper ISP Reporting Valdis . Kletnieks (Aug 22)
- Re: Proper ISP Reporting Leif Ericksen (Aug 19)
- RE: Proper ISP Reporting Lepich, Jesse A Mr GLWACH (Aug 17)
- RE: Proper ISP Reporting McKinley, Jackson (Aug 18)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
- Re: Proper ISP Reporting Dennis Willson (Aug 22)
- RE: Proper ISP Reporting Scott Fuhriman (Aug 19)
- RE: Proper ISP Reporting Swen Wulf (Aug 19)