Re: Proper ISP Reporting

[Valdis.Kletnieks () vt edu]

On Tue, 16 Aug 2005 22:01:40 EDT, Jason Burton said:
> Anyone have samples of how to properly report to ISP's regarding abuse?
>  
> ie. What format the email should be in, sample phrases, or sentences that
> might help. I've been doing this for a while and while some work, some have
> not. Im wondering if anyone has examples.

The single biggest factor in getting abuse@ISP isn't what you send, it's the
ISP. There are abuse desks that take things seriously - and then there's ISP's
that are selling for $9.95/mo to Joe Sixpack, where the profit margin doesn't
support being able to actually do anything more than deleting a problem report.
We take reports seriously - anything that we can hand-parse out an IP address
of ours, a timestamp, and an indication of what happened, we'll deal with
(though we tend to not take seriously "You sent me a virus" complaints caused
by some box in Poland forging a From:, and "ntp-1.vt.edu is scanning me from
port 123", and similar IWF issues - we have canned responses for many of
those).

On the other hand, if we didn't care, there's pretty much nothing you could put
into the note that would change our mind...

As an aside, I've seen some people complain about how difficult it is to report
phishing to some *very* large domains.  If the phisher sent 40 million spams
out, and the company makes it so only one in 100K recipients manages to
actually report it, that's *still* 400 reports they have to sort through.  If
they made it *easier*, they'd drown in reports.  Of course, there's also some
banks that still Just Don't Get It, and have their heads in the sand.  It's
sometimes hard to tell from outside which variety of difficult you're dealing
with..

Attachment: _bin
Description: