Re: Best practices for abuse@ mailbox and network abuse complaint handling?

[Douglas Otis <dotis () mail-abuse org>]

On May 12, 2007, at 8:57 PM, K K wrote:

> On 5/11/07, william(at)elan.net <william () elan net> wrote:
> > On Fri, 12 May 2007, John Levine wrote:
> > >> The issue I see with most of the options (abuse.net, spamcop,  
> > etc)  is
> > >
> > > Hey, leave abuse.net out of this, please.  It's just a database  
> > of contact addresses.
>
> And it does a fine job at being a database of DOMAIN contact  
> addresses, but  what abuse.net doesn't do is provide any  
> information on NETWORK contacts, it will only look up names,  not  
> IPs -- for those the victim need to be clueful enough to know what  
> an ASN is and how to look up the ASN contact details...
>
> I was hoping that there would be someplace like abuse.net where we  
> could register our IPs and ASN, so non-NANOGers could know to  
> contact network-abuse@ when they think our network is attacking them?

Perhaps abuse.net could include links to:

http://www.cymru.com/BGP/asnlookup.html
http://www.completewhois.com/
http://www.routeviews.org/
etc.

The desire seems to be network operations are to remain unaffected by  
spam sourced by the ASN.  Some view spam as a user problem, and not a  
network management issue.  A resent paper published on ASRG on how to  
operate a black-hole list excluded mention of ASNs.  The nature of  
the Internet however requires more attention to the ASN.

> > Personally I generally report non-spam complaints to same abuse  
> > designated mailbox (it is abuse after all) but also CC data from  
> > abuse contacts from ASN whois.
>
> That's exactly the problem -- non-spam complaints end up going to  
> the same abuse designated mailbox, but outside of NANOG nobody even  
> knows what ASN stands for.

There is a reason for that.

-Doug