[anti-abuse-wg] How Not To Ask For A Website to Be taken Down
- Previous message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
- Next message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kostas Zorbadelos
kzorba at otenet.gr
Thu Dec 23 08:17:20 CET 2010
On Thursday, December 23, 2010 08:59:43 am Ronald F. Guilmette wrote: Now, let me see if I get this right... This post contains more than a 1000 words, to argue about NOT using abuse contacts, in the real world, and this is how reports should be sent? I am definitely missing something here... Regards, Kostas > My apologies for not following up on this sooner. It's definitely the busy > season... > > In message <97C58E22-A243-4A57-9602-7184B5D3522A at blacknight.ie>, > > "Michele Neylon :: Blacknight" <michele at blacknight.ie> wrote: > >>What is it, exactly, about that message that caused you to have any > >>difficulty in "working it out"? > > > >To start with it was sent to just about every single contact point > >imaginab le except our abuse contact. The only reason it made it to our > >abuse team a t all was because one of our sales staff asked me to look at > >it. > > Well, OK. Arguably that was bad form on their part. But having been > "in the trenches" now myself for over 15 years, I can well and truly > understand why they didn't even bother to CC: abuse@ (even though I > myself would have done so). > > In fact there are many reasons why an intelligent and an _experienced_ > person would never even waste the bits to even CC: abuse at . Here are > justr a few of those reasons: > > #1) On a large number of commercial ISP networks, abuse@ has been aliased > to /dev/null. This isn't speculation. This is fact. > > Certainly, a lot of commercial ISPs make a business of catering especially > to the lucrative spamming trade. Thus, these ISPs in particular they have > less than zero interest in _anything_ anybody might send to abuse at . (And > some, like several in Russia... or that one in "Belize" I already posted > about... are run by folks who are criminals themselves. So they don't even > care even if you have a non-spam related "abuse" issue.) > > Even for the vast majority of commercial networks that are NOT specifically > going out of their way to cater especially to spammers or other criminals, > the decision has been made, long ago (and in many cases even BEFORE the > advent of the Great Recession) that any sort of "abuse desk" type function > is an unjustifiable "cost center" as opposed to a "profit center". Thus, > with only rare exceptions, virtually every ISP that is any bigger than a > small-time "mon and pop" operation has long ago aliased abuse@ to /dev/null > because management sees no profit potential whatsoever is assigning even > a fractional warm body to read that stuff. > > And of course, the advent of the Great Recession only speeded up the final > (and now near total and global) aliasing of abuse@ to /dev/null. > > Even for those networks... a minority to begin with... where there existed > some sense of public/community responsibility (e.g. to investigate & > respond to network abuse reports) and/or a sense of the importantance and > value of maintaining a good corporate reputation, the Great Recession has, > for many, sharpened the coroprate focus on mere survival, while niceities > like good corporate netizenship have, understandably I suppose, gone by > the wayside. > > #2) Even for those networks where abuse@ is not aliased to /dev/null, > sending anything other than a _spam_ report to that address will typically > engender either (a) no response at all (with the message being silently > discarded) or else (b) an irritated response of the form "Why are you > sending this to abuse@??" or else (c) a more or less automated response > (either from an actual program or else from a low-paid human who has been > trained to act like one) the form "We're sorry, but we cannot accept > abuse complaints without either (a) a full set of e-mail headers or else > (b) a complete set of system intrusion logs." > > Obviously, in the case under discussion, which involved primarily > violations of trademark rights (and with the high probability of > associated phishing activity being only "unproven" and speculative) the > party sending the report had no system logs nor any e-mail headers to > send. > > #3) Although, for the various reasons noted above, and others, sending a > report like this to an abuse@ address might yield no meaningful or useful > action at all, the mere presence of the corporate abuse@ address, either > in the To: header or in the Cc: header would most likely cause any and > all other parties to whom such a report had been addressed (and who might > otherwise potentially be more responsive/responsible than abuse@) to simply > trash the message, e.g. because they might reasonably assume that "Oh! > This was sent to abuse@ too, so the abuse department/person will surely > handle it, and I don't need to get involved." > > #4) Last but not least, in the circles I travel in, a clear and unambiguous > distinction is often drawn between "abuse ON the network" and "abuse OF the > network". As we all know, the latter occurs almost every second of the > day, somewhere on the Internet, and it can range from undeserved insults > and slanders to sophisticated social engineering con games involving > millions of dollars. But none of that "abuse ON the network" in any way > threatens the operational status of any part of the net. Conversely, of > course, spam and DoS attack directly threaten the operational status of > either parts of the net or, in sum, even the whole thing, and thus, by > tradition among the people I commonly hang out with, "abuse OF the net" is > widley considered to be the only thing (a) that humans can reasonably > fight and also (b) in many people's minds, it is the only thing that's > _worth_ fighting for. (After all, the world and the net will go on even > if you or I are heniously slandered or even defrauded, tomorrow, somewhere > on the Internet.) > > The upshot of all this line of thinking is that some (many?) believe that > it's not even the job of an ISP abuse desk to even delve into any matters > that do not clearly affect network operational status. At any and all > ISPs of this persuasion, a note to abuse@ regarding a clear trademark > violation (and a plausible/possible phishing threat) would be discarded > virtually the moment it was opened. > > _=_=_= > > I'm not saying that any if the above are ``good'' reasons why a report like > the one sent to you from BofA _should_ be effectively ignored by the person > or robot tasked with reading mail sent to abuse@ (at various ISPs). I am > only saying that out here in the Real World, that is, alas, what often > would (and does) happen. > > >>> If your first language isn't English then I suspect you'll dismiss it > >>> as spam .. .. I know some of my staff did and they supposedly speak > >>> English > >> > >> Again, I am utterly baffled by your comment. Can you explain why anyone > >> would ever dismiss BofA's message to you as spam? > > > >Read the message. Instead of simply stating that they are alerting us to > >an > > > > issue they start off with a long convoluted text about their trademarks, > > w > > > >hich is totally irrelevant to us. All we want to know is that someone is > >re porting abuse, what type of abuse it is and where it is located. > > OK, now _here_ you have a point that I cannot reasonably take issue with. > And your point is, I think, not only valid but also, potentially very > useful. You're right. I think the way that people in the news business > commonly express the point you just made is that it is bad practice to > "bury the lead", i.e. its important to express the major point you are > trying to make (in a news story or in an abuse report) clearly, concisely, > and in the first sentence. > > That's a good lesson for all of us writers of abuse reports, and one I'll > try, in future, never to forget myself. > > >You might not find this hard to understand, but I suspect this is because > >y ou are used to reading these kind of emails and might be immune to how > >badly worded they are. > > No, actually, it is more because I have some extensive experience reading > legal documents (e.g. court filings) and thus I'm already so adept at > hacking through the thicket of words (to find the meat) that it's almost > second nature (and automatic/subconcious) to me now, kind of like people > who are so practiced that they can almost play a piano concerto in their > sleep. That explains why, when I see something like that BofA e-mail you > posted, its verbosity and/or failure to clearly and quickly come to the > point doesn't faze me in the slightest. (I guess that I have been hanging > out with lawyers too long. :-) > > > Regards, > rfg
- Previous message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
- Next message (by thread): [anti-abuse-wg] How Not To Ask For A Website to Be taken Down
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]