[anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thomas Hungenberg
th at cert-bund.de
Tue Jan 23 15:37:06 CET 2018
On 23.01.2018 13:52, Name wrote: > Autoresponders/webforms should actually be encouraged, because a stand alone > email address means that all a spammer/attacker has to do to is flood that email > account with bogus data and the valid reports will either get lost amongst the > genuine ones, or the inbox will become full. A CAPTCHA can increase the > reliability of reports. As explained in my last email, manually filling out webforms does not work for CERTs and other security teams sending hundreds of abuse complaints per day in a (semi-)automated fashion. The reports are usually sent with a ticket number in the subject line to track the status/responses in a ticketing system. > A ticket/web-form solution also removes the possibility of what i spoke about > before, where administrators install spam filters on their email system and > don't exclude the abuse email box from the spam filter, resulting in spam > complaints being rejected. This problem should probably be addressed in the policy as well (make sure your spam filters don't reject legit complaints). - Thomas CERT-Bund Incident Response & Malware Analysis Team
- Previous message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
- Next message (by thread): [anti-abuse-wg] [policy-announce] 2017-02 Review Phase (Regular abuse-c Validation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]