On Sat 23/Oct/2021 01:38:56 +0200 Ronald F. Guilmette wrote:
In message <26f1df33-b958-bed4-f748-f82324d0b...@tana.it>, Alessandro Vesely
<ves...@tana.it> wrote:
Shouldn't there be a standard for automatically forwarding messages destined
to abuse-c following a path similar to that of RFC 2317 delegations? I'd love
if AA training encouraged such behavior.
Although delegation of abuse report handling may sound like a good idea
in theory, in practice it is a tragically bad idea.
What happens when the customer is a spammer and abuse handling is delegated
to that customer? Google for the term "list washing".
This isn't merely a theoretical possibility. Digital Ocean has previously
sent me multiple response emails saying quite explicitly that they had
forwarded my spam reports to their spammer customer(s). Those customers
will then surely cease to spam *me* but will continue to spam everyone
else on the planet.
That'd be an incentive to send spam reports, wouldn't it?
This does not create any meaningful reduction in the global spam load. It
simply rewards those "responsible" spammers who remove from their target
lists the email addresses of the few "complainers" who nowadays take the time
to report spam.
On the other hand, there are honest mailbox providers who have not realized
that their system has been hacked, or that their clients' credentials have been
stolen. And if you send a complaint to my abuse-c address, I won't get it.
For an easy guess, LIRs who offer services at regular prices —not thousand
domain discounts— have more of the latter cases. Still, their budget might not
be enough for an abuse team capable of looking at each complaint.
Best
Ale
