"we don’t get to tell someone they’re managing their network wrong" 

Sure we do. They don't have to listen, but we get to tell them. RFCs are full 
of things that one shall not do, must do, etc. We shame network operators all 
of the time for things they do that affect the global community. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Matt Corallo" <na...@as397444.net> 
To: "Mike Hammett" <na...@ics-il.net> 
Cc: "NANOG" <nanog@nanog.org> 
Sent: Friday, August 6, 2021 8:50:00 AM 
Subject: Re: Abuse Contact Handling 



Costs real money to figure out, for each customer scanning parts of the 
internet, if they’re doing it legitimately or maliciously. Costs real money to 
look into whether someone is spamming or just sending bulk email that customers 
signed up for. And what do you do if it is legitimate? Lots of abuse reports 
don’t follow X-ARF, so now you have to have a human process than and chose 
which ones to ignore. Or you just tell everyone to fill out a common web form 
and then the data is all nice and structured and you can process it sanely. 


Like Randy said, we don’t get to tell someone they’re managing their network 
wrong. If you don’t want to talk to AWS, don’t talk to AWS. If you want them to 
manage their network differently, reach out, understand their business 
concerns, help alleviate them. Maybe propose a second Abuse Contact type that 
only accepts X-ARF that they can use? There’s lots of things that could be done 
that are productive here. 


Matt 






On Aug 6, 2021, at 08:08, Mike Hammett <na...@ics-il.net> wrote: 




<blockquote>


I suppose if they did a better job of policing their own network, they wouldn't 
have as much hitting their e-mail boxes. 




----- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

Midwest-IX 
http://www.midwest-ix.com 

----- Original Message -----

From: "Matt Corallo" <na...@as397444.net> 
To: "Mike Hammett" <na...@ics-il.net>, "NANOG" <nanog@nanog.org> 
Sent: Thursday, August 5, 2021 3:44:43 PM 
Subject: Re: Abuse Contact Handling 

There's a few old threads on this from last year or so, but while unmonitored 
abuse contacts are terrible, similarly, 
people have installed automated abuse contact spammer systems which is equally 
terrible. Thus, lots of the large hosting 
providers have deemed the cost of actually putting a human on an abuse contact 
is much too high. 

I'm not sure what the answer is here, but I totally get why large providers 
just say "we can better protect a web form 
with a captcha than an email box, go use that if there's real abuse". 

Matt 

On 8/5/21 09:14, Mike Hammett wrote: 
> What does the greater operator community think of RIR abuse contacts that are 
> unmonitored autoresponders? 
> 
> 
> 
> ----- 
> Mike Hammett 
> Intelligent Computing Solutions 
> http://www.ics-il.com 
> 
> Midwest-IX 
> http://www.midwest-ix.com 


</blockquote>

Reply via email to