# Do you send abuse emails?



## wlanboy (Jul 6, 2013)

Do you think [email protected] does work?

My log watcher daemon is sending me one or two emails a day (since yesterday a lot more) about detected "attacks". I ignore that as long as there is no pattern.

But these incident are just the top of the iceberg if I look to my mailserver. Fail2ban is quite active and on saturday after breakfast I am seinding abuse mails (with attached logs) to the providers.

If I look to the responses:


10% no response but ip is not showing up in my logs
30% start a dispute, asking for additional information
10% forward the response of their client .. always something like "cancled my customer will not happen again..."
50% just do nothing


----------



## kaniini (Jul 6, 2013)

A lot of abuse desks will process the ticket but not reply.

This is probably what is happening, but if the abuse persists after contacting them, regardless of contact, you should shame them.  Also, abuse desks should be stripping the contact details of the complainant.


----------



## splitice (Jul 6, 2013)

Depends on what for. Judging by the fail2ban reference im guessing attacks or infected hosts?

Ive sent a few for that (<10), basically the worse hosts have been Hostkey RU (I have servers there though) and Ecatel. I wouldnt bother sending them to either (although for more serious stuff I am sure it gets bast certain failters, or a .ru/.nl email address). Not worth the effort of compiling lists and evidence (Im not automated in this area).

Ive also been on the other side of it too, Hetzner's automatic processing is a bitch, especially when faulty automated scripts are involved. Basically you have to commit perjury to the automated system.

Ive only once received a response, and it was a human. Although I didn't complete a turing test.

So no I dont think its overly effective, but it probably depends on the factors involved e.g if reporting a fraud site (phishing, card site etc) its probably very effective with almost all providers. But with hard to prove things such as floods or infected hosts, hit and miss.


----------



## sv01 (Jul 6, 2013)

yes I do, but so far never get reply 

soo many bot scanner these day


----------



## Wintereise (Jul 6, 2013)

Most will get the issue dealt with, but will not reply -- this is standard practice.

If you want them to reply in some way, including a link or something that makes it easy for them might work, but people will still skip that.


----------



## jarland (Jul 6, 2013)

The words "uphill battle" come to mind but I do believe it absolutely vital that misused IPs be reported. I'll report US residential/datacenter IPs. I'll just block anything malicious from China Telecom (because their abuse email rejects anything I send) and I black hole ecatel. Picking your battles is important. Some of these providers will ignore anything short of a small military and their IP providers seem to show little concern.


----------



## Damian (Jul 6, 2013)

When abuse emails are sent to us, I usually respond with some sort of "Acknowledged, problem solved" or "Problem acknowledged" or something concise. 

I used to send out abuse emails in the past, but now I only send them if they're residential/business ISPs. If they're a server/hosting/not-ISP, I look up their ASN and drop their blocks.


----------



## wlanboy (Jul 7, 2013)

Wintereise said:


> Most will get the issue dealt with, but will not reply -- this is standard practice.


Good to know.



Wintereise said:


> If you want them to reply in some way, including a link or something that makes it easy for them might work, but people will still skip that.


Well - they can use my email to reply...


----------



## Wintereise (Jul 7, 2013)

wlanboy said:


> Well - they can use my email to reply...


In my case, if you include a link to a multiple choice form with a token, I probably will click and submit that.

Chances of me actually replying to the email is low though, since smaller companies usually do not have an abuse dept, so general staff (who are most likely swamped) have to take care of it.


----------



## egihosting (Jul 9, 2013)

It works.

We get hundreds of emails to [email protected] 

We respond to a few of them, but most of them just get processed and handled. We also track total numbers and a tech is alerted when something exceeds pre-defined thresholds.


----------



## wlanboy (Jul 9, 2013)

egihosting said:


> We get hundreds of emails to [email protected]


So I am not the only one writing abuse emails B) .


----------



## VPSCorey (Jul 12, 2013)

Damian said:


> When abuse emails are sent to us, I usually respond with some sort of "Acknowledged, problem solved" or "Problem acknowledged" or something concise.
> 
> I used to send out abuse emails in the past, but now I only send them if they're residential/business ISPs. If they're a server/hosting/not-ISP, I look up their ASN and drop their blocks.


So how much of the internet do you have left lol.

We get them and deal with the spammer usually emailing them and blocking common SMTP ports for their ip's until they resolve the issue or they get terminated.  All ISP's have to protect thier IP blocks from blacklists because it can be a pain to get them removed.


----------



## MannDude (Jul 13, 2013)

I report them, rarely get a response and I rarely ever checkup on them.

I used to follow clients who were suspended for phishing and inform their new host after they moved away too.


----------



## kpmedia (Jul 15, 2013)

I send them for spam, but rarely hear back.

Same for WHMCS license check.


----------



## nixcom (Aug 9, 2013)

Normally I'm suspending the account and asking customer to contact me to fix the issue.


----------



## wlanboy (Aug 9, 2013)

nixcom said:


> Normally I'm suspending the account and asking customer to contact me to fix the issue.


If that could only be said for Sharktech or VolumeDrive.


----------



## HostUS-Alexander (Aug 12, 2013)

I sent about 30 abuse emails today, wasted 3 hours of my staffs time :/

-Alexander


----------



## splitice (Aug 13, 2013)

egihosting said:


> It works.
> 
> We get hundreds of emails to [email protected]
> 
> We respond to a few of them, but most of them just get processed and handled. We also track total numbers and a tech is alerted when something exceeds pre-defined thresholds.


I feel the same sometimes I and I only get around 3-10/day. When processing abuse emails I never send a reply. Its just forward. If it is legally important and human written it gets a note down on my notepad to be checked on when appropriate. Most of the time its just automated crap (and usually wrong). One particular client gets alot of false positives from roaming virus scanners (manually checked, and the client is running a fairly large business). Hence I dont place alot of importance on automated emails.

If you hand write one to [email protected] and include a reference to this thread you might get a reply


----------

