amuck-landowner

Do you send abuse emails?

wlanboy

Content Contributer
Do you think abuse@provider does work?

My log watcher daemon is sending me one or two emails a day (since yesterday a lot more) about detected "attacks". I ignore that as long as there is no pattern.

But these incident are just the top of the iceberg if I look to my mailserver. Fail2ban is quite active and on saturday after breakfast I am seinding abuse mails (with attached logs) to the providers.

If I look to the responses:

  • 10% no response but ip is not showing up in my logs
  • 30% start a dispute, asking for additional information
  • 10% forward the response of their client .. always something like "cancled my customer will not happen again..."
  • 50% just do nothing
 

kaniini

Beware the bunny-rabbit!
Verified Provider
A lot of abuse desks will process the ticket but not reply.

This is probably what is happening, but if the abuse persists after contacting them, regardless of contact, you should shame them.  Also, abuse desks should be stripping the contact details of the complainant.
 

splitice

Just a little bit crazy...
Verified Provider
Depends on what for. Judging by the fail2ban reference im guessing attacks or infected hosts?

Ive sent a few for that (<10), basically the worse hosts have been Hostkey RU (I have servers there though) and Ecatel. I wouldnt bother sending them to either (although for more serious stuff I am sure it gets bast certain failters, or a .ru/.nl email address). Not worth the effort of compiling lists and evidence (Im not automated in this area).

Ive also been on the other side of it too, Hetzner's automatic processing is a bitch, especially when faulty automated scripts are involved. Basically you have to commit perjury to the automated system.

Ive only once received a response, and it was a human. Although I didn't complete a turing test.

So no I dont think its overly effective, but it probably depends on the factors involved e.g if reporting a fraud site (phishing, card site etc) its probably very effective with almost all providers. But with hard to prove things such as floods or infected hosts, hit and miss.
 

Wintereise

New Member
Most will get the issue dealt with, but will not reply -- this is standard practice.

If you want them to reply in some way, including a link or something that makes it easy for them might work, but people will still skip that.
 

jarland

The ocean is digital
The words "uphill battle" come to mind but I do believe it absolutely vital that misused IPs be reported. I'll report US residential/datacenter IPs. I'll just block anything malicious from China Telecom (because their abuse email rejects anything I send) and I black hole ecatel. Picking your battles is important. Some of these providers will ignore anything short of a small military and their IP providers seem to show little concern.
 

Damian

New Member
Verified Provider
When abuse emails are sent to us, I usually respond with some sort of "Acknowledged, problem solved" or "Problem acknowledged" or something concise. 

I used to send out abuse emails in the past, but now I only send them if they're residential/business ISPs. If they're a server/hosting/not-ISP, I look up their ASN and drop their blocks.
 

Wintereise

New Member
Well - they can use my email to reply...
In my case, if you include a link to a multiple choice form with a token, I probably will click and submit that.

Chances of me actually replying to the email is low though, since smaller companies usually do not have an abuse dept, so general staff (who are most likely swamped) have to take care of it.
 

egihosting

New Member
Verified Provider
It works.

We get hundreds of emails to abuse@. 

We respond to a few of them, but most of them just get processed and handled. We also track total numbers and a tech is alerted when something exceeds pre-defined thresholds. 
 

VPSCorey

New Member
Verified Provider
When abuse emails are sent to us, I usually respond with some sort of "Acknowledged, problem solved" or "Problem acknowledged" or something concise. 

I used to send out abuse emails in the past, but now I only send them if they're residential/business ISPs. If they're a server/hosting/not-ISP, I look up their ASN and drop their blocks.
So how much of the internet do you have left lol.

We get them and deal with the spammer usually emailing them and blocking common SMTP ports for their ip's until they resolve the issue or they get terminated.  All ISP's have to protect thier IP blocks from blacklists because it can be a pain to get them removed.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
I report them, rarely get a response and I rarely ever checkup on them.

I used to follow clients who were suspended for phishing and inform their new host after they moved away too.
 
Last edited by a moderator:

kpmedia

New Member
I send them for spam, but rarely hear back.

Same for WHMCS license check.
 
Last edited by a moderator:

splitice

Just a little bit crazy...
Verified Provider
It works.

We get hundreds of emails to abuse@. 

We respond to a few of them, but most of them just get processed and handled. We also track total numbers and a tech is alerted when something exceeds pre-defined thresholds.
I feel the same sometimes I and I only get around 3-10/day. When processing abuse emails I never send a reply. Its just forward. If it is legally important and human written it gets a note down on my notepad to be checked on when appropriate. Most of the time its just automated crap (and usually wrong). One particular client gets alot of false positives from roaming virus scanners (manually checked, and the client is running a fairly large business). Hence I dont place alot of importance on automated emails.

If you hand write one to abuse@ and include a reference to this thread you might get a reply :p
 
Last edited by a moderator:
Top
amuck-landowner