Adding onto Randy's comment as every higher-ed I've worked for has had research space that's does active probing. Part of dealing with that is the security team will respond to any emails to the abuse contacts. Additionally, I think it would be interesting to include from the perspective of the reporters. We have automated reporting in place for phishing urls where we let the operator of that space know what's going on. We've got some really good responses from folks like Gandi, who are extremely proactive in taking these complaints seriously. Cheers, Harry On Fri, Apr 24, 2026 at 12:22 PM Randy Bush via NANOG <nanog@lists.nanog.org> wrote:
The entire industry can tell you that the signal to nose ratio of most abuse reporting mailboxes is heavily skewed towards noise. If an operator has an abuse email anywhere, it will be run over with complaints from users who saw one of their IPs in a spam message header, or who saw something logged in their home router/firewall logs and WANTS YOU TO MAKE THESE ATTACKS STOP IMMEDIATELY.
not our experience. we have non-trivial research space, some of which does active probing, nothing hostile. we get a message or two a month. and we respond. tiny compared to the general level of spam and of the folk skimming whois data for email addys to try to sell or buy ipv4 space.
as your experience is so unlike ours, should we suspect there is a skewed distribution? perhaps this research project will tell us.
randy _______________________________________________ NANOG mailing list
https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/VSMWWXSI...