On Fri, 11 Jan 2008, Suresh Ramasubramanian wrote:
Another vendor who, after being given clear escalation paths, first kept cc'ing our upstream abuse desk, and every role account OTHER than abuse at our domain. When they finally get enough clue hammered into them to cc our abuse desk, they escalate to my work address within two hours of that, demanding it be taken down.
Let me guess which one it is, the same one that called 2 minutes later and threatened to go to the Police on YOU?
Our abuse desk would handle tix within a business day, or even earlier. And email about phish takes priority right after (say) LE requests that find their way there (instead of the special POC we already have given most LE agencies). So, escalating a manual complaint after two hours is a bit thick, I'd say.
Anyway, that particular vendor got told to take a hike, told that we wouldnt accept any further reports from them (and that our automated scripts kill about 20 for every one that they report anyway), and that we'd contact the one client they seem to send these alerts for directly and set up something more automated, where they could send us a list (in a standard format, and verified at their end) and we'd take it down automatically. Of course with manual review later.
Their client's name starts with C? :)
Neither of those two takedown services (especially not the one in #2) is going to get anything like this offered to them. Not until they actually learn to play nice with other ISPs. Which comes right back to Sean's remark that I replied to.
Sorry for the long emails, but I do wish more takedown services (and more abuse / security desks) would read the MAAWG abuse desk best practice document ..
http://www.maawg.org/about/publishedDocuments/Abuse_Desk_Common_Practices.pd...
Best suggestion of the thread. Now how can we make that happen? If we can give it an easily Googable name, we may be able to mention it in the press when the occasion rises. We may be able to inform them of it (nicely) in response to abuse email. What did you find works for you?
--srs
Gadi.