So who's the third-party for the little guy that aggregates abuse reports? I know we consume Spamcop reports which works very well for us. I'm not sure who feeds them data. Ideally I would like to be able to submit data to them in an automated fashion, but the spam appliance I have doesn't have that checkbox. If the abuse desk has already acted upon it, why not have the automated system let me know? Frank -----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of michael.dillon@bt.com Sent: Wednesday, April 16, 2008 5:08 AM To: nanog@merit.edu Subject: RE: Abuse response [Was: RE: Yahoo Mail Update]
So how do the little guys play in this sandbox?
3rd-party aggregation. Where do RBLs get there data? They act as a 3rd party to aggregate data from many others. <snip> Consider this. Any single point source of abuse, say a single broadband PC in a botnet, will spew out spam or DDOS to hundreds of destinations. If 20 of these destinations submit ARF reports, and you are one of these 20, then there is a 5% chance that your report has anything wort acting upon. 95% of the time, you will be reporting something that the abuse desk has already acted upon and it would be a waste of abuse desk resources to read and reply to your report. On the other hand, it can be very useful for the automated system to process your report for statistical purposes and to provide a better understanding of how that particular botnet functions. <snip> --Michael Dillon