On 5/11/07, K K <kkadow@gmail.com> wrote:
Can anybody point me at best practices for monitoring and responding to abuse complaints, and good solutions for accepting complaints about network abuse? Any recommended outsourced services for processing abuse complaints?
Well, there's a few things 1. Mitigate [port 25 management, walled gardens and such] => Cut down on the number of abuse causing issues 2. Automate => Abacus or other abuse desk optimized ticketing system, as John Levine said => Feedback loops (ARF formatted) from various ISPs => Ditto, automated feeds from Phishtank, Netcraft, your local CERT 3. Spread the load intelligently => Whatever can be handled by tier 1 should be handled by tier 1
Probably 98% of the mailbox is from are spammers who've harvested or randomly targeted abuse@ addresses for male enhancement, maybe 1.99%
So? A little filtering should handle a lot of that, procmail even. At least to file the obvious crap into a different folder that can be looked at and blown away
to educate management on responsible mass mailing). But every once in a while there is a legitimate network-related "incident", and my team does need to see those messages in a timely manner.
Separate POCs as far as possible (postmaster for block related issues, abuse for spam related issues, and a block interface like the one we have around - http://spamblock.outblaze.com/ip.add.re.ss), and quick, automated escalations. Ditto tools to automate as much of the "search" stuff as possible. Prioritizing incidents in your queue as well (stuff like LE requests, largescale network incidents etc can usually be spotted from the subject line itself) Takes time to build that kind of setup, but the time spent is well worth it MAAWG's working on an abuse desk best practice doc over the last few meetings, it should be well worth reading when it does come out. --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)