Re: Abuse response [Was: RE: Yahoo Mail Update]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -- "Suresh Ramasubramanian" <ops.lists@gmail.com> wrote:
If you send reports with lots of legal boilerplate, or reports with long lectures on why you expect an INSTANT TAKEDOWN, and send them to a busy abuse queue, there is no way - and zero reason - for the ISP people to prioritize your complaint above all the other complaints coming in.
In fact, we have done just that -- develop a standard boilerplate very similar to what PIRT uses in its notification(s) to the stakeholders in phishing incidents. Again, our success rate is somewhere in the 50% neighborhood. And that is after a few months of fine-tuning -- and 15 years of experience in these matters. :-) Nothing to write home about... - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFIBD5wq1pz9mNUZTMRAtyzAJ9yeVdLNPQYgCoacK5sNwe3N9xZ9QCeLSlS /JALeFX6VwD6Qb430CSt6yI= =f3fI -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson <fergdawg@netzero.net> wrote:
In fact, we have done just that -- develop a standard boilerplate very similar to what PIRT uses in its notification(s) to the stakeholders in phishing incidents.
The boilerplate is no damned use. PIRT - and you - should be focusing on feedback loops, and that would practically guarantee instant takedown, especially when the notification is sent by trusted parties.
Again, our success rate is somewhere in the 50% neighborhood.
With the larger providers it will get to 100% once you go the feedback loop route. Do ARF, do IODEF etc. You will find it much easier for abuse desks that care to process your reports. You will also find it easier to feed these into nationwide incident response / alert systems like Australia's AISI (google it up, you will like the concept I think) srs
The boilerplate is no damned use. PIRT - and you - should be focusing on feedback loops, and that would practically guarantee instant takedown, especially when the notification is sent by trusted parties.
Again, our success rate is somewhere in the 50% neighborhood.
With the larger providers it will get to 100% once you go the feedback loop route.
Do ARF, do IODEF etc.
Yep. http://mipassoc.org/arf/ http://xml.coverpages.org/iodef.html --Michael Dillon P.S. some more URLs that should be known to all http://asrg.sp.am/ http://www.claws-and-paws.com/spam-l/ http://puck.nether.net/mailman/listinfo/nsp-security http://www.maawg.org/about/publishedDocuments
I largely concur with the points that Paul's making, and would like to augment them with these: - Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently-intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows. - Trustability is unrelated to size. There are one-person operations out there that are obviously far more trustable than huge ones. - Don't built what you can't control. Abuse handling needs to be factored into service offerings and growth decisions, not blown off and thereby forcibly delegated to the entire rest of the Internet. - Poorly-desigged and poorly-run operations markedly increase the workload for their own abuse desks. - A nominally competent abuse desk handles reports quickly and efficiently. A good abuse desk DOES NOT NEED all those reports because it already knows. (For example, large email providers should have large numbers of spamtraps scattered all over the 'net and should be using simple methods to correlate what arrives at them to provide themselves with an early "heads up". This won't catch everything, of course, but it doesn't have to.) ---Rsk
- Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently- intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows.
Given that most of us use routers instead of pigeons to transport our packets, I would suggest that railing against automation is a lost cause here.
- Poorly-desigged and poorly-run operations markedly increase the workload for their own abuse desks.
This sounds like a blanket condemnation of the majority of ISPs in today's Internet.
- A nominally competent abuse desk handles reports quickly and efficiently. A good abuse desk DOES NOT NEED all those reports because it already knows. (For example, large email providers should have large numbers of spamtraps scattered all over the 'net and should be using simple methods to correlate what arrives at them to provide themselves with an early "heads up". This won't catch everything, of course, but it doesn't have to.)
Why is it that spamtraps are not mentioned at all in MAAWG's best practices documents except the one for senders, i.e. mailing list operators? Note that if an ISP does have a network of spamtraps, then they have an automated reporting system, which you denounced in your first point. I agree that simply automating things will not make anything better, but intelligent automation is good for you and me and the ISP who implements it. An intelligent automation system could identify a spam source and immediately block the port 25 traffic until it can be investigated by a human being. --Michael Dillon
On Tue, Apr 15, 2008 at 02:01:26PM +0100, michael.dillon@bt.com wrote:
- Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently- intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows.
Given that most of us use routers instead of pigeons to transport our packets, I would suggest that railing against automation is a lost cause here.
I'm not suggesting that automation is bad. I'm suggesting that trying to use it as a substitute for certain things, like "clue", is bad. When used *in conjunction with clue*, it's marvelous.
This sounds like a blanket condemnation of the majority of ISPs in today's Internet.
Yes, it is. I regard it as everyone's primary responsibility to ensure that their operation isn't a (systemic, persistent) operational hazard to the entire rest of the Internet. That's really not a lot to ask... and there was a time when it wasn't necessary to ask, because everyone just did it. Where has that sense of professional responsibility gone?
Why is it that spamtraps are not mentioned at all in MAAWG's best practices documents except the one for senders, i.e. mailing list operators?
I can't answer that, as I didn't write them. But everyone (who's been paying attention) has known for many years that spamtraps are useful for catching at least *some* of the problem, with the useful feature that the worse the problem is, the higher the probability this particular detection method will work. Another example I'll give of a loose-but-useful detection method is that any site which does mass hosting should be screening all new customer domains for patterns like "pay.*pal.*\." and "\.cit.*bank.*\." and flagging for human attention any that match. Again, this won't catch everything, but it will at least give a fighting chance of catching *something*, thus hopefully pre-empting some abuse before it happens and thus minimizing cleanup labor/cost/impact. In addition, this sort of thing actively discourages abusers: sufficiently diligent use of many tactics like this causes them to stay away in droves, which in turn reduces abuse desk workload. But (to go back to the first point) none of it works without smart, skilled, empowered, people, and while automation is an assist, it's no substitute. ---Rsk
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec <rsk@gsp.org> wrote:
- Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently-intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows.
Rich, That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software. There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec <rsk@gsp.org> wrote:
- Automation is far less important than clue. Attempting to compensate for lack of a sufficient number of sufficiently-intelligent, experienced, diligent staff with automation is a known-losing strategy, as anyone who has ever dealt with an IVR system knows.
Rich,
That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software.
There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever.
Do you _know_ any garbage collectors ? I do, and I would disagree with both clauses of that sentence. Regards Marshall
Regards, Bill Herrin
-- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks <tme@multicasttech.com> wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software.
There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever.
Do you _know_ any garbage collectors ? I do, and I would disagree with both clauses of that sentence.
Marshall, No, but I know a few people who have (briefly) worked abuse desks and neither the tech support nor the McDonalds problem are difficult to observe. Without conceding the garbage collection issue, let me ask you directly: how do you propose to motivate qualified folks to keep working the abuse desk? Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks <tme@multicasttech.com> wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the same problem that afflicts tech support in general. The problem exists for the same reason that large-city McDonalds workers don't speak English: Anyone with sufficient clue to run an abuse desk is well qualified for more interesting, important and higher-paid work where they don't get yelled at all the time. Like administering mail servers or writing mail software.
There's a reason we pay garbage collectors a small fortune to do a job that requires no skill whatsoever.
Do you _know_ any garbage collectors ? I do, and I would disagree with both clauses of that sentence.
Marshall,
No, but I know a few people who have (briefly) worked abuse desks and neither the tech support nor the McDonalds problem are difficult to observe.
Without conceding the garbage collection issue, let me ask you directly: how do you propose to motivate qualified folks to keep working the abuse desk?
That is a good question. (I feel sure that many actually doing the job would opt for a rise in pay.) Maybe certain jobs should become apprentice-like positions that you need to get through to rise in a networking organization. I know that Craig Newmark (of Craig's List) spends a couple of hours per day going through abuse complaints and user issues personally. I haven't heard too many complaints about Craig's List, and it seems reasonable to suspect a connection there. That has the advantage of being cheap to implement, in dollars if not in political capital. Regards Marshall
Regards, Bill Herrin
-- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Tue, Apr 15, 2008 at 10:55 AM, Marshall Eubanks <tme@multicasttech.com> wrote:
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
how do you propose to motivate qualified folks to keep working the abuse desk?
That is a good question. (I feel sure that many actually doing the job would opt for a rise in pay.) Maybe certain jobs should become apprentice-like positions that you need to get through to rise in a networking organization.
Marshall, There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired. My hunch says that's a non-starter. It also doesn't keep qualified folks at the abuse desk; it shuffles them through. Any other ideas? Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired.
My hunch says that's a non-starter. It also doesn't keep qualified folks at the abuse desk; it shuffles them through.
Require all technical staff and their management to work at the abuse desk on a rotating basis. This should provide them with ample motivation to develop effective methods for controlling abuse generation, thus reducing the requirement for abuse mitigation, thus reducing the time they have to spend doing it. ---Rsk
On Apr 15, 2008, at 10:33 AM, Rich Kulawiec wrote:
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired.
My hunch says that's a non-starter. It also doesn't keep qualified folks at the abuse desk; it shuffles them through.
Require all technical staff and their management to work at the abuse desk on a rotating basis. This should provide them with ample motivation to develop effective methods for controlling abuse generation, thus reducing the requirement for abuse mitigation, thus reducing the time they have to spend doing it.
Unfortunately many of the skills required to be a competent abuse desk worker are quite specific to an abuse desk, and are not typically possessed by random technical staff. So, to bring this closer to nanog territory, it's a bit like saying that all the sales and customer support staff should be given enable access to your routers and encouraged to run them on a rotating basis, so that they understand the complexities of BGP and will better understand the impact their decisions will have on your peering. Cheers, Steve
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins <steve@blighty.com> wrote:
Unfortunately many of the skills required to be a competent abuse desk worker are quite specific to an abuse desk, and are not typically possessed by random technical staff.
Steve, You don't, per chance, mean to suggest that random back-office technical staff might not have the temper and disposition to remain polite and helpful with the gentleman from the state capital so upset about the interdiction of his political mailings that he's ready to sic the regulators on you and wipe you off the map? The problem is that the individual who -does- have those skills along with the technical know-how to deal with the complaint itself usually ALSO has the skills to be the customer contact for a multi-million dollar contract. If you're a manager at a company that wants to, well, make money, which chair will you ask that individual to sit in? Regards, Bill -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
On Apr 15, 2008, at 11:54 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins <steve@blighty.com> wrote:
Unfortunately many of the skills required to be a competent abuse desk worker are quite specific to an abuse desk, and are not typically possessed by random technical staff.
Steve,
You don't, per chance, mean to suggest that random back-office technical staff might not have the temper and disposition to remain polite and helpful with the gentleman from the state capital so upset about the interdiction of his political mailings that he's ready to sic the regulators on you and wipe you off the map?
The problem is that the individual who -does- have those skills along with the technical know-how to deal with the complaint itself usually ALSO has the skills to be the customer contact for a multi-million dollar contract. If you're a manager at a company that wants to, well, make money, which chair will you ask that individual to sit in?
Not really. IMO, with decent automation[1] and a reasonably close working relationship between the abuse desk, the NOC and an internal sysadmin/developer or two, there's not that much need for a high level of technical know-how in the abuse desk staff. Good people skills are certainly important, and it'd be good to have at least one abuse desk staffer with a modicum of technical knowledge to handle basic technical questions, and help channel more complex ones to to NOC or developers efficiently, but the level of technical know-how needed to be an extremely effective abuse desk staffer is pretty low. The specific technical details they do need to know they can pick up from their peers (both within the abuse desk, in other groups of their company and, perhaps most importantly, from their peer at other companies abuse desks). It's closer to a customer support position, in skillset needed, than anything deeply technical, though an innate ability to remain calm under pressure is far more important in abuse than support. If you're big enough that you need more than one person staffing your abuse desk you can mix-n-match skills across the team too, of course. Cheers, Steve [1] Yeah, I develop abuse desk automation software, so I'm both reasonably exposed to practices at a range of ISPs and fairly biased in favor of good automation. :)
So, to bring this closer to nanog territory, it's a bit like saying that all the sales and customer support staff should be given enable access to your routers and encouraged to run them on a rotating basis, so that they understand the complexities of BGP and will better understand the impact their decisions will have on your peering.
We encourage managers, designers, engineers, project managers, etc. to spend a day handling customer support calls so that they understand the impacts of their decisions/work on the customer, who ultimately pays our paychecks. We run even more people through workshops where they spend some time listening to recorded customer support calls, and then plan how to prevent such problems in future so that the customers don't feel the need to call us. Of course, none of these people are expected to go in and reconfigure BGP sessions on routers, because there are working on first-line support. One of the duties of first-line support is to sift through the incoming and identify which cases need to be escalated to second or third-line support. Unless you have very good automated systems in place to ensure that the abuse desk only gets real cases to deal with, then you should be able to rotate managers and other employees through the abuse department to do some of that first-line sifting. If the outcome of this is that you make a business case for changes to abuse-desk systems and processes, then you should involve the abuse desk staff in this development work to give them some variety. Once those staff have automated themselves out of a job, you can move them to some other tools development project, or incident response work. --Michael Dillon
On 15 Apr 2008, at 11:22 , William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired.
At a long-previous employer we once toyed with the idea of having everybody in the (fairly small) operations and architecture/ development groups spend at least a day on the helpdesk every month. The downside to such a plan from the customer's perspective is that I'm pretty sure most of us would have been really bad helpdesk people. There's a lot of skill in dealing with end-users that is rarely reflected in the org chart or pay scale. Joe
On Tue, 15 Apr 2008 19:14:52 EDT, Joe Abley said:
The downside to such a plan from the customer's perspective is that I'm pretty sure most of us would have been really bad helpdesk people. There's a lot of skill in dealing with end-users that is rarely reflected in the org chart or pay scale.
Of course - you're asking people who are *hired* because they're good at talking to inanimate objects made of melted sand, and asking them to relate to animate objects (namely, customers). Sounds like a recipe for disaster. :)
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is? Some of the folks that are complaining about abuse response generate revenue addressing these issues. Give me some of that. I'll give you a priority line to the NOC. Disclaimer; No offense intended to security providers, I'm just stating a fact. Best, Marty On 4/15/08, Joe Abley <jabley@ca.afilias.info> wrote:
On 15 Apr 2008, at 11:22 , William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email company to work a month at the abuse desk before they can assume the duties for which they were hired.
At a long-previous employer we once toyed with the idea of having everybody in the (fairly small) operations and architecture/ development groups spend at least a day on the helpdesk every month.
The downside to such a plan from the customer's perspective is that I'm pretty sure most of us would have been really bad helpdesk people. There's a lot of skill in dealing with end-users that is rarely reflected in the org chart or pay scale.
Joe
On Tue, Apr 15, 2008 at 08:49:39PM -0400, Martin Hannigan wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Two points, the first of which is addressed to this and the second of which is more of a recommended attitude. 1. There is no doubt that many operations consider it so, but it's really not. Operations which don't adequately deal with abuse issues are going to incur tangible and intangible costs (e.g., money spent cleaning up local messes and getting off numerous blacklists, loss of business due to reputation, etc.). Those costs are likely to increase as more and more people become increasingly annoyed with abuse-source operations and express that via software and business decisions. I'll concede that this is really difficult to measure (at the moment) but it's not zero. 2. When one's network operation abuses someone (or someone else's operation), you owe them a fix, an explanation, and an apology. After all, it happened in your operation on your watch, therefore you're personally responsible for it. And when someone in that position -- a victim of abuse -- has magnanimously documented the incident and reported it to you, thus providing you with free consulting services -- you owe them your thanks. After all, they caught something that got by you -- and they've shared that with you, thus enabling you to run a better operation, which in turn means fewer future abuse incidents, which in turn means lower tangible and intangible costs. And far more importantly, it means being a better network neighbor, something we should all be working toward all the time. ---Rsk
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan <hannigan@gmail.com> wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin, So is marketing, yet marketing does have an impact on revenue. It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies. Handling the abuse desk well (or poorly) builds (or damages) the brand. Regards, Bill Herrin -- William D. Herrin ................ herrin@dirtside.com bill@herrin.us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies.
Is it? I mean, I may know that (a hypothetical) example.com is a pink-contract-signing batch of incompetents who spew spam like a bulemic firehose. You may know that. 10,000 other mail administrators may know that. But once they have signed up 2.3 million users with example.com they are too big (for most email administrators) to block, so at that point the cost of disbanding their abuse desk and pointing complaints to /dev/null is nil.
Handling the abuse desk well (or poorly) builds (or damages) the brand.
...among people who are educated among such things. Unfortunately, people with clue are orders of magnitude short of a majority, and the rest of the world (ie: potential customers) wouldn't know an abuse desk from a self-abuse desk. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
On Wednesday 16 April 2008 17:47, Dave Pooser wrote:
It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies.
Is it?
.. SNIP good points about abuse desks .. In the specific case that started this (Yahoo), then I think there is a marketing issue. Ask anyone in the business "if I want a free email account who do I use.." and you'll get the almost universal answer Gmail. Mostly this is because Hotmail delete email randomly, Yahoo struggle with the volumes, and everyone forgets AOL do free accounts (although it is painfully slow and the documentation is incomplete). But it is in part that Google do actually answer enquiries still, be they abuse or support. Yahoo occassionally manage an answer, usually not to the question you asked, or asking for information already supplied. AOL - well you can get an answer from their employee who watches Spam-L, but directly not a chance. So it is a competitive market, and the opinion of those in the know matters (a little -- we could make more noise!). Although the tough one to compete with is Hotmail, since their computer offers it to them every time they reinstall, and those reinstalling more often have least clue, but eventually realise having their email on THEIR(!) PC is a bad idea. But yes, abuse desk is only a minor issue in that market, but if you don't deal with abuse, it will cost the bottom line for email providers. I think for people mostly providing bandwidth, email is still largely irrelevant, even at the hugely inflated levels the spammers cause it is still a minor %age, favicons (missing or otherwise) probably cause nearly as much traffic.
On 16 Apr 2008, at 13:33 , Simon Waters wrote:
Ask anyone in the business "if I want a free email account who do I use.." and you'll get the almost universal answer Gmail.
I think amongst those not in the business there are regional trends, however. Around this neck of the woods (for some reason) the answer amongst your average, common-or-garden man in the street is "yahoo!". I don't know why this is. But that's my observation. There are also the large number of people using Y! mail who don't realise they're using Y! mail, because the telco or cableco they use for access have outsourced mail operations to Y!, and there are still (apparently) many people who assume that access providers and mail providers should match. In those cases choice of mail provider may have far more to do with "price of tv channel selections" or "availability of long-distance voice plans" than anything to do with e- mail. So, with respect to your other comments, correlation between technical/ operational competence and customer choice seems weak, from my perspective. If there's competition, it may not driven by service quality, and the conclusion that well-staffed abuse desks promote subscriber growth is, I think, faulty. Joe
On Wed, Apr 16, 2008 at 03:39:05PM -0400, Joe Abley wrote:
On 16 Apr 2008, at 13:33 , Simon Waters wrote:
Ask anyone in the business "if I want a free email account who do I use.." and you'll get the almost universal answer Gmail.
I think amongst those not in the business there are regional trends, however. Around this neck of the woods (for some reason) the answer amongst your average, common-or-garden man in the street is "yahoo!".
I don't know why this is. But that's my observation.
In my experience, Gmail tends to be the preferred freemail acount among geeks and techies. Y! mail and Hotmail are preferred by the (non-techie) man and woman on the street. I think this is largely due to branding.
So, with respect to your other comments, correlation between technical/ operational competence and customer choice seems weak, from my perspective. If there's competition, it may not driven by service quality, and the conclusion that well-staffed abuse desks promote subscriber growth is, I think, faulty.
Also, IME, the business community tends to perceive marketing as a profit center (whether or not it actually is), because they understand it and can measure the ROI they get from it. This may not be the case in companies with executives who came from the tech side, however, but it's still more common for executives to have more of a business than technical background. --gregbo
Dave Pooser wrote:
Handling the abuse desk well (or poorly) builds (or damages) the brand.
...among people who are educated among such things. Unfortunately, people with clue are orders of magnitude short of a majority, and the rest of the world (ie: potential customers) wouldn't know an abuse desk from a self-abuse desk.
I think that depends on the nature of the abuse desk, how it interfaces with other networks and the customer base. Of course, I get to be the NOC guy and the abuse guy here. It's nice to have less than a million customers. However, I find that how NOC issues and abuse issues are handled are very similar. It is, of course, easier to reach another NOC than it is the senior abuse staff that actually have clue, generally. Both departments need a certain amount of front line protection to keep them from being swamped with issues that can be handled by others. Never the less, when they can interface with customers and with the other departments that spend more time with customers, it does improve the company's service level. If there is a routing, firewalling, or email delivery issue with a much larger network, the effectiveness of the NOC/Abuse Dept will determine how well the customers will handle the interruption. If the company has built trust with the customer and related to them in a personal way, then the customer will in turn tend to be more understanding of the issues involved, or in some cases at least point their anger at the right company. -Jack Learning to mitigate the damage caused by Murphy's law.
William Herrin wrote:
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan <hannigan@gmail.com> wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin,
So is marketing, yet marketing does have an impact on revenue.
It can be useful to explain the abuse desk as being just another form of marketing, another form of reputation management that happens to be specific to Internet companies. Handling the abuse desk well (or poorly) builds (or damages) the brand.
Even IF the reputation of an abuse desk had any effect at all on bringing in revenue (doubtful) ... I'm quite certain that dollar for dollar, the ROI on investment in Marketing generates MUCH greater revenue returns than investment in Abuse desk staff. Properly staffing an abuse desk is something a business does because It Is The Right Thing To Do, not because it's the best investment for their marketing dollars. jc
participants (15)
-
Dave Pooser
-
Greg Skinner
-
Jack Bates
-
JC Dill
-
Joe Abley
-
Marshall Eubanks
-
Martin Hannigan
-
michael.dillon@bt.com
-
Paul Ferguson
-
Rich Kulawiec
-
Simon Waters
-
Steve Atkins
-
Suresh Ramasubramanian
-
Valdis.Kletnieks@vt.edu
-
William Herrin