Hi, On Tue 07/Jun/2022 11:45:05 +0200 Max Grobecker wrote:
Our abuse mailbox is not overflowing with these, of course, but it makes semi-automated handling a bit painful. For example, we would like to forward these information to our customers, but we wont need to take further action on this, because we refuse to break into the offices of our customers at night and patch their software.
sorry to bother, but I hardly got that. Are these IP-driven messages? Don't CERTs lookup the abuse address with RDAP or WHOIS? Why doesn't the abuse address point (in)directly to the relevant IP user? That is, what's wrong in automatically forwarding CERT's security notices? I cannot understand how doing so entailS obligations to reach the customer's premises at night. Best Ale --