On 20-02-2018 Malcolm Hutty writes:
It has been asserted that making sure admins have a functioning abuse e-mail address will help combat abuse, but nobody has managed to explain how in a way that I can understand. As far as I can see, this will achieve nothing useful.
Hello Malcolm Being able to contact the proper admins is the first step in combating the abuse. Thus, lack of contacts or non-working contacts are actually harmful in the goal of effectively dealing with abuse. This includes: - Email addresses where the mailbox does not exist. - Email addresses where the mailbox is full. - Email addresses whose domain is no longer registered. - Email addresses whose domain has no mail server that can receive the mails. - Email addresses forwarding to wrongly configured mailing lists that then proceed to reject the messages, as they don't trust its own forwarder. (I have witnessed all these cases with email addresses provided on whois) Of course, there are many more ways in that an abuse contact email address may be non-functional, from lazy/non-existent administrators to simply being a mailbox that nobody reads in the company. A particularly striking case happens when the abuse contact is filtering and rejecting as spam the reports about the spam it is sending itself. But at least this proposal sets a minimum starting point. Best regards -- CERTSI (CERT de Seguridad e Industria) - Spanish Security and Industry Incident Response Team https://www.certsi.es/ PGP Keys: https://www.certsi.es/en/what-is-certsi/pgp-public-keys ------------------------------------------------------------------------------ CERTSI (CERT de Seguridad e Industria) Spanish Security and Industry Incident Response Team operates under the auspices of the Ministry of Energy, Tourism and Digital Agenda through the State Secretariat for Information Society and Digital Agenda, and the Ministry of Interior through the Security State Secretariat of the Spanish government as a national CERT. Our main role is detection, coordination and response of security incidents that take place on Spanish CI (Critical Infrastructure), Research and Academic Network (RedIRIS), enterprises and/or citizens. Also, we act as Spanish national CERT in the role of coordination with other security teams. ------------------------------------------------------------------------------ Disclaimer: This message, including any attachments, may contain confidential information, within the framework of the corporate Security Management System. If you are not the intended recipient, please notify the sender and delete this message without forwarding or retaining a copy, since any unauthorized use is strictly prohibited by law. ------------------------------------------------------------------------------