Re: [anti-abuse-wg] Manual vs automated reports
To complement what Alessandro said, it is good that RFC 6650 splits abuse complaints between "solicited" and "unsolicited" ones, even though it may confuse common users. The "solicited" should be reserved for Spam Cop, and other administrators who are trying to report Abuse/Spam activities to a network. The "unsolicited" channel could be like a web form that encourages users to report Abuse/Spam activities to a network like the one that GoDaddy has: https://supportcenter.godaddy.com/Abuse/SpamReport.aspx?ci=22420. This way, the "solicited" channel (abuse@domain-name.com) would remain free of unsolicited inquiries, and network administrators could mange it more efficiently and process legitimate reports promptly. Thank you, Reza Farzan =========== -----Original Message-----
From: Alessandro Vesely <vesely@tana.it> Sent: Jul 24, 2012 2:22 PM To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] Manual vs automated reports
On Tue 24/Jul/2012 17:34:01 +0200 Luis Muñoz wrote:
I believe that having an optional "auto-abuse-mailbox" object (that is mandatory to use when present) dealing only with automated reports, could help anti-abuse operators (both in the report sending and receiving sides).
Let me add one consideration to what Tobias wrote:
RFC 6650 splits abuse complaints between "solicited" and "unsolicited" ones. Also known as feedback loops, the former can be automated according to the underlying agreement. One can use a different reporting addresses for each subscription.
Unsolicited complaints deserve a bit of thought: Who is sending them? Why? When such questions are cleared, the stream of reports from that operator can be directed to the appropriate bin, possibly by negotiating a different address with the report generator. In fact, that is the same as establishing a feedback loop, and it cannot be automated fully for the same reasons why subscriptions to the early kind of feedback loops cannot.
On Tue 24/Jul/2012 20:39:44 +0200 Reza Farzan wrote:
To complement what Alessandro said, it is good that RFC 6650 splits abuse complaints between "solicited" and "unsolicited" ones, even though it may confuse common users.
The "solicited" should be reserved for Spam Cop, and other administrators who are trying to report Abuse/Spam activities to a network.
Perhaps I wasn't clear enough. "Solicited", at least in the sense of RFC 6650, refers to private agreements, e.g. like the one you apply for at http://postmaster.aol.com/SupportRequest.FBL.php . The FBL email address involved in the agreement can be dedicated. Perhaps RFC 6650 could have chosen a better term, but the definition it gives is clear enough: The original, and still by far the most common, application of [RFC5965] is when two mail systems make a private agreement to exchange abuse reports -- usually reports due to recipients manually reporting messages as spam. We refer to these as solicited reports.
The "unsolicited" channel could be like a web form that encourages users to report Abuse/Spam activities to a network like the one that GoDaddy has: https://supportcenter.godaddy.com/Abuse/SpamReport.aspx?ci=22420.
Hm... yes. Although explicitly asking for reports looks very much like soliciting them, that form is more similar to an abuse-mailbox published in its own peculiar way, than to an FBL.
This way, the "solicited" channel (abuse@domain-name.com) would remain free of unsolicited inquiries, and network administrators could mange it more efficiently and process legitimate reports promptly.
Using an FBL address different from abuse@domain-name.com is a good way to keep it free from other stuff.
participants (2)
-
Alessandro Vesely -
Reza Farzan