[173854] in North American Network Operators' Group
Re: Dealing with abuse complaints to non-existent contacts
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Mon Aug 11 00:13:25 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <090001cfb515$77562a30$66027e90$@tndh.net>
Date: Mon, 11 Aug 2014 09:43:17 +0530
From: Suresh Ramasubramanian <ops.lists@gmail.com>
To: Tony Hain <alh-ietf@tndh.net>
Cc: Dan Hollis <goemon@anime.net>, "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Aug 11, 2014 at 9:06 AM, Tony Hain <alh-ietf@tndh.net> wrote:
> I have found the scaling is better if you make it the abusing providers problem to contact you.
It scales BEAUTIFULLY .. until your peer in support starts to yell at
you about the off the scale ticket volume you've managed to dump on
him with your nullroute.
In other words, your abusing provider isn't as likely to contact you
as your own customers, after they suddenly have a lot of users unable
to access their service.
> Whenever a range gets blocked, the bounce message tells the mail originator to take their money and find a new hosting provider that does not support/tolerate spam.
I thought we were actually talking about filtering random ssh
attempts? Oh, ok - so this discussion drifted into SMTP. Good - what
I said earlier applies earlier, in spades - end users will start to
contact your peers on the postmaster desk. So - block by all means,
but be well prepared to handle the ticket volume (and always bear in
mind your role is ALSO to deliver legit mail to your users). And for
god's sake provide proper error messages with a URL that gives
sufficient information as to why there's a block in the first place.
> The down side is that it requires the legitimate originator to pay attention to the bounce and decide they want to take action.
I would suggest a trip to a future MAAWG meeting.
--srs
--
Suresh Ramasubramanian (ops.lists@gmail.com)
