[192429] in North American Network Operators' Group
Re: Should abuse mailboxes have quotas?
daemon@ATHENA.MIT.EDU (Dan Hollis)
Fri Oct 28 00:39:11 2016
X-Original-To: nanog@nanog.org
Date: Thu, 27 Oct 2016 21:39:02 -0700 (PDT)
From: Dan Hollis <goemon@sasami.anime.net>
To: Jimmy Hess <mysidia@gmail.com>
In-Reply-To: <CAAAwwbU2E5Z_vDqGQkdp5CD=sR7QExds5DEM0WzO72DDg7usmg@mail.gmail.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Thu, 27 Oct 2016, Jimmy Hess wrote:
> On Thu, Oct 27, 2016 at 1:35 PM, Dan Hollis <goemon@sasami.anime.net> wrote:
>> not so much malice as gross incompetence.
>> running spamfilters on your abuse@ mailbox, really? that is, for those which
>> actually have an abuse mailbox that doesn't bounce outright.
> Sorry about that, many networks do perform standard filtering on
> messages to Abuse contacts based on DNS RBLs, SPF/DMARC
> policy enforcement, virus scans, etc, and do send a SMTP Reject on
> detected spam or malware.
This is a good way to get your block listed on RBLs.
> For many networks; files sent to abuse mailboxes are likely aliased to the
> normal mailbox of sysadmins who have access to high privileges. As such,
> these mailboxes may require even stronger protection than other accounts,
> because of increased risk (when a mistake is made).
If anyone actually does this, it is incompetence beyond comprehension.
> There is a reason that phone numbers, and not just e-mail addresses are listed
> in the WHOIS records......
>
> If you get a SMTP reject, then call the the Abuse POC of the organization you
> need to report abuse from.....
Again, good way to end up on RBLs. I encourage competitors to heavily filter their POCs.
Oh yes, and also be sure your phone numbers are out of date.
-Dan
