William Herrin wrote:
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan [EMAIL PROTECTED] wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin,
So is marketing, yet marketing does have an impact on revenue.
It can be useful to explain the abuse desk as
So how do the little guys play in this sandbox?
3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.
- It needs to be simple to use. Web forms are a non-starter.
If you have the ability to accept reports via an HTTP REST
On Tue, Apr 15, 2008 at 08:49:39PM -0400, Martin Hannigan wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Two points, the first of which is addressed to this and the second
of which is more of a recommended attitude.
1. There is no doubt that many operations
On Wed, Apr 16, 2008 at 11:07:42AM +0100, [EMAIL PROTECTED] wrote:
If people had succeeded in cleaning up the abuse problems in 1995
when the human touch was still feasible, we would not have the
situation that we have today. Automation is the only way to address
the flood of abuse email, the
: Abuse response [Was: RE: Yahoo Mail Update]
So how do the little guys play in this sandbox?
3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.
snip
Consider this. Any single point source of abuse, say a single broadband
PC in a botnet
On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
- I'd like to see an actual response beyond an autoreply saying that you
can't tell me who the customer is or what actions were taken.
Well, let's see. If you're reporting abuse coming from my AS, it's almost
certainly one of 2 things:
1)
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan [EMAIL PROTECTED] wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin,
So is marketing, yet marketing does have an impact on revenue.
It can be useful to explain the abuse desk as being just another form
of
It can be useful to explain the abuse desk as being just another form
of marketing, another form of reputation management that happens to be
specific to Internet companies.
Is it? I mean, I may know that (a hypothetical) example.com is a
pink-contract-signing batch of incompetents who spew
On Wednesday 16 April 2008 17:47, Dave Pooser wrote:
It can be useful to explain the abuse desk as being just another form
of marketing, another form of reputation management that happens to be
specific to Internet companies.
Is it?
.. SNIP good points about abuse desks ..
In the
Dave Pooser wrote:
Handling the abuse desk well (or poorly) builds (or damages) the brand.
...among people who are educated among such things. Unfortunately, people
with clue are orders of magnitude short of a majority, and the rest of the
world (ie: potential customers) wouldn't know an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- [EMAIL PROTECTED] wrote:
So what sort of response did you actually *want*?
Actually, I'm more concerned with alerting you that someone
inserted a nasty .js or iFrame on one of your websites and I'd
like to you to clean it up, thanks. ;-)
I'm
On 16 Apr 2008, at 13:33 , Simon Waters wrote:
Ask anyone in the business if I want a free email account who do I
use.. and
you'll get the almost universal answer Gmail.
I think amongst those not in the business there are regional trends,
however. Around this neck of the woods (for some
Subject: Re: Abuse response [Was: RE: Yahoo Mail Update]
From: [EMAIL PROTECTED]
Date: Wed, 16 Apr 2008 12:02:02 -0400
On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
- I'd like to see an actual response beyond an autoreply saying that you
can't tell me who the customer is or what
On Wed, Apr 16, 2008 at 03:39:05PM -0400, Joe Abley wrote:
On 16 Apr 2008, at 13:33 , Simon Waters wrote:
Ask anyone in the business if I want a free email account who do I
use.. and you'll get the almost universal answer Gmail.
I think amongst those not in the business there are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
If you send reports with lots of legal boilerplate, or reports with
long lectures on why you expect an INSTANT TAKEDOWN, and send them to
a busy abuse queue, there is no way - and zero reason -
On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
In fact, we have done just that -- develop a standard boilerplate
very similar to what PIRT uses in its notification(s) to the
stakeholders in phishing incidents.
The boilerplate is no damned use. PIRT - and you -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
Do ARF, do IODEF etc. You will find it much easier for abuse desks
that care to process your reports. You will also find it easier to
feed these into nationwide incident response / alert systems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
Do ARF, do IODEF etc. You will find it much easier for abuse desks
that care to process your reports. You will also find it easier to
feed these into nationwide incident response / alert systems
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
Really.
How many people are actually doing IODEF?
http://www.terena.org/activities/tf-csirt/iodef/
AISI - for example - and AISI feeds the top 25 australian ISPs - takes
IODEF as an input
And MAAWG does ARF, quite
Frank Bulk - iNAME wrote:
Yes, internet service providers and operators don't need to listen, but I
can't see how Yahoo's e-mail and abuse handling history arises out of good
business decisions.
How would Yahoo benefit from better staffing of their abuse desk? What
do they gain, besides
do you remember the days when some of us would only take routing table
updates
from andrew partan, because we trusted him?
that's what it's like now wrt takedowns.
do not minimize the use of malicious takedowns by twits and bad guys,
who fabricate a report
of misfeasance to get their
On Tue, Apr 15, 2008 at 12:31:33PM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
[snip]
It should be simple -- not require a freeking full-blown standard.
Its a standard. And it allows automated parsing of these complaints.
I largely concur with the points that Paul's making, and would
like to augment them with these:
- Automation is far less important than clue. Attempting to compensate
for lack of a sufficient number of sufficiently-intelligent, experienced,
diligent staff with automation is a known-losing
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote:
- Automation is far less important than clue. Attempting to compensate
for lack of a sufficient number of sufficiently-intelligent, experienced,
diligent staff with automation is a known-losing strategy, as anyone who
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec [EMAIL PROTECTED] wrote:
- Automation is far less important than clue. Attempting to
compensate
for lack of a sufficient number of sufficiently-intelligent,
experienced,
diligent staff with
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the
same problem that afflicts tech support in general. The problem exists
for the same reason
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the
same problem that afflicts tech support in
On Tue, Apr 15, 2008 at 10:55 AM, Marshall Eubanks
[EMAIL PROTECTED] wrote:
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
how do you propose to motivate qualified folks to keep
working the abuse desk?
That is a good question. (I feel sure that many actually doing the job
would opt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Joe Provo [EMAIL PROTECTED] wrote:
It cannot be understated that even packet pushers and code grinders
who care get stranded in companies where abuse handling is deemed
by management to be a cost center that only saps resources. Paul,
you
William Herrin wrote:
Without conceding the garbage collection issue, let me ask you
directly: how do you propose to motivate qualified folks to keep
working the abuse desk?
Ask AOL?
-Jack
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
My hunch says that's a non-starter. It also doesn't keep
On Apr 15, 2008, at 10:33 AM, Rich Kulawiec wrote:
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
My hunch
On Tue, Apr 15, 2008 at 10:56:02AM +0530, Suresh Ramasubramanian wrote:
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
As I mentioned in my presentation at NANOG 42 in San Jose, the
biggest barrier we face in shrinking the time-to-exploit window
with regards
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED] wrote:
Unfortunately many of the skills required to be a competent abuse desk
worker are quite specific to an abuse desk, and are not typically possessed
by random technical staff.
Steve,
You don't, per chance, mean to
On Apr 15, 2008, at 11:54 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins [EMAIL PROTECTED]
wrote:
Unfortunately many of the skills required to be a competent abuse
desk
worker are quite specific to an abuse desk, and are not typically
possessed
by random
So, to bring this closer to nanog territory, it's a bit like
saying that all the sales and customer support staff should
be given enable access to your routers and encouraged to run
them on a rotating basis, so that they understand the
complexities of BGP and will better understand the
On 15 Apr 2008, at 11:22 , William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
At a long-previous employer we once toyed with the idea of having
On Tue, 15 Apr 2008 19:14:52 EDT, Joe Abley said:
The downside to such a plan from the customer's perspective is that
I'm pretty sure most of us would have been really bad helpdesk people.
There's a lot of skill in dealing with end-users that is rarely
reflected in the org chart or pay
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Some of the folks that are complaining about abuse response generate
revenue addressing these issues. Give me some of that. I'll give you
a priority line to the NOC.
Disclaimer; No offense intended to security
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
They're too busy spamming and phishing to respond to abuse reports?
brandon
On Tue, 2008-04-15 at 10:56 +0530, Suresh Ramasubramanian wrote:
If you have high enough numbers of the stuff to report, do what large
ISPs do among themselves, set up and offer an ARF'd / IODEF feedback
loop or some other automated way to send complaints, that is machine
parseable, and
On Sun, Apr 13, 2008 at 03:55:13PM -0500, Ross wrote:
Again I disagree with the principle that this list should be used for
mail operation issues but maybe I'm just in the wrong here.
I don't think you're getting what I'm saying, although perhaps I'm
not saying it very well.
What I'm saying
On Mon, Apr 14, 2008 at 6:18 AM, Rich Kulawiec [EMAIL PROTECTED] wrote:
On Sun, Apr 13, 2008 at 03:55:13PM -0500, Ross wrote:
Again I disagree with the principle that this list should be used for
mail operation issues but maybe I'm just in the wrong here.
I don't think you're getting
Subject: Re: Yahoo Mail Update
snip
You can tell Earthlink whatever you want but it doesn't mean they need
to follow it. Please read my previous reply about business decisions.
I would agree that it is good for business to try and follow industry
standards but sometimes business decisions need
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Frank Bulk - iNAME [EMAIL PROTECTED] wrote:
72 hours to respond to e-mail sent to the abuse account? That's much too
long -- it should be at least a 4 hour response time during business hours,
and for service providers and operators large
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Paul Ferguson [EMAIL PROTECTED] wrote:
Mow, this has no bearing on the original subject (which I have now
forgotten what it is -- oh yeah, something about Yahoo! mail), but
it should be additional proof that the Bad Guys know how to
manipulate
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
As I mentioned in my presentation at NANOG 42 in San Jose, the
biggest barrier we face in shrinking the time-to-exploit window
with regards to contacting people responsible for assisting in
mitigating malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
If you send reports with lots of legal boilerplate, or reports with
long lectures on why you expect an INSTANT TAKEDOWN, and send them to
a busy abuse queue, there is no way - and zero reason -
On Thu, Apr 10, 2008 at 8:54 PM, Rich Kulawiec [EMAIL PROTECTED] wrote:
On Thu, Apr 10, 2008 at 05:51:23PM -0700, chuck goolsbee wrote:
Thanks for the update Jared. I can understand your request to not be used
as a proxy, but it exposes the reason why Yahoo is thought to be clueless:
At 01:58 AM 4/13/2008, you wrote:
Why should large companies participate here about mail issues? Last I
checked this wasn't the mailing list for these issues:
True, though some aspects of mail service are inextricably tied to
broader networking issues, and thus participation here might still
On Sun, Apr 13, 2008 at 3:57 PM, Rob Szarka [EMAIL PROTECTED] wrote:
True, though some aspects of mail service are inextricably tied to broader
networking issues, and thus participation here might still benefit them. But
sadly Yahoo doesn't even seem to participate in more relevant forums,
On Sun, Apr 13, 2008 at 1:58 AM, Ross [EMAIL PROTECTED] wrote:
[ clip ]
I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon)
mail system personnel should be actively participating here, on mailop,
on spam-l, etc. A lot of problems could be solved (and some avoided)
On Sun, Apr 13, 2008 at 8:24 PM, Martin Hannigan [EMAIL PROTECTED] wrote:
Having some provider or group(MAAWG?) explain the new and improved
overhead driven mail/abuse desk would make an excellent NANOG
presentation, IMHO, and it could include a V6 slant like and to
handle V6 abuse
Suresh Ramasubramanian wrote:
On Sun, Apr 13, 2008 at 3:57 PM, Rob Szarka [EMAIL PROTECTED] wrote:
True, though some aspects of mail service are inextricably tied to broader
networking issues, and thus participation here might still benefit them. But
sadly Yahoo doesn't even seem to
On Sun, Apr 13, 2008 at 10:09 PM, Joel Jaeggli [EMAIL PROTECTED] wrote:
MAAWG, is fine but the requirements for participation are substantially
higher than the nanog list.
* Quite a lot of ISPs who already attend nanog are also maawg members
* Lots of independent tech experts (Dave Crocker,
At 08:49 AM 4/13/2008, Suresh Ramasubramanian wrote:
There are other lists, far more relevant than spam-l or nanae.
Feel free to suggest some that you feel would be more appropriate or
effective. Since reaching them via [EMAIL PROTECTED] or any of their
published phone numbers doesn't seem
On Sun, Apr 13, 2008 at 12:58:59AM -0500, Ross wrote:
On Thu, Apr 10, 2008 at 8:54 PM, Rich Kulawiec [EMAIL PROTECTED] wrote:
I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon)
mail system personnel should be actively participating here, on mailop,
on spam-l, etc. A
On Sun, Apr 13, 2008 at 3:24 PM, Rich Kulawiec [EMAIL PROTECTED] wrote:
On Sun, Apr 13, 2008 at 12:58:59AM -0500, Ross wrote:
On Thu, Apr 10, 2008 at 8:54 PM, Rich Kulawiec [EMAIL PROTECTED] wrote:
I heartily second this. Yahoo (and Hotmail) (and Comcast and Verizon)
mail system
On Sun, Apr 13, 2008 at 5:27 AM, Rob Szarka [EMAIL PROTECTED] wrote:
At 01:58 AM 4/13/2008, you wrote:
Why should large companies participate here about mail issues? Last I
checked this wasn't the mailing list for these issues:
True, though some aspects of mail service are
On 4/10/08, chuck goolsbee [EMAIL PROTECTED] wrote:
An anonymous source at Yahoo told me that they have pushed
a config update sometime today out to their servers to help with these
deferral issues.
Please don't ask me to play proxy on this one of any
other issues you
An anonymous source at Yahoo told me that they have pushed
a config update sometime today out to their servers to help with these
deferral issues.
Please don't ask me to play proxy on this one of any
other issues you may have, but take a look at your queues and
they should be
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of chuck goolsbee
Sent: Thursday, April 10, 2008 8:51 PM
To: nanog@merit.edu
Subject: Re: Yahoo Mail Update
An anonymous source at Yahoo told me that they have pushed
a config update sometime today out
On Thu, Apr 10, 2008 at 05:51:23PM -0700, chuck goolsbee wrote:
Thanks for the update Jared. I can understand your request to not be used
as a proxy, but it exposes the reason why Yahoo is thought to be clueless:
They are completely opaque.
They can not exist in this community without
63 matches
Mail list logo
