I got my first "Abusix Potentially Compromised Account Report" today, I'm so lucky.
It is useless. It's warning us about activity relating to domains that don't have users. Activity not originating from or directly targeting anything hosted by us. No thanks? We want only reports of actual abuse, not maybes based on when you see somebody on the other side of the earth trying to forge my domain name. This is only slightly less annoying than the backscatter that we used to see when people would forge our domain name in spam back before DMARC and email authentication. Find a way to add this new data to some opt-in style report like how DMARC reports work, if you want. But shotgunning it without consent and understanding is bad form. It's not like a 1:1 email spam report -- effectively the only type of commonly welcomed unsolicited complaint report. And it's not even really unsolicited, in that it's a response to activity seen originating from my network. This Abusix report fails those measures. You might as well be sending me emails telling me that I'm hacking your port 80. Regards, Al Iverson -- al iverson // wombatmail // chicago dns tools are cool! https://xnnd.com _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
