On Tue, 7 Feb 2023 at 13:19, Atro Tossavainen via mailop <mailop@mailop.org> wrote:
> > Neither do I. The response simply describes what is happening. When a > > third party X complains that Hetzner customer Y is a spammer, I consider > > it only appropriate that Hetzner passes the complaint along and asks Y > > for a statement, and does not simply impose restrictions on Y based on > > X's say-so. Informing X of what the internal process entails does not > > look offensive, let alone insulting, to me. > > Have you ever been on the receiving end of retaliation from a spammer, > Ralph? > And I think the bigger issue is one of resourcing. If Hetzner is now processing all abuse reports manually, and it's taking upwards of a month to work through reports, it's likely that the abusive customer is long gone from their fraudulent use (or has rotated through that third party's compromised server/instance to another server/compromised customer account). That significantly diminishes the usefulness of reporting abuse, to the point where some operators may reasonably decide to start discarding traffic from Hetzner ranges. Reports should not simply be passed along verbatim without any prior action taken to mitigate a violation, because that simply provides a near-realtime feedback loop to the malicious user. What I would personally like to see at all large hosts is an automated-then-human system, which could automatically action either soft-suspension / egress block-and-notify to a customer, or priority flag to customer services, upon receipt of a validated abuse report. At that point the customer, if legitimate, would likely end up proactively contacting customer support. Any issue of compromised credentials, software vuln or TOS infringement can be dealt with promptly. If an abuse report is itself malicious/abusive, and targeting an innocent user, a flag could be set after manual verification, so that future service suspension would not be automatic, but would still flag up to the abuse team to investigate. This would accommodate a scenario where it may appear like a mistake, but might actually be a more sophisticated attempt to hide TOS infringing usage. This is not the work of a moment, and it's one thing to block diagram an automated abuse management system, but something like this is the only way I can see the abuse reporting and actioning process scaling for hosts as large as Hetzner. The alternative is staffing dozens of techs 24/7 to work through abuse reports. A month to action an abuse report and inform a reporter is, with respect, not acceptable.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
