On 12/Sep/11 21:34, John Levine wrote: >> NB: I'm not implying Mr. abuse.net has to be happy of doing such >> business. It is just a possibility that you and/or someone else >> might put to work. > > Sigh. I understand this to mean that you're volunteering to deal with > all of the random support requests to abuse.net.
Hm... not in my current situation. But I think I could have liked to run a business of that kind, in some life. >> The point is that the feedback generator has to be aware of that >> forwarding, in order to trust sending reports there. > > Sorry, that's 100% totally wrong. The feedback generator sends > reports related to example.com to [email protected] or > [email protected] or some other example.com address. I mostly agree. However, there are exceptions. In the words of abuse.net: Some particularly unpleasant domains ignore all their mail; when we're aware of that we use the address for their next-level-up provider. There are two questions about such position. First, how do you get aware of that? Second, is that provider willing to cooperate? It goes without saying that taking care of abuse reports involves some costs, so the second question entails how network providers should charge such costs if they want to offer competitive rates also to sites that do no email at all. It can be run as a different business. I'm not holding that ISPs never want to do such job, but since some of them are reluctant, cooperating ISPs need some means to confirm they /do/ take care of complaints. Can reporting-discovery solve this issue? > Then example.com forwards the reports somewhere, perhaps to an > internal ticketing system or to an outsourced abuse desk, or > whatever. That's invisible to the people sending the reports. Right. Within the domain, they may check users are not 0wned, or illegally sending bulk email. This seems to be yet another activity. > There's a whole separate issue of how much you trust a domain in > various ways, perhaps including how much you trust them to handle > abuse reports, but we have a separate WG down the virtual hall for > that. Possibly, that will eventually answer the first question above. For the reporting address, we need a working alternative to next-level-up providers. _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
