I don’t really get the point of bothering, then. AWS takes about ~forever to respond to SES phishing reports, let alone hosting abuse, and other, cheaper, hosts/mailers (OVH etc come up all the time) don’t bother at all. Unless you want to automate “1 report = drop customer”, you’re saying that we should all stop hosting anything?
> On Apr 13, 2020, at 11:50, Suresh Ramasubramanian <[email protected]> wrote: > > > RiskIQ reports phish URLs for large brands > > The life cycle of a typical phish campaign is in hours but I guess people can > live with 24. If you handle the complaint only after two business days, > that’s closing the barn door after the horse has bolted and crossed a state > line. > > --srs > From: NANOG <[email protected]> on behalf of Tom Beecher > <[email protected]> > Sent: Tuesday, April 14, 2020 12:11:18 AM > To: Kushal R. <[email protected]> > Cc: Nanog <[email protected]>; Rich Kulawiec <[email protected]> > Subject: Re: Constant Abuse Reports / Borderline Spamming from RiskIQ > > I would agree that Twitter is not a primary place for abuse reporting. > > If they are reporting things via your correct abuse channel and you are > indeed handling them within 48 business hours, then I would also agree this > much extra spray and pray is excessive. However RiskIQ is known to be pretty > responsible, so if they are doing this they likely feel like they are NOT > getting appropriate responses from you and are resorting to scorched earth. > Have you attempted to reach out to them and make sure they have the proper > direct channel for abuse reporting? > >> On Mon, Apr 13, 2020 at 1:45 PM Kushal R. <[email protected]> wrote: >> All abuse reports that we receive are dealt within 48 business hours. As far >> as that tweet is concerned, it’s pending for 16 days because they have been >> blocked from sending us any emails due to the sheer amount of emails they >> started sending and then our live support chats. >> >> We send our abuse reports to, but we don’t spam them to every publicly >> available email address for an organisation, it isn’t difficult to lookup >> the Abuse POC for an IP or network and just because you do not get a >> response in 24 hours does not mean you forward the same report to 10 other >> email addresses. Similarly twitter isn’t a place to report abuse either. >> >> >> On Apr 13, 2020 at 9:37 PM, <Rich Kulawiec> wrote: >> >> On Mon, Apr 13, 2020 at 07:55:37PM +0530, Kushal R. wrote: > We >> understand these reports and deal with them as per our policies and >> timelines but this constant spamming by them from various channels is not >> appreciated. Quoting from: >> https://twitter.com/RiskIQ_IRT/status/1249696689985740800 which is dated >> 9:15 AM 4/13/2020: 5 #phishing URLs on admin12.find-textbook[.]com were >> reported to @Host4Geeks (Walnut, CA) from as far back as 16 days ago, and >> they are all STILL active 16 days is unacceptable. If you can't do better >> than that -- MUCH better -- then shut down your entire operation today as >> it's unworthy of being any part of the Internet community. ---rsk
