Re: [mailop] Forms vs email abuse reporting
On Wed, 19 Jan 2022 22:01:49 -0600, Scott Mutter via mailop wrote: >Further from that, I'm not really sure if that's the type of abuse contact >the OP was referring to in this thread. At various times over the past 26 years I have been responsible for the various kinds of activities one needs (abuse/policy enforcement, fraud, network security, customer service) together with opportunities to observe some of the more dismal realities of corporate systems behaviour. My observations indicate that the mahoganites and the folks who infest certain boardrooms have not quite absorbed the need not to starve cost centers. They will all go bad together, for essentially the same reasons. mdr -- There's a funny thing that happens when you know the correct answer. It throws you when you get a different answer that is not wrong.-- Dr Bowman (Freefall) ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Forms vs email abuse reporting
I didn't really mean to go all out, anti-AT&T or anything. I was just merely using them as an example because when they block an IP address the bounce back message says to contact them directly at an email address. If instead of the email address this pointed to a form on their website, I think that would be much better. AT&T is the only example I can think of right now that doesn't send you to a form to dispute a blacklisting. By contract, Microsoft (albeit, it's not really that direct of a link) sends you to a form to dispute an IP blacklisting - I like that better. Further from that, I'm not really sure if that's the type of abuse contact the OP was referring to in this thread. On Wed, Jan 19, 2022 at 8:07 PM Michael Rathbun via mailop < mailop@mailop.org> wrote: > On Wed, 19 Jan 2022 15:55:40 -0600, Scott Mutter via mailop > wrote: > > >(AT&T is just an example here, but serves to better illustrate how a form > >could be useful in this situation) > > Based on their corporate behaviour in recent experience, I would assert > that > AT&T is not a useful case, comparable to the general run. > > For instance, in the tariff side, it is well known that AT&T's Global Fraud > Department has not responded to telephone calls for many years, and if we > want > to get traction handling a fraudulent account created in my wife's name, > which > AT&T required NO confirming identification to establish, my wife must > appear > in person at an official AT&T shop, with photo ID, to confirm that she is > the > person who did not set up the account. We decline to do this, so they > continue to bombard an email account I set up in 2008 for a test of a > co-reg > site, demanding payment. The fraudsters appear to have access to AT&T's > customer history database, my wife's SSAN, and access to the USPS database > that will give you the addresses of newly-vacated residences, the names of > the > former occupants, when they moved, and where they have moved to. > > AT&T could have caught the folks who ordered the tricked-out iPhone 13 on > installment, and had it sent to an address we vacated months ago, but yawn. > > At least we have a free phone for all the hassle, though we haven't decided > what to do with it. They do offer a form for fraud reports, but you can't > fill it out without knowing the entire account number, which you can't know > unless you activate the phone, or visit a store as noted above. > > So, imagine how keen they will be to handle silly little issues such as the > ones you describe. It's not difficult to imagine that the budget lines for > all those abuse-handling activities are asymptotically approaching the cube > root of zero. > > mdr > -- >Those who can make you believe absurdities >can make you commit atrocities. > -- Voltaire > > ___ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Forms vs email abuse reporting
On Wed, 19 Jan 2022 15:55:40 -0600, Scott Mutter via mailop wrote: >(AT&T is just an example here, but serves to better illustrate how a form >could be useful in this situation) Based on their corporate behaviour in recent experience, I would assert that AT&T is not a useful case, comparable to the general run. For instance, in the tariff side, it is well known that AT&T's Global Fraud Department has not responded to telephone calls for many years, and if we want to get traction handling a fraudulent account created in my wife's name, which AT&T required NO confirming identification to establish, my wife must appear in person at an official AT&T shop, with photo ID, to confirm that she is the person who did not set up the account. We decline to do this, so they continue to bombard an email account I set up in 2008 for a test of a co-reg site, demanding payment. The fraudsters appear to have access to AT&T's customer history database, my wife's SSAN, and access to the USPS database that will give you the addresses of newly-vacated residences, the names of the former occupants, when they moved, and where they have moved to. AT&T could have caught the folks who ordered the tricked-out iPhone 13 on installment, and had it sent to an address we vacated months ago, but yawn. At least we have a free phone for all the hassle, though we haven't decided what to do with it. They do offer a form for fraud reports, but you can't fill it out without knowing the entire account number, which you can't know unless you activate the phone, or visit a store as noted above. So, imagine how keen they will be to handle silly little issues such as the ones you describe. It's not difficult to imagine that the budget lines for all those abuse-handling activities are asymptotically approaching the cube root of zero. mdr -- Those who can make you believe absurdities can make you commit atrocities. -- Voltaire ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Forms vs email abuse reporting
It depends on what context you are referring to. Are you talking about abuse contact as a means to dispute abuse complaints? In that case, I'd say a form is better. An example is AT&T. When AT&T blocks our server, the bounce back message tells us to send an email to abuse_...@abuse-att.net. I'm sure abuse_...@abuse-att.net gets a TON of spam messages sent to it. So how are we supposed to ensure that our message gets through all the spam noise and to the eyes of someone that can make a difference? Do I use a Subject of "You are blocking me!" or "I'm blacklisted" or "Please look into this blacklist" or what do I use? What specific information do they want to investigate the dispute? Obviously the IP address, but what else? For AT&T I basically have to send a message to abuse_...@abuse-att.net every day, sometimes for 2 weeks, before I finally get the attention of somebody. There's a slew of threads on AT&T Community forums about the on/off nature of responses from abuse_...@abuse-att.net. I can't help but wonder if they had a form on their website where you could dispute their listings. A website form can be sent to ANY email address, such that nobody really knows what email address it's sent to. For example, AT&T could have a form that when submitted sends to hsd9234hsdhf89sfh823g...@abuse-att.net - it's very, very unlikely that someone just randomly sends an email to hsd9234hsdhf89sfh823g...@abuse-att.net, so you know that every email coming into hsd9234hsdhf89sfh823g...@abuse-att.net was sent to you from that form. You can cover the form with various anti-spam and anti-bot measures you then GREATLY reduce the spam noise concerning would be listing disputes. (AT&T is just an example here, but serves to better illustrate how a form could be useful in this situation) If you're talking about Feedback Loops or otherwise automatically reporting spam - then email is probably better. Although you could also feed information to a callback URL (much like PayPal's Instant Payment Notification system) where the owner of the website would be responsible for collecting the information fed into it. A callback URL might have a benefit in that the entity doing the reporting wouldn't have to worry with bounce back messages to the abuse contact email address. Either way - I would think that the receiver of these abuse reports would want some way to distinguish between feedback loop reports or automatic spam reports (they don't really need a response, just action) and abuse messages that need an actual written response. On Wed, Jan 19, 2022 at 2:54 PM Jarland Donnell via mailop < mailop@mailop.org> wrote: > Some may see that as a good thing. It's the old Office Space scene where > one thing happens and the guy has multiple bosses come by and tell him > the same thing all day long. When I worked at a big cloud I'd catch a > spammer and terminate them, then I'd have to talk to 16 different people > over the next 30 days about it. Some see a clear path to abuse@ as kind > and easy, while others see it as a place to vomit every single piece of > trash they have to nuke it into oblivion. At least a form forces people > to be intentional and thoughtful. > > Most of us on this list would probably scratch our heads as to why > someone wouldn't want every single abuse complaint, but Linode and > DigitalOcean just see all of their massive barely educated self-hosting > Wordpress customers bombarding each other's abuse@ with endless piles of > piss, for example. Everyone has their burden, and it's an interesting > topic. Everything changes at scale. > > Personally, I'm fine with just the abuse@ route and my intention is to > automate as many inbound reports as possible as I scale, but more often > than not what I find when I hit various points of scale is that instead > of doing better than OtherCompany is that I find out why they did what > they do. > > On 2022-01-19 13:40, John Levine via mailop wrote: > > It appears that Grant Taylor via mailop > > said: > >> -=-=-=-=-=- > >> -=-=-=-=-=- > >> > >> On 1/19/22 2:54 AM, Alessandro Vesely via mailop wrote: > >>> I guess it is difficult to process, but I fail to understand how > >>> forms can ease that task, > >> > >> I think it comes down to unstructured vs structured data. Forms can > >> have fields for each pertinent piece of information thus applying > >> structure to the reports. > > > > You want structure, we have ARF and maybe XARF, which are delivered by > > e-mail and designed to be machine generated and machine parsed. The > > problem with forms is that they are not consistent and can't be > > automated and I have much better things to do with my time than to > > paste spam into other people's web forms. > > > > R's, > > John > > ___ > > mailop mailing list > > mailop@mailop.org > > https://list.mailop.org/listinfo/mailop > ___ > mailop mailing list > mailop@mailop.or
Re: [mailop] Forms vs email abuse reporting
Some may see that as a good thing. It's the old Office Space scene where one thing happens and the guy has multiple bosses come by and tell him the same thing all day long. When I worked at a big cloud I'd catch a spammer and terminate them, then I'd have to talk to 16 different people over the next 30 days about it. Some see a clear path to abuse@ as kind and easy, while others see it as a place to vomit every single piece of trash they have to nuke it into oblivion. At least a form forces people to be intentional and thoughtful. Most of us on this list would probably scratch our heads as to why someone wouldn't want every single abuse complaint, but Linode and DigitalOcean just see all of their massive barely educated self-hosting Wordpress customers bombarding each other's abuse@ with endless piles of piss, for example. Everyone has their burden, and it's an interesting topic. Everything changes at scale. Personally, I'm fine with just the abuse@ route and my intention is to automate as many inbound reports as possible as I scale, but more often than not what I find when I hit various points of scale is that instead of doing better than OtherCompany is that I find out why they did what they do. On 2022-01-19 13:40, John Levine via mailop wrote: It appears that Grant Taylor via mailop said: -=-=-=-=-=- -=-=-=-=-=- On 1/19/22 2:54 AM, Alessandro Vesely via mailop wrote: I guess it is difficult to process, but I fail to understand how forms can ease that task, I think it comes down to unstructured vs structured data. Forms can have fields for each pertinent piece of information thus applying structure to the reports. You want structure, we have ARF and maybe XARF, which are delivered by e-mail and designed to be machine generated and machine parsed. The problem with forms is that they are not consistent and can't be automated and I have much better things to do with my time than to paste spam into other people's web forms. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Forms vs email abuse reporting
It appears that Grant Taylor via mailop said: >-=-=-=-=-=- >-=-=-=-=-=- > >On 1/19/22 2:54 AM, Alessandro Vesely via mailop wrote: >> I guess it is difficult to process, but I fail to understand how >> forms can ease that task, > >I think it comes down to unstructured vs structured data. Forms can >have fields for each pertinent piece of information thus applying >structure to the reports. You want structure, we have ARF and maybe XARF, which are delivered by e-mail and designed to be machine generated and machine parsed. The problem with forms is that they are not consistent and can't be automated and I have much better things to do with my time than to paste spam into other people's web forms. R's, John ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
Re: [mailop] Forms vs email abuse reporting
On 1/19/22 2:54 AM, Alessandro Vesely via mailop wrote: I guess it is difficult to process, but I fail to understand how forms can ease that task, I think it comes down to unstructured vs structured data. Forms can have fields for each pertinent piece of information thus applying structure to the reports. The form also acts as an abstraction layer in that the external parties interface via standard HTTPS GET / POST methods while the form itself can receive the data and do whatever the form author wants them to. The form can create standard message / INI style tag value lists, XML, JSON, what have you. This allows the internal communications to more easily interface with other internal systems. I'm asking because, as I said, my abuse@ address is not published so I don't know how many non-actionable reports arrive and what makes it difficult to process them. I know that I'm so small as to not be a blip on the RADAR. That being said, I don't remember the last time that I received a message to my abuse@ / postmaster@ / hostmaster@ addresses, save for tests that I periodically send to them from external 3rd party (freemail) sources. Certainly, if someone advised me that there is a bot on my server which throws hopeless dictionary attacks at random IPs, I'd try and invent how to catch it or reinstall all as a last resort, but not something I can think to automate... I'd like to think that everybody subscribed to mailop would try to do their best to clean up something reported to them. After all, I believe we all strive for being good operators. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] Forms vs email abuse reporting
On Wed 19/Jan/2022 01:40:41 +0100 Jarland Donnell via mailop wrote: Most companies seem to be using abuse forms to make up for it and to some degree I get it, forms require intentional input where as people dumping fail2ban logs (and similar) at abuse@ emails renders them so terribly difficult to process at scale. If we had a standard format for web forms, and if RDAP handed out HTTP URLs which accept them, it could be a viable alternative to email. Abuseipdb has such a form, and I signal abusive IPs that way. For email, I send a message for each IP logged by a fail2ban-like daemon, adding an extract of the relevant web/ mail log for that IP. I guess it is difficult to process, but I fail to understand how forms can ease that task, apart from per-IP delivery which is what RDAP is doing already. Reporting abuse can be automated as a side work of detecting it. Could report processing be automated too? I'm asking because, as I said, my abuse@ address is not published so I don't know how many non-actionable reports arrive and what makes it difficult to process them. Certainly, if someone advised me that there is a bot on my server which throws hopeless dictionary attacks at random IPs, I'd try and invent how to catch it or reinstall all as a last resort, but not something I can think to automate... Best Ale -- ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop