On Wed 19/Jan/2022 01:40:41 +0100 Jarland Donnell via mailop wrote:
Most companies seem to be using abuse forms to make up for it and to some degree I get it, forms require intentional input where as people dumping fail2ban logs (and similar) at abuse@ emails renders them so terribly difficult to process at scale.
If we had a standard format for web forms, and if RDAP handed out HTTP URLs which accept them, it could be a viable alternative to email. Abuseipdb has such a form, and I signal abusive IPs that way.
For email, I send a message for each IP logged by a fail2ban-like daemon, adding an extract of the relevant web/ mail log for that IP. I guess it is difficult to process, but I fail to understand how forms can ease that task, apart from per-IP delivery which is what RDAP is doing already.
Reporting abuse can be automated as a side work of detecting it. Could report processing be automated too? I'm asking because, as I said, my abuse@ address is not published so I don't know how many non-actionable reports arrive and what makes it difficult to process them. Certainly, if someone advised me that there is a bot on my server which throws hopeless dictionary attacks at random IPs, I'd try and invent how to catch it or reinstall all as a last resort, but not something I can think to automate...
Best Ale -- _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
