At 04:41 PM 4/13/2008, Geo. wrote:
of abuse might be useful for large providers, but since we can't even
get many domains even to set up the already-specified abuse@
address, much less read the mail we send to it,
When someone like AOL offloads their user complaints of spams to all
the abuse@ addresses instead of verifying that they actually are
spams before sending off complaints, is it any surprise that
everyone else is refusing to do their jobs for them?
I'm not sure I know what you mean. Are you talking about the optional
feedback loop? When I was signed up for that I did get a bunch of
bogus reports, but other than that I've never received a spam report
from AOL at all.
The reason abuse@ addresses are useless is because what is being
sent to them is useless.
I'm sure that a lot of useless reports come in--my servers never
originate spam, but we still get the occasional bogus report due to
forged headers. At the same time, I certainly send dozens of real
spam reports every day and they all contain actionable information
(that would be supplemented further if an actual human were to ask).
What I've found is that "too big to fail" ISPs respond (if they
accept the email at all!) with either an automated response or a
canned response from a help desk monkey who is actually wrong close
to half the time, while many boutique providers and most US-based
.edu sites respond personally and cluefully. (Don't get me started
about the US government, especially the military...)
My conclusion is that the problem is not crappy reports but rather
under-investment in clue at big ISP help desks. All the fancy
standards and tools in the world are not going to help this basic
problem: stemming the tide of abuse from their networks is simply not
a high enough priority for companies like Yahoo, Hotmail, AT&T, et
al. Until they start losing money every time spam leaves their
network, I don't see their behavior changing.