Do ARF, do IODEF etc. You will find it much easier for abuse desks
that care to process your reports. You will also find it easier to
feed these into nationwide incident response / alert systems like
Australia's AISI (google it up, you will like the concept I think)
Really.
How many people are actually doing IODEF?
Honestly?
And the other regional "formats"? This is kind of what I mean
when I talk about disjointed and discombobiulated processes of
reporting abuse.
It should be simple -- not require a freeking full-blown "standard".
AISI - for example - and AISI feeds the top 25 australian ISPs - takes
IODEF as an input
And MAAWG does ARF, quite simple to use as well .. but they would take
a standard format (with an RFC yet) if you and some other major
players
1. Offer iodef (or say ARF) feeds
2. Tell them youre offering these feeds
It should be simple -- not require a freeking full-blown "standard".
Its a standard. And it allows automated parsing of these complaints.
And automation increases processing speeds by orders of magnitude..
you dont have to wait for an abuse desker to get to your email and
pick it out of a queue with hundreds of other report emails, and
several thousand pieces of spam [funny how abuse@domain type addresses
end up in so many spammer lists..]
> It should be simple -- not require a freeking full-blown "standard".
Its a standard. And it allows automated parsing of these complaints.
And automation increases processing speeds by orders of magnitude..
you dont have to wait for an abuse desker to get to your email and
pick it out of a queue with hundreds of other report emails, and
several thousand pieces of spam [funny how abuse@domain type addresses
end up in so many spammer lists..]
It cannot be understated that even packet pushers and code grinders
who care get stranded in companies where abuse handling is deemed
by management to be a cost center that only saps resources. Paul,
you are doing a serious disservice to those folks in specific, and
working around such suit-induced damage in general, by dismissing
any steps involving automation.