-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
2142
but i am surprised you asked here instead of an ietf list. here we
actually do the stuff, not tell other folk how they should do it. 
Thanks for the pointer, and I even appreciate you snarky reply.
- - ferg
There was also some work ongoing in INCH, that included some
machine-parsable reporting formats (RID I believe... Ms Moriarty's
work, if I remember correctly)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA12142
but i am surprised you asked here instead of an ietf list. here we
actually do the stuff, not tell other folk how they should do it.
Thanks for the pointer, and I even appreciate you snarky reply.
2142 isn't really related to abuse much, other than suggesting
use of the abuse@ and security@ aliases for reporting. I can't think
of any other docs that are abuse related, useful and RFCs, though.
There was also some work ongoing in INCH, that included some
machine-parsable reporting formats (RID I believe... Ms Moriarty's
work, if I remember correctly)
ARF too, if the abuse is email-based.
http://www.shaftek.org/publications/drafts/abuse-report/
http://wordtothewise.com/resources/arf.html
Cheers,
Steve
The great thing about standards is there are so many to choose from.
There is also ARF: Abuse Feedback Reporting Format from the Mutual Internet Practices Assocation.
Messaging Anti-Abuse Working Group has multiple documents.
Alliance for Telecommunications Industry Solutions has standards on handling annoyance, fraud and harrasment.
In the US, the Federal Communications Commission, Network Reliability Interoperability Committee published a ton of "Best Practices"
And then there are various one-shot things produced by many groups such as
the OECD, ASTA, FTC, NASD, etc.
The great thing about standards is there are so many to choose from.
There is also ARF: Abuse Feedback Reporting Format from the Mutual
Internet Practices Assocation.
Messaging Anti-Abuse Working Group has multiple documents.
ARF is the de facto standard, widely deployed, for ISP spam reporting
feedback loops
As for INCH, standards track or not, as much as I keep asking about, I
can find very few instances of CERTs actually using the damned thing.
And quite a few feeds dont appear to provide "take" in INCH format.
And then there are various one-shot things produced by many groups such as
the OECD, ASTA, FTC, NASD, etc.
The only relevant one I remember that the OECD did, in the context of
their spam toolkit, was an earlier version of the MAAWG sender best
practices documents, developed by MAAWG jointly with OECD's business
constituency BIAC. Newer versions of the sender bcp (which is bcp for
legit bulk mailers) have since been published on the MAAWG website.
The ASTA docs became the MAAWG best practices, more or less ..pretty
much the same crowd behind both (large ISPs + email providers). And
most of that lot is not reporting standards or formats, it is best
practices for abuse handling / legit email marketing etc.
--srs
a message of 21 lines which said:
There was also some work ongoing in INCH, that included some
machine-parsable reporting formats
For the technical side of abuse reporting, IETF documents two formats:
The Intrusion Detection Message Exchange Format (IDMEF), RFC 4765,
with a status of Experimental
The Incident Object Description Exchange Format (IODEF), RFC 5070,
which is Standard.