unwise filtering policy on abuse mailboxes

can we please just stop this nonsense?

ip under your direct control originates sewage. you should accept reports as-is.

requiring victims of your sewage to go through special contortions to report it to you is not acceptable.

abuse@fsec.or.kr and cert@fsec.or.kr do the same thing.
  - Brian


Are you saying Nanog if spamming you? It's not at all clear what your complaint is.

-mel via cell

Seemed pretty clear to me. He sent an abuse report to abuse@psychz.net and
it was rejected as spam.

I bet you can search the nanog list archive and find this very discussion
topic surface about ever 8-12 months...
folk always fall in this trap (or a form of it):
  "Welp, we've had 1 too many people in $CORP get infected via email, spam
filter all the things!!!"
    ... wait...
  "Oh, yea duh.. our spam/abuse alias can't block spam.. because people
will send us email they get that has spam/viruses/etc in it..whoops!!"

this 'always' happens, and we discuss it every 8-12 months.

I'm saying people who filter their abuse mailboxes need to stop doing so.


In article <Pine.LNX.4.64.1807241753160.10843@yuri.anime.net> you write:

I'm saying people who filter their abuse mailboxes need to stop doing so.

See Canute, King.


Why are you telling us here on Nanog?

it's totally possible that the person who 'runs' the abuse@ is not the
person that 'runs' the mail system at the places in question.
the larger the organization the certainty of that being true.
(yes people should lear, no they probably all won't)


Maybe he’s hoping there’s an off chance that someone from psychz.net is subscribed and listening. After all they run a network and this is an operational mailing list.

At my work you'll get an email issue addressed if you send it to
RFC-2142 lays this out in section 5. In the last five years I've not had
one email sent to it.

This reminds me to review the others on the list to make sure they actually
reach someone. Maybe a little incognito test.


An excellent way to stop this particular nonsense is to firewall out
every network allocation under the control of Psychz. This achieves
lossless compression of incoming data.



My colleague has already contacted their friend at Psychz when I received the first message. Not everyone has to be on the list to get the message relayed to them.

Rich, shall we all drop your email? It would achieve the same effect, and make this email thread more productive.


1. They needed to stop doing so a few decades ago. Anybody still doing
it today is doing it on purpose, which of course leads directly to the
question: why?

2. In the case of this operation, perhaps it's because it has a very,
VERY long history of support for spammers and other abusers. A quick
glance at data-on-hand shows 250+ incidents over the past decade, and
I'm sure that's only the surface.

3. There is no point whatsoever in reporting abuse to them. The most
likely outcome of doing so is that you will be targeted for retaliation.

4. With that in mind, isn't it curious that I posted a comment in this thread
on 7/27 and then on 7/28 observed this (heavily redacted) from their network space:

  Failed password for root from
  Failed password for invalid user VM from
  Failed password for invalid user localhost from
  Failed password for root from
  Failed password for invalid user sir from
  Failed password for root from


On Wed, 1 Aug 2018 11:19:36 -0400, Rich Kulawiec <rsk@gsp.org> may have

One reason as to "why" is that there is no good way to specify an
alternate abuse@ address, where said alternate abuse address is on a
completely different (sub)?domain, ala ruf/rua=. So then it becomes an
issue of not filtering the base domain, which would be a massive
headache for those who follow the 2 age-old smtp golden rules:

-- "never accept email you can't deliver"

-- "reject at connect, never bounce"

49% of folks would've said whois could have been a great place for an
Abuse contact... and another 49% would say security.txt is the place.
The end result is there is zero standard nor recommended way, imho.

- -Jim P.