[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: abuse report management system

Greetings all,

> -----Original Message-----
> From: Aaron Thoreson [mailto:aaront@midco.net]
> Sent: Tuesday, August 11, 2009 9:19 AM
> To: debian-isp@lists.debian.org
> Subject: Re: abuse report management system
> procmail, arffilter
> (http://wordtothewise.com/products/arffilter.html),
> perl, mysql

Also add RTIR - http://bestpractical.com/rtir/

> Wojciech Ziniewicz wrote:
> > 2009/8/11 Andy Davidson <andy@nosignal.org>:
> >> This is dangerous, you wouldn't want your customers
> to see the original
> >> abuse request, and you wouldn't like outsiders to be
> able to cut off your
> >> customers by filing invented abuse emails that
> trigger the threshold in your
> >> automated system.  Serious allegations need to be
> checked with the use of,
> >> for example, netflow records, and you may require to
> build a different
> >> process based on messages from law enforcement
> agencies or similar.
> >>
> >> Abuse handling is a specialist skill and should be
> done by humans.
> >

Agreed - this is the responsibility of a proven responsible, capable person as operations are routinely in the grey area not defined while ultimately managing ~<20% of an organizations client portfolio.

The complainant should be acknowledged with a comforting note your organization received the complaint and would receive feedback if additional information is required - I would highly advise _not_ including a copy of the original complaint for security/ethical reasons.  

The individuals addressing these issues need to conceal the complainant's and client's information between all correspondences (everyone gets messy when a food fight breaks out).  Under any approach, being positively infectious with all communications is a must (who is not a customer today might be tomorrow and you wouldn't want to erase your current customers on a whim).  

> > I dont want any of theese.
> > What i want is a system that will trap abuse emails
> and notify me when
> > certain client reaches the trigger of let's say 10
> abuse emails per
> > month. Then i would analyze the records and decide
> about warning him
> > about the sittuation and finally possibly cutting him
> of. We often do
> > such things to our bussiness customers - if they send
> tons of spam
> > using our ip addrs we can cut them off  after 2
> warnings (in Poland
> > sending spam is a crime) .

You will need a reporting system capable of tracking your customers over a vast period of time while keeping all of your records available.  Information is like gold.  Every complaint should be associated to a client (telecom services are a penny in the bank to spam operations) and the client's service if multiple services are rendered (they may resell and obtained a questionable client themselves).  The reporting system is going to be a custom fit for the purpose, individuals utilizing, and organizational demands -- include charts and other aids to assist those who would not otherwise fully understand.


Christopher Davis

Reply to: