On Sat 23/Oct/2021 01:38:56 +0200 Ronald F. Guilmette wrote:
In message <26f1df33-b958-bed4-f748-f82324d0bea8@tana.it>, Alessandro Vesely <vesely@tana.it> wrote:
Shouldn't there be a standard for automatically forwarding messages destined to abuse-c following a path similar to that of RFC 2317 delegations? I'd love if AA training encouraged such behavior.
Although delegation of abuse report handling may sound like a good idea in theory, in practice it is a tragically bad idea.
What happens when the customer is a spammer and abuse handling is delegated to that customer? Google for the term "list washing".
This isn't merely a theoretical possibility. Digital Ocean has previously sent me multiple response emails saying quite explicitly that they had forwarded my spam reports to their spammer customer(s). Those customers will then surely cease to spam *me* but will continue to spam everyone else on the planet.
That'd be an incentive to send spam reports, wouldn't it?
This does not create any meaningful reduction in the global spam load. It simply rewards those "responsible" spammers who remove from their target lists the email addresses of the few "complainers" who nowadays take the time to report spam.
On the other hand, there are honest mailbox providers who have not realized that their system has been hacked, or that their clients' credentials have been stolen. And if you send a complaint to my abuse-c address, I won't get it. For an easy guess, LIRs who offer services at regular prices —not thousand domain discounts— have more of the latter cases. Still, their budget might not be enough for an abuse team capable of looking at each complaint. Best Ale