Hello,

 

Educating ISPs to properly process Abuse/Spam, should be another important issue to consider.

 

A few days ago, I sent an abuse report with its complete header to The Abuse Department of CyberGhost abuse@cyberghost.ro  Instead of processing the Spam, they sent me the following message:

+++++

 

From: abuse <abuse@cyberghost.ro>

To: Reza Farzan <rezaf@mindspring.com>

Subject: RE: Reporting Spam from DELL-PC (unknown [185.45.13.154]) by omr-m003e.mx.aol.com ([204.29.186.3])

Date: Sep 21, 2016 2:19 AM

 

Hello,

 

Thank you for letting us know about this complaint. However, this is incomplete, it does not contain the IP address of the website or domain that was under attack.

Can you please get in contact with the sender of the complaint and ask them to provide us with the following information:

 

DATE AND TIME OF OCCURRENCE:

 

ISSSUE SHORT DESCRIPTION: (like spam, brute force, ddos)

 

SOURCE IP OF ABUSE:

 

DESTINATION IP OF ABUSE:

 

ATTACHMENT (log files):

 

REQUESTED BLOCK TIME (hours):

 

Unless we are provided with these information, we cannot do a proper investigation. Please keep this in mind for the future.

I will be looking forward to reading back from you.

 

Thank you for contacting us,

The Abuse Department of CyberGhost

 

abuse <abuse@cyberghost.ro>  

 

 

++++

 

Apparently, CybrGhost's Abuse team does not understand that a website or domain does not need to be “under attack” in order for them to process a Spam that had originated from an IP address on their servers.

 

Has anyone else seen a case like this? Are there specific or even general guidelines that an Abuse Department needs to follow in order to process a Spam?

 

I appreciate any feedback.

 

Thank you,

 

Reza Farzan