Why don’t you answer your “abuse” email?

Spam is a giant pain in the posterior. No one will argue with you on that point. With the possible exception of the spammers themselves.

For years I would have users forward me all sorts of spam emails about deals on “v1@grA” and so forth wondering if they were legitimate. While I laughed at times I was happy that the user base knew to ask the questions in the first place.

Spam and unsolicited emails in general are tiresome and costly. Think about how much it costs an organization to stop this type of traffic in the first place let alone the cost to dealing with one that makes it through to someone in the C-suite. Heaven help the Information Security team if the CEO would get an email on how to enhance their love life.

Ultimately one of the steps that an organization takes it to set up an “abuse @ organization . foo” when configuring their email system. The issue that I have with this is that these email accounts seem to have devolved into a bit bucket for all of the detritus on the internet. On more than a few occasions I have sent emails to these addresses only to receive zero reply. In at least two cases the emails bounced as the account was full.

Perfect example is that for the last few days I have been working to resolve an incident. Wearing my OpenCERT Canada hat I have been trying to contact a company where a server is hosting a phishing site. I called their main number and was shunted off to the help desk. “I’m sorry sir, you have to send an email to abuse @ nevergoingtoreply . foo”.

Fine I thought. I’d give them the benefit of the doubt.

I sent my email into the the black hole never to be heard from again. Another call to the company was no less of a time waster than the email.

My next salvo I emailed EVERY email address I could find for that company. Again, nothing.

It should not work this way. Let me draw your attention to RFC 2142:

The purpose of this memo is to aggregate and specify the basic set of   mailbox names which organizations need to support.  Most   organizations do not need to support the full set of mailbox names   defined here, since not every organization will implement the all of   the associated services.  However, if a given service is offerred,   then the associated mailbox name(es) must be supported, resulting in   delivery to a recipient appropriate for the referenced service or   role.

OK, so for the sake of this discussion I’ll draw your attention to section 4 of the RFC.

4.  NETWORK OPERATIONS MAILBOX NAMES   Operations addresses are intended to provide recourse for customers,   providers and others who are experiencing difficulties with the   organization's Internet service.   MAILBOX        AREA                USAGE   -----------    ----------------    ---------------------------   ABUSE           Customer Relations  Inappropriate public behaviour   NOC               Network Operations  Network infrastructure   SECURITY       Network Security    Security bulletins or queries

If you run any sort of site that necessitates such an address please please please monitor it for incoming email. 

I know that this is by no means applicable to every site out there. I have found it to be true for more than one site which is one too many for my liking. 

Pay attention to your abuse email account lest you suffer the wrath of a ticked off incident responder.

(Image used under CC from epSos.de)