Re: [marf] draft-jdfalk-marf-as
"John Levine" <johnl@taugh.com> Thu, 23 June 2011 19:29 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC57511E816B for <marf@ietfa.amsl.com>; Thu, 23 Jun 2011 12:29:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -111.199
X-Spam-Level:
X-Spam-Status: No, score=-111.199 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HABEAS_ACCREDITED_SOI=-4.3, RCVD_IN_BSP_TRUSTED=-4.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0LAXW1Bb2Tgi for <marf@ietfa.amsl.com>; Thu, 23 Jun 2011 12:29:52 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [64.57.183.53]) by ietfa.amsl.com (Postfix) with ESMTP id 4C80F11E80AC for <marf@ietf.org>; Thu, 23 Jun 2011 12:29:52 -0700 (PDT)
Received: (qmail 4959 invoked from network); 23 Jun 2011 19:29:51 -0000
Received: from mail1.iecc.com (64.57.183.56) by mail1.iecc.com with QMQP; 23 Jun 2011 19:29:51 -0000
Date: Thu, 23 Jun 2011 19:29:29 -0000
Message-ID: <20110623192929.13813.qmail@joyce.lan>
From: John Levine <johnl@taugh.com>
To: marf@ietf.org
In-Reply-To: <3A5386A5-348E-4F98-9DB3-4E93BB2D3100@cybernothing.org>
Organization:
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 7bit
Subject: Re: [marf] draft-jdfalk-marf-as
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2011 19:29:53 -0000
>I don't believe that there's sufficient implementation experience for >an AS on non-solicited feedback, but I could be wrong. I've been sending all of my abuse reports in ARF format for several years. I get the target addresses by a combination of looking up rDNS in abuse.net and a largish local table of IP address ranges->domains. It works reasonably well, at least as well as sending messages just pasted in as text. I used to get a lot of responses that said "we're too scared and/or incompetent to open your attachment so send it pasted in", but I haven't gotten any of those in a while. My experience, which may or may not be typical of what other people would find, is that sending reports in ARF format works fine, but figuring out where to send them is a big challenge. In particular, getting the addresses from WHOIS works poorly both because of the iffy quality of WHOIS data, and because WHOIS servers don't have the capacity to handle high volume scraping. R's, John
- [marf] draft-jdfalk-marf-as J.D. Falk
- Re: [marf] draft-jdfalk-marf-as Alessandro Vesely
- Re: [marf] draft-jdfalk-marf-as J.D. Falk
- Re: [marf] draft-jdfalk-marf-as John Levine
- Re: [marf] draft-jdfalk-marf-as J.D. Falk
- Re: [marf] draft-jdfalk-marf-as John Levine
- Re: [marf] draft-jdfalk-marf-as Barry Leiba
- [marf] Abuse reporting, was draft-jdfalk-marf-as Alessandro Vesely
- Re: [marf] Abuse reporting, was draft-jdfalk-marf… Murray S. Kucherawy
- Re: [marf] Abuse reporting, was draft-jdfalk-marf… Alessandro Vesely
- Re: [marf] Abuse reporting, was draft-jdfalk-marf… J.D. Falk