Hello Moritz,
we run such an setting since several years.
Whois records show our ripe object with abuse-ripe@...as abuse-mailbox address. This is connected to an auto-responder.
In auto-responder mail we explain what is going on and offer to write to our abuse@.... email address. This really is then distributed to the abuse team for response.
There is not much coming in this way. Some people directly go for our website our write to our office address.
Recently we received a lot of automatic fail2ban messages due to ssh abuse. The downside here is they also wrote to our provider.
But this seems to be the setting of fail2ban which checks also the network abuse record.
best regards
Dirk
On 13.09.2017 15:49, Moritz Bartl wrote:
Hi!
tl;dr: We're thinking about introducing an auto responder to abuse mail which then requires clicking a link or replying to the mail again before the complaint actually reaches a human. What do you think? Can you help us set this up?
So far, we do not have any auto responder for abuse mails. I always thought it was important to be friendly and get back to everyone individually, even if at the core we're reusing mail templates. There is a difference if a human gets back to you within a few hours, or you immediately get clearly a auto-sent something that basically tells you there's not much that can be done.
But actually, most of what we're seeing is automated notification mail, and lately we also see more and more spam that survives the spamassassin. An ideal system would track used addresses, and only send an auto-response from our end once per sender every few months.
We have very limited resources for abuse management, and it would be great to filter out the noise better than we currently do.
Did anyone set up an infrastructure like that before? How would you do it?
Also, if you just want to help with our abuse management, let me know! We can always use one or two more hands, it's fun, and it teaches you a lot about Tor exit operation.