Re: Survey on IP Address Abuse Reporting Practices and Managements

[Harry Hoffman via NANOG <nanog () lists nanog org>]

Adding onto Randy's comment as every higher-ed I've worked for has had
research space that's does active probing. Part of dealing with that is the
security team will respond to any emails to the abuse contacts.

Additionally, I think it would be interesting to include from the
perspective of the reporters. We have automated reporting in place for
phishing urls where we let the operator of that space know what's going on.
We've got some really good responses from folks like Gandi, who are
extremely proactive in taking these complaints seriously.

Cheers,
Harry

On Fri, Apr 24, 2026 at 12:22 PM Randy Bush via NANOG <nanog () lists nanog org>
wrote:

> > The entire industry can tell you that the signal to nose ratio of most
> > abuse reporting mailboxes is heavily skewed towards noise. If an
> > operator has an abuse email anywhere, it will be run over with
> > complaints from users who saw one of their IPs in a spam message
> > header, or who saw something logged in their home router/firewall logs
> > and WANTS YOU TO MAKE THESE ATTACKS STOP IMMEDIATELY.
>
> not our experience.  we have non-trivial research space, some of which
> does active probing, nothing hostile.  we get a message or two a month.
> and we respond.  tiny compared to the general level of spam and of the
> folk skimming whois data for email addys to try to sell or buy ipv4
> space.
>
> as your experience is so unlike ours, should we suspect there is a
> skewed distribution?  perhaps this research project will tell us.
>
> randy
> _______________________________________________
> NANOG mailing list
>
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VSMWWXSI2Y2W5KCJAKZCR2W7MZHU7NCR/
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/PMAPJTYVDHWJU5QNM467FJKAXDCNCL74/