What Makes A “Good” Abuse Report?

It's only fair to share...Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

Censored Internet Concept - Cable With Chain And Padlock

We love the internet. We really do. But as we’ve touched on more than once in the past, there is an underside which is far from pleasant. And as a service provider we have no interest in enabling cybercrime or assisting actively (or passively) with serious crimes.

However, we also are very conscious of the power of the internet for good. As a medium of expression that has enabled millions of people and organisations to spread their voice much further than would have been possible prior to the advent of the ‘net, it is a precious thing.

What does this mean when we talk about “abuse” and more specifically, submitting “good” abuse reports?

At a high level it’s an important to note that we as a service provider cannot be expected to be the “internet police”.

If you have an issue with someone please resolve it with them. Don’t expect us to act as your arbiter. And please don’t accuse us of committing crimes, infringing on your rights etc., etc., unless you are 100% confident that we as a company actually have. Seriously. Our clients might have done something wrong, but if you want us to help you address the issue accusing us of their alleged infringements won’t win you any friends.

Having said that, we do take our responsibilities as a service provider seriously. It’s not in our interest for our company to be seen as a haven for “bad actors”, malware or spammers. (Check our AUP – we have no patience with any of this kind of rubbish!).

We host a lot of businesses from across the globe (130 countries and counting) and it’s important for us that our network is kept as clean as possible.

Is our network always going to be “squeaky clean”?

Of course not.

Sometimes people will manage to signup for our services who are only interested in abusing our servers and our network. However we do our best to disable such accounts as quickly as possible.

Another thing that people need to be aware of is that a LOT of the network abuse that we see is due to compromised websites. Most of the time the website owner is completely unaware that their site has been (ab)used by a spammer to spew thousands of emails (or worse) onto the ‘net.

As an ICANN accredited registrar we have certain responsibilities under the 2013 RAA.

Let’s look at the “abuse” section carefully:

3.18 Registrar’s Abuse Contact and Duty to Investigate Reports of Abuse.

3.18.1 Registrar shall maintain an abuse contact to receive reports of abuse involving Registered Names sponsored by Registrar, including reports of Illegal Activity. Registrar shall publish an email address to receive such reports on the home page of Registrar’s website (or in another standardized place that may be designated by ICANN from time to time). Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.

3.18.2 Registrar shall establish and maintain a dedicated abuse point of contact, including a dedicated email address and telephone number that is monitored 24 hours a day, seven days a week, to receive reports of Illegal Activity by law enforcement, consumer protection, quasi-governmental or other similar authorities designated from time to time by the national or territorial government of the jurisdiction in which the Registrar is established or maintains a physical office. Well-founded reports of Illegal Activity submitted to these contacts must be reviewed within 24 hours by an individual who is empowered by Registrar to take necessary and appropriate actions in response to the report. In responding to any such reports, Registrar will not be required to take any action in contravention of applicable law.

3.18.3 Registrar shall publish on its website a description of its procedures for the receipt, handling, and tracking of abuse reports. Registrar shall document its receipt of and response to all such reports. Registrar shall maintain the records related to such reports for the shorter of two (2) years or the longest period permitted by applicable law, and during such period, shall provide such records to ICANN upon reasonable notice.

There are three parts to this section of the contract.

At a high level we need to maintain an abuse contact and people need to be able to find it. We link to it from every single page of our website. (It’s also published our whois output for domain names, as well as in the RIPE abuse-c contact for all IP addresses on our own network.)

We’ve been members of the ISP Association of Ireland for years and through our membership there we do two things:

  1. Support the Hotline
  2. Provide a contact to Irish law enforcement

 

Since signing the 2013 contract with ICANN we now have a duty to investigate and respond to all complaints about domains registered via us.

But here’s the thing.

Unless we host the domain name’s services ie. the website (if there is one) or the email, we don’t have much leeway when it comes to taking action or really investigating anything. We have, essentially, a “nuclear option”. We can pull the domain entirely.

And we don’t want to be forced to do that.

So let’s look a bit more closely at what a “good” abuse report would be.

What should it include?

(and this list is not exhaustive)

  • the domain name (if there is one – with network abuse there often won’t be)
  • the type of alleged abuse. Is it spam? Malware? There is a long list of possible “abuses”, simply saying that there’s an “issue” isn’t helpful
  • a link to the alleged abuse – if, for example, a website is hosting a phishing site targeting a financial institution it’s easy for us to see what it is and take action. Conversely speaking if you simply report an entire domain name to us we’re going to have to ask for an example URL, so submitting it upfront helps us to help you
  • your contact details – sorry, but if you want us to take your report seriously we need to know who you are
  • If your complaint is in relation to content then we need you to show proof that you’ve attempted to contact the website operator

DO NOT include pages of legal mumbo jumbo. If you feel obliged to include it please put it *after* the actionable parts of your report. We don’t really care about Bank X’s trademarks and “good name”, but we will happily work with you to take a phishing attack offline. Just don’t make us wade through pages of legal rubbish before we can get to the bits we all care about.

Please don’t submit multiple reports about the same issue. While in an ideal world our staff would be able to address abuse reports within a couple of hours in reality it can take time. You will get an answer.

Essentially the more detail you give us about the alleged abuse the faster we’ll be able to respond.

I emphasise “respond” intentionally.

A response might be that we have or are in the process of taking action.

However our response might also be to tell you to contact someone else. If, for example, we do not host the site or service we’d probably ask you to speak to the hosting provider who does. They’ll be in a much better position to help you than we will.

Sometimes a complaint can take longer to address as we might not have direct access to the affected resource eg. it could be a dedicated server or collocated machine.

As I already stated, we are not the “internet police” and we have no interest in embroiling ourselves in disputes between two 3rd parties. Put another way, if you’ve got a problem with X then you need to resolve it with them. Expecting us to do it for you isn’t reasonable.

Will we act on court orders?

If you get one from an Irish court, then yes.

But if you expect us to act on court orders from other jurisdictions then we’ll have to ask you to get one from an Irish court. Sorry. We are an Irish company and are subject to Irish law.

What about DMCA?

Sorry, but DMCA is an American legal instrument. It is not binding on us in Ireland. In fact we could be exposing ourselves to legal issues with our clients were we to follow the DMCA at the moment, as we do not have any of the protection it offers.

What if the content is illegal?

Report it to law enforcement. If they contact us we’ll be happy to act appropriately.

What about child abuse material?

Report it to the Hotline. That’s what they do and they do it very well.

Got any feedback? Please leave a comment below.

It's only fair to share...Share on Facebook0Share on Google+0Tweet about this on TwitterShare on LinkedIn0

, , , , , ,

Comments are closed.