|
For email usage, abuse reporting requires cooperation between senders and receivers. That’s why RFC 5965 specified a standard format for it. However, Wikipedia lists only 18 feedback providers today. It is often said that the number of legitimate mailbox providers in the world is rather small, possibly some hundreds of thousands, but certainly more than that.
Abuse-POC, a.k.a. abuse-c or abuse-mailbox entries are the subject of ongoing developments at AfriNIC, APNIC, ARIN, LACNIC, and RIPE. It may take a while for Regional Registries to converge and complete their work. Abusix.org offers an Abuse Contact DB that can be queried via DNS, until then.
Some network providers allow clients to specify abuse-mailboxes along with other contact info, while others don’t. They don’t seem to be striving to act as the Internet police. They operate according to their commercial policies, albeit they try and comply with local laws. Thus, mailbox providers don’t always have full control on what gets published on the number databases, independently of their behavior.
On the other hand, the DNS was conceived to avoid reliance on numbers and use names instead. The advent of IPv6 may exacerbate that principle. Techniques like DKIM and SPF allow to associate a domain name to a mail message. Such techniques are mature enough to yield results that are more reliable than those supplied by rDNS, which suffers the same limitations of control as number databases. However, there is no standard way to learn whether a domain offers a feedback loop, or what is the email address to be used for (automated) abuse reports. The only hint is abuse@domain, as specified by RFC 2142, which can be deemed heuristic at best. (Contrast that with the fact that abuse-c seems to be going to be mandatory, and that providing false contact data may lead to deregistration of IP blocks, at least at some RIRs.) Abuse.net offers a name-to-abuse-mailbox functionality, but there is no prospect similar to the number case, yet.
There is an IETF working group,
the same that standardized the ARF format, that might make some decisions about standardizing such reporting-discovery functionality. However, the working group experienced a drop of participants recently, for various causes. The likelihood that it will complete its work is getting lower and lower, unless new people will want to review its drafts and post comments on its mailing list. If this is a call for participation, you have been called!
Sponsored byDNIB.com
Sponsored byIPv4.Global
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byRadix
Sponsored byVerisign