Home / Blogs

Abuse Reporting: Names vs Numbers

For email usage, abuse reporting requires cooperation between senders and receivers. That’s why RFC 5965 specified a standard format for it. However, Wikipedia lists only 18 feedback providers today. It is often said that the number of legitimate mailbox providers in the world is rather small, possibly some hundreds of thousands, but certainly more than that.

Abuse-POC, a.k.a. abuse-c or abuse-mailbox entries are the subject of ongoing developments at AfriNIC, APNIC, ARIN, LACNIC, and RIPE. It may take a while for Regional Registries to converge and complete their work. Abusix.org offers an Abuse Contact DB that can be queried via DNS, until then.

Some network providers allow clients to specify abuse-mailboxes along with other contact info, while others don’t. They don’t seem to be striving to act as the Internet police. They operate according to their commercial policies, albeit they try and comply with local laws. Thus, mailbox providers don’t always have full control on what gets published on the number databases, independently of their behavior.

On the other hand, the DNS was conceived to avoid reliance on numbers and use names instead. The advent of IPv6 may exacerbate that principle. Techniques like DKIM and SPF allow to associate a domain name to a mail message. Such techniques are mature enough to yield results that are more reliable than those supplied by rDNS, which suffers the same limitations of control as number databases. However, there is no standard way to learn whether a domain offers a feedback loop, or what is the email address to be used for (automated) abuse reports. The only hint is abuse@domain, as specified by RFC 2142, which can be deemed heuristic at best. (Contrast that with the fact that abuse-c seems to be going to be mandatory, and that providing false contact data may lead to deregistration of IP blocks, at least at some RIRs.) Abuse.net offers a name-to-abuse-mailbox functionality, but there is no prospect similar to the number case, yet.

There is an IETF working group,

Messaging Abuse Reporting Format (marf)

the same that standardized the ARF format, that might make some decisions about standardizing such reporting-discovery functionality. However, the working group experienced a drop of participants recently, for various causes. The likelihood that it will complete its work is getting lower and lower, unless new people will want to review its drafts and post comments on its mailing list. If this is a call for participation, you have been called!

By Alessandro Vesely, Tiny ISP and freelance programmer

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC


Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global