Dealing with abuse - guidelines?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm receiving about 2000 messages per hour, which are bounces of viruses
sent with my email address as a fake return address. I've identified the
machine responsible, and contacted the ISP (a major UK ISP). Here's what
they say:

"...I've contacted the user about this (we do need to give them a warning
first of all instead of blocking their mail straight away, and give them
some time to clear their machines). However, if the problem is still ongoing
tomorrow morning, we will take action."

My question: is this best practice? When I had a similar problem a month or
so ago, the ISP blocked the machine immediately, then sorted the problem
with the user. That makes better sense to me (of course). But are there any
guidelines as to what is appropriate?


Re: Dealing with abuse - guidelines?

Quoted text here. Click to load it

Every ISP is different and handles it in different ways. I know of one
ISP that had a group-home with a NAT and there were about 6 machines
infected with a virus that had it's own SMTP engine - it was sending 1
email every 4 seconds from each machine (I could watch it). They gave
them a weekend to fix it (only took about 20 minutes to fix it once I
got there). Road Runner will actually send postal mail letters (in some
areas) and wait for a reply :)

(Remove 999 to reply to me)

Site Timeline