[nsp-sec] Attention Google -> New job alert: Specialist /Senior Specialist (Transactions Group, part-time) (fwd)

Tue Jul 22 11:03:00 EDT 2008

On Mon, Jul 21, 2008 Peter Moody wrote

>abuse at gmail.com will get you to the same people, but you 
>probably won't get charming responses back and I don't know 
>what threshold they have for shutting down accounts due to 
>reports to that alias.

First off, I intimately understand the challenges of abuse desks so
don't take my comments negatively and I'm not even particularly talking
about Google/Gmail here. That said, the challenge with abuse at gmail.com,
abuse at hotmail.com, etc is that it's a blackhole of sorts, sure I get an
auto-ack but that doesn't tell me anything more then my email arrived
and when our customers are spearphished and our call centre is screaming
my management wants something more then a note that I got an auto-ack
back. They want some type of assurance that the dropbox is killed and
killed quickly and auto-acks just don't convey that type of assurance
and, sometimes, that leads to discussions about why they allocate a
portion of my salary to building relationships, participating in groups
such as this, etc...it's all ROI in the end.

>so, feel free to send there too if you want, but i'm also 
>checking to see if there's something else that can be done 
>which will get the accounts shutdown as quickly w/o as much overhead.

While the CYRMU solution Joel suggested sounds cool I can see a bunch of
lawyers getting up in arms about that and it taking a while to get going
so back to my original suggestion - I'm just asking for an alternate
abuse2@ type address that is known to a smaller, hopefully more clueful,
subsection of the internet like NSP people for reports. Your abuse desk
just prioritizes their daily tasks to eyeball abuse2@ at first and give
it more of a clue/trust weighting then the reports to regular abuse@
address, maybe more personal responses and no auto-ack. Sure there's all
kinds of opportunities for this to be overrun by the public but that's
why I suggest something within the realm of NSP seeing as we've been
able to contain the public disclosure aspects of our communications.

Of course maybe I'm asking for a solution to a problem that doesn't
exist, if everyone doesn't have a problem with these requests coming to
nsp I can simply follow suit, it's just that right now I personally feel
that I'm raising the noise level by forwarding them here.

Krista

>Cheers,
>-pm
>
>On Mon, Jul 21, 2008 at 12:23 PM, Krista Hickey 
><Krista.Hickey at cogeco.com> wrote:
>> ----------- nsp-security Confidential --------
>>
>> Is there a better way for us to report these dropboxes for quick axe 
>> then bugging you folks often? I have multiple dropboxes per week (so 
>> far today loanoffers002 at gmail.com should get an eyeball) but 
>am loathe 
>> to clog up nsp-sec with all of them. I like the fact that I KNOW you 
>> guys are doing something when I report it so I can give my 
>management 
>> the "all clear" thumbs up versus reporting into the blackhole of 
>> abuse@ but, again, I'm not sure I agree flooding lists or individual 
>> mailboxes with it.
>>
>> We've been talking with some other free email providers 
>about setting 
>> up a clueful/ISP reporting address for these things so they 
>don't sit 
>> in a mailbox with the rest of the internet's reports...any 
>thoughts on 
>> maybe doing that for NSPers? Basically it's an abuse 
>reporting mailbox 
>> where you're relatively sure clue level is above average.
>>
>> Krista
>> 7992
>> 

Do you really need to print this email? Help preserve our environment! Devez-vous vraiment imprimer ce courriel? Pensons a l'environnement!
__________________________________________________________

The information in this message, including in all attachments, is confidential or privileged. In the event you have received this message in error and are not the intended recipient, you are hereby advised that any use, copying or reproduction of this document is strictly forbidden. Please notify immediately the sender of this error and destroy this message, including its attachments, as the case may be.

L'information apparaissant dans ce message electronique et dans les documents qui y sont joints est de nature confidentielle ou privilegiee. Si ce message vous est parvenu par erreur et que vous n'en etes pas le destinataire vise, vous etes par les presentes avises que toute utilisation, copie ou distribution de ce message est strictement interdite. Vous etes donc prie d'en informer immediatement l'expediteur et de detruire ce message, ainsi que les documents qui y sont joints, le cas echeant.

__________________________________________________________