Are you an abuse desk operator? Ever suffered the wrath of NANAE when you didn't shut down a spammer the very second they notified you of the presence of the spammer?
Well I've seen it over and over again, and I thought this post to SPAM-L from Gary S Callison really summed up my feelings on it:
> As to UUNET, what do you consider to be an acceptable amount of time > between their receiving an abuse complaint and the spammer being > terminated? I'm not asking how many fingers are in the pie, or why the > delay is as long as it is, I'm asking what *YOU* consider to be > acceptable. If your answer is measured in days or weeks rather than > hours then what we have is a failure to communicate.
Shmuel: You (and anyone else who thinks this) really need some experience working at even a mid-tier ISP - say one with a couple hundred thousand to half a million users or so. You will spend a few months dealing with a queue depth that hovers around a week or so, and then you'll either see reason or get fired for trying to cowboy every incident and being too draconian in a misguided attempt to close tickets faster. Incidents require investigation, from the dialup luser whose roommate is spamming while he's off at work, to the chucklehead who has Klez but knows he's okay because he runs the "Klez Removal Tool" (i.e: Elkern.D) every day, to the OC-3 sold to a reseller sold to a webhosting firm who host a website registered to Johnathan Cosie that has never actually sent any spam or hosted any webpages referenced in any spam. All of those investigations take time. How much time? I dunno. Minutes or hours.
Now suppose you get a thousand incident reports a day, referencing a few score distinct incidents. You sift through all of that crap (takes time) to aggregate into the incidents, then you have a couple dozen incidents that each take 'minutes or hours'. You have (just suppose) a really well-staffed abuse desk for a smaller provider: five people. You triage out 'easy to close' and give those to the new guy, which removes all of the 'minutes' and knocks your queue down by half. Now, assume one of your people did all of the ticket-aggregating in half a day. You have 3-1/2 man-days at this point to close a dozen or two tickets on a scale of 'hours' apiece. Are you going to tread water and never get your queue backlog down? Yes, if you're lucky. So your response time is going to stay at a week - unless you get something really tricky like a whackamole using stolen accounts, a rooted box with a proxy or relay they can open and close at will, a compromised router that the bad guys can put stolen routes on, or something like that. Then you're going to get even further behind.
Meanwhile, in n.a.n-a.e, the torch-bearing mob will be chanting for your head on a pike. "Takes 'em a week to close a fucking dropbox, pieces of shit." Never mind that the dropbox is hosted on a lights-out- administration webhost which is hosted on a reseller and both of those only have one guy doing abuse part-time. You're there, you've seen the ticket, you've told them to fix their shit, it's not your fault, and the loudmouthed pricks in n.a.n-a.e are calling for YOUR head? Fuck 'em. They don't have a clue what the hell is going on; you do. Right?
I don't know what the collective wisdom of n.a.n-a.e aggregates to an idea of "how long should it take for a provider to resolve an issue", but if that answer is hours, rather than days or weeks, people who believe that have a failure to understand the magnitude of the issues involved. And responding to reality with "Well, they should just hire more people then!" will get you a "Thank you, Captain Obvious" from anyone working at any of those overworked understaffed abuse desks. They're doing the best they can, and if that takes days or weeks rather than hours, deal with it.
Re:Spam & UnumProvident
pudge on 2003-02-22T17:04:50
This practice is not entirely rare, and often not as bad as it sounds; the idea is (often) that if the claim is legitimate, the claimant will re-file, or appeal, or whatever. I am not saying it is a good thing that they do it... but usually, the people who have legitimate claims do get them covered. I don't know if that is the case with UnumProvident or not.
Re:Spam & UnumProvident
inkdroid on 2003-02-22T18:20:31
Unfortunately, UnumProvident had targets to cut claims which didn't correspond to the amount of illigetimate claims...so the predictable result was that legitimate claims were denied. I can see your point though regarding spam: legit mailers would notice that they have been shut down and present evidence that they are not spamming...while the real spammers would guiltily accept the verdict with no questions asked.Re:Spam & UnumProvident
inkdroid on 2003-04-04T16:34:41
Yeah, I was just reminded of this recently while building a new computer. The board from ASUS seemed to have a faulty disk controller that could write but not read. I RMA'd it to ASUS, and two weeks later got a new board. Only problem was it wasn't new. I had nicked one of the memory clamps by accident, and sure enough the board they sent back had the same marking. I tried it just to see if it work, and of course it didn't. I called them up, and they claimed it was a new board with a new serial #. Sure enough, a new serial number, but there is no way that it could have been a new board unless they purposefully broke the clamp on the new one. Anyway, I RMA'd it AGAIN, and after two weeks got another board. This was had an intact memory clamp, and I plugged it all in and it worked. I feel great that it is working, but I am convinced that they just sent the board back figuring they'd save more money by just returning it the first time, and see if I was really persistant. Bloody annoying.
