Do you have an abuse@ address?

D

I’ve mentioned multiple times before that I really don’t like using personal contacts until and unless the published or official channels fail. I don’t hold this opinion just about resolving delivery issues, but also use official channels when reporting spam to one of my addresses or spam traps.
My usual complaints contain a plain text copy of the mail, including full headers and a short summary of the email address it was sent to. “This is an address that was part of a leak from…” or “This is an address scraped off my website. It’s been removed from the website since 2004” or “This address isn’t used to sign up for any mail.”
Sadly, there are a number of “legitimate” ESPs that don’t have or don’t monitor their abuse address. In some cases it’s an oversight or a break down of internal mail handling. But in most cases, it’s a sign that the ESP doesn’t actually handle abuse.
It’s frustrating to watch an ESP post long blog posts about “best practices” and “effective delivery” and “not spamming” and yet not be able to actually stop their own customers from spamming. It’s not even that I necessarily want them to disconnect their spamming customers (although that would be nice) but suppressing the address that I’ve told them was a spamtrap seems trivial. And yet, a month after my first complaint and weeks after escalating to a personal contact, I’m still getting spam.
The 5 things every ESP should do to handle spam complaints.

  1. Create an abuse address for mail domains. This includes abuse@corporate domain, abuse@ MTA domains, abuse@ return path domain. If it’s in the headers and it accepts mail, it should have an abuse@ address. 
  2. Confirm the abuse@ addresses get to the correct team. I’ve talked with some ESP reps who just have no idea where abuse@ one or more of their domains go. In some cases, they just get lost inside the company.
  3. Customize filters on the abuse@ addresses so reports of spam don’t get bounced with “blocked for spam.” Yes, I know it’s spam, it came from that network and I’m telling you. Telling me it’s spam is not a surprise. Not accepting the spam back, though, is just rude.
  4. Suppress the addresses of people who complain. Even if the customer isn’t disconnected, there is no reason to keep spamming someone who has sent in a complaint.
  5. Pay attention to people who actually tell you the addresses are spamtraps. Put those traps in upload and send filters. I am pretty open about a number of my traps here on the blog and on some mailing lists. When I get spam from companies that I know have reps on those lists, I just think the companies don’t care that their customers spam.

Handling complaints about abuse or spam from a network is part of being a good service provider. Don’t leave the handling to chance, actually test abuse@ addresses. Feedback loops are great and all, but a number of us still send hand crafted abuse complaints because we think a company will act on them. When the company consistently ignores complaints and lets customers continue to spam they eventually turn into just another spam supporter.

About the author

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By laura

Recent Posts

Archives

Follow Us