Know what you’re promising, and keep your promises
Although we can’t always provide a personal response to your complaint, we do investigate all reports. Please don’t interpret a lack of response as a lack of action taken. If we find that a customer is violating our policies, we will take make sure they stop the violating activity.
That’s the response I had when I reported a particularly annoying spammer to a major ISP this afternoon. It’s also the response I had from them when I reported the same spammer, on the same IP address last week. And in June. And … well, you get the idea.
Either they don’t consider spamming from their network to be a violation of their policies, or they’re months behind on handling abuse issues, or the boilerplate response they’re sending isn’t entirely true.
That gives, if anything, a worse impression than not responding at all. It’s something that’s going to make me remember that ISP, and that they have an ineffective abuse desk. At best I’ll advise against people using their service for business use, due to deliverability concerns, and throw stale bread rolls at their representatives at the next MAAWG. At worst I’ll gather data to justify a blacklist for their space, which is something that can really ruin their stats.
I’m sure that they don’t actually have a “spamming from our business network is fine” policy, and that their abuse staff are just overworked and spending most of their time fighting the biggest fires. But I’m also fairly sure that their abuse staff don’t know what’s in their boilerplate response, or haven’t taken to heart the promise they’re making in response to every report. (It’s been in use pretty much unchanged for over a decade, probably longer than any of their abuse staff have been in that position.)
What are you promising to people who report spam? Are you keeping your promise?